On Wed, Mar 22, 2017 at 2:05 PM, Simon Glass <s...@chromium.org> wrote: > On 20 March 2017 at 03:28, Mario Six <mario....@gdsys.cc> wrote: >> If we want to load a key into a TPM, we need to know the designated parent >> key's handle, so that the TPM is able to insert the key at the correct place >> in >> the key hierarchy. >> >> However, if we want to load a key whose designated parent key we also >> previously loaded ourselves, we first need to memorize this parent key's >> handle >> (since the handles for the key are chosen at random when they are inserted >> into >> the TPM). If we are, however, unable to do so, for example if the parent key >> is >> loaded into the TPM during production, and its child key during the actual >> boot, we must find a different mechanism to identify the parent key. >> >> To solve this problem, we add a function that allows U-Boot to load a key >> into >> the TPM using their designated parent key's SHA1 hash, and the corresponding >> auth data. >> >> Signed-off-by: Mario Six <mario....@gdsys.cc> >> --- >> cmd/tpm.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ >> drivers/tpm/Kconfig | 8 ++++++++ >> include/tpm.h | 12 ++++++++++++ >> lib/tpm.c | 40 ++++++++++++++++++++++++++++++++++++++++ >> 4 files changed, 109 insertions(+) > > Reviewed-by: Simon Glass <s...@chromium.org> > > Perhaps you don't need a new Kconfig option? Is that to save code space? > >
Yes, it's primarily to save code space. I haven't really investigated how much this option does impact the overall size, but since every recent addition to the TPM library was guarded with a new Kconfig option, I thought it was prudent to emulate that. If you think it's overkill, I can drop the option, and just have it compiled in by default. Thanks, and best regards, Mario _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot