[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YwYR/rzvrkvgZzBm@farprobe>
Date: Wed, 24 Aug 2022 07:56:46 -0400
From: Ben Boeckel <me@...boeckel.net>
To: Evan Green <evgreen@...omium.org>
Cc: linux-kernel@...r.kernel.org, gwendal@...omium.org,
Eric Biggers <ebiggers@...nel.org>,
Matthew Garrett <mgarrett@...ora.tech>, jarkko@...nel.org,
zohar@...ux.ibm.com, linux-integrity@...r.kernel.org,
Pavel Machek <pavel@....cz>, apronin@...omium.org,
dlunev@...gle.com, rjw@...ysocki.net, linux-pm@...r.kernel.org,
corbet@....net, jejb@...ux.ibm.com,
Matthew Garrett <matthewgarrett@...gle.com>,
Matthew Garrett <mjg59@...gle.com>,
David Howells <dhowells@...hat.com>,
James Morris <jmorris@...ei.org>,
Paul Moore <paul@...l-moore.com>,
"Serge E. Hallyn" <serge@...lyn.com>, keyrings@...r.kernel.org,
linux-doc@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR
values in creation data
On Tue, Aug 23, 2022 at 15:25:20 -0700, Evan Green wrote:
> diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
> index 0bfb4c33974890..dc9e11bb4824da 100644
> --- a/Documentation/security/keys/trusted-encrypted.rst
> +++ b/Documentation/security/keys/trusted-encrypted.rst
> @@ -199,6 +199,10 @@ Usage::
> policyhandle= handle to an authorization policy session that defines the
> same policy and with the same hash algorithm as was used to
> seal the key.
> + creationpcrs= hex integer representing the set of PCR values to be
> + included in the PCR creation data. The bit corresponding
> + to each PCR should be 1 to be included, 0 to be ignored.
> + TPM2 only.
There's inconsistent whitespace here. Given the context, I suspect the
tabs should be expanded to spaces.
As for the docs themselves, this might preferrably mention how large
this is supposed to be. It seems to be limited to 32bits by the code.
What happens if fewer are provided? More? Will there always be at most
32 PCR values? Also, how are the bits interpreted? I presume bit 0 is
for PCR value 0?
Thanks for including docs.
Thanks,
--Ben
Powered by blists - more mailing lists