lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Mar 2014 17:14:35 +0000 From: David Howells <dhowells@...hat.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: dhowells@...hat.com, torvalds@...ux-foundation.org, dmitry.kasatkin@...il.com, keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, David Safford <safford@...ibm.com> Subject: Re: RFC: 'ioctl' for keyrings Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote: > > As I understand the code, I think operations being performed from ->update() > > are: > > > > (a) Resealing a key with a new pcrs (trusted). > > > > (b) Changing the master key (encrypted). > > > > Mimi, Dmitry: is this list right? > > In addition to resealing trusted keys to a new TPM PCR value, there are > a few other options that can be modified (eg. keyauth, blobauth, > pcrlock). Encrypted keys can be encrypted/decrypted with a new master > key (trusted or user key type). Can (re)sealing a key be viewed as encrypting it? Is the difference between sealing a key and encrypting a key the use of hardware support? David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists