| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Oct 2015 11:53:59 +0300 From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> To: tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org Cc: peterhuewe@....de, gregkh@...uxfoundation.org, jgunthorpe@...idianresearch.com, "open list:KEYS-TRUSTED" <keyrings@...r.kernel.org>, "open list:KEYS-TRUSTED" <linux-security-module@...r.kernel.org>, kevin.strasser@...el.com Subject: Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0 On Tue, Oct 13, 2015 at 11:11:21AM +0300, Jarkko Sakkinen wrote: > Basic trusted keys support: auth value and SHA256. > > v2: > > * Removed all the changes that modify the existing functions to use > the new struct tpm_buf. These changes should be done separately from > this patch set as they require separate QA + review. > * 'keyhandle=' is now required for TPM2. Makes sense to always state > the sealing key because there's no any fixed keys on the chip (thanks > to Andreas Fuchs for this comment). > * I updated tpm_buf to a be heap based structure. Now there's one full > page of memory for variable sized messages. Also the stack is greatly > reduced. The basic test that I did was: ID=$(keyctl add trusted kmk "new 32 keyhandle=0x80000000" @u) keyctl pipe $ID > blob.hex keyctl clear @u keyctl add trusted kmk "load `cat blob.hex` keyhandle=0x80000000" @u keyctl clear @u I also checked that the code fails with -EINVAL when keyhandle is not given. For generating a sealing key I used tpm2-root-key script from https://github.com/jsakkine/linux-tpm2 I think the code is in the shape that it is ready to be pulled but some tested-by's are needed. > Jarkko Sakkinen (4): > tpm: introduce tpm_buf > keys, trusted: move struct trusted_key_options to trusted-type.h > tpm: seal/unseal for TPM 2.0 > keys, trusted: seal/unseal with TPM 2.0 chips > > drivers/char/tpm/tpm-interface.c | 76 ++++++++++++ > drivers/char/tpm/tpm.h | 110 +++++++++++++++++ > drivers/char/tpm/tpm2-cmd.c | 250 ++++++++++++++++++++++++++++++++++++++- > include/keys/trusted-type.h | 14 ++- > include/linux/tpm.h | 26 ++++ > security/keys/trusted.c | 36 +++++- > security/keys/trusted.h | 11 -- > 7 files changed, 507 insertions(+), 16 deletions(-) > > -- > 2.5.0 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists