[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-keyrings
Subject: Re: [PATCH 0/4] Trusted Key policy for TPM 2.0
From: Jarkko Sakkinen <jarkko () kernel ! org>
Date: 2021-05-22 22:45:04
Message-ID: YKmJcJWHZj7sLidd () kernel ! org
[Download RAW message or body]
On Fri, May 21, 2021 at 02:48:55PM +0100, David Woodhouse wrote:
> On Thu, 2021-05-20 at 17:43 -0700, James Bottomley wrote:
> > Now that the ASN.1 representation of trusted keys is upstream we can
> > add policy to the keys as a sequence of policy statements meaning the
> > kernel can now construct and use the policy session rather than the
> > user having to do it and pass the session down to the kernel. This
> > makes TPM 2.0 keys with policy much easier.
> >
> > The format of the policy statements is compatible with the
> > openssl_tpm2_engine policy implementation:
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/
> >
> > And the seal_tpm2_data command in the above can be used to create
> > sealed keys (including with policy statements) for the kernel.
>
> I'd love to see that format properly defined and documented instead of
> just a reference to another implementation.
A valid point. How can we know that this is good for "everyone"?
Also, one major thing that this patch set is kselftest's. It's too
obnoxious to copy-paste examples from commit messages, and also
does not really create a good platform to discuss any possible
issues that these patches might have.
/Jarkko
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic