lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Aug 2019 19:54:00 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Sumit Garg <sumit.garg@...aro.org>
Cc:     keyrings@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-crypto@...r.kernel.org,
        linux-security-module@...r.kernel.org, dhowells@...hat.com,
        herbert@...dor.apana.org.au, davem@...emloft.net,
        peterhuewe@....de, jgg@...pe.ca, jejb@...ux.ibm.com, arnd@...db.de,
        gregkh@...uxfoundation.org, zohar@...ux.ibm.com, jmorris@...ei.org,
        serge@...lyn.com, casey@...aufler-ca.com,
        ard.biesheuvel@...aro.org, daniel.thompson@...aro.org,
        linux-kernel@...r.kernel.org, tee-dev@...ts.linaro.org
Subject: Re: [RFC/RFT v4 0/5] Add generic trusted keys framework/subsystem

On Tue, Aug 13, 2019 at 01:22:59PM +0530, Sumit Garg wrote:
> This patch-set is an outcome of discussion here [1]. It has evolved very
> much since v1 to create, consolidate and generalize trusted keys
> subsystem.
> 
> This framework has been tested with trusted keys support provided via TEE
> but I wasn't able to test it with a TPM device as I don't possess one. It
> would be really helpful if others could test this patch-set using a TPM
> device.

I think 1/5-4/5 make up a non-RFC patch set that needs to reviewed,
tested and merged as a separate entity.

On the other hand 5/5 cannot be merged even if I fully agreed on
the code change as without TEE patch it does not add any value for
Linux.

To straighten up thing I would suggest that the next patch set
version would only consists of the first four patches and we meld
them to the shape so that we can land them to the mainline. Then
it should be way more easier to concentrate the actual problem you
are trying to resolve.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ