| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1394819594.2657.6.camel@dhcp-9-2-203-236.watson.ibm.com> Date: Fri, 14 Mar 2014 13:53:14 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: David Howells <dhowells@...hat.com> Cc: torvalds@...ux-foundation.org, dmitry.kasatkin@...il.com, keyrings@...ux-nfs.org, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, David Safford <safford@...ibm.com> Subject: Re: RFC: 'ioctl' for keyrings On Fri, 2014-03-14 at 17:14 +0000, David Howells wrote: > Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote: > > > > As I understand the code, I think operations being performed from ->update() > > > are: > > > > > > (a) Resealing a key with a new pcrs (trusted). > > > > > > (b) Changing the master key (encrypted). > > > > > > Mimi, Dmitry: is this list right? > > > > In addition to resealing trusted keys to a new TPM PCR value, there are > > a few other options that can be modified (eg. keyauth, blobauth, > > pcrlock). Encrypted keys can be encrypted/decrypted with a new master > > key (trusted or user key type). > > Can (re)sealing a key be viewed as encrypting it? Is the difference between > sealing a key and encrypting a key the use of hardware support? Yes, 'resealing/sealing' is TPM terminology for encrypting/decrypting. The sealing is RSA encryption by a TPM chip, which can only be decrypted by the same chip. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists