lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YwYR/rzvrkvgZzBm@farprobe>
Date:   Wed, 24 Aug 2022 07:56:46 -0400
From:   Ben Boeckel <me@...boeckel.net>
To:     Evan Green <evgreen@...omium.org>
Cc:     linux-kernel@...r.kernel.org, gwendal@...omium.org,
        Eric Biggers <ebiggers@...nel.org>,
        Matthew Garrett <mgarrett@...ora.tech>, jarkko@...nel.org,
        zohar@...ux.ibm.com, linux-integrity@...r.kernel.org,
        Pavel Machek <pavel@....cz>, apronin@...omium.org,
        dlunev@...gle.com, rjw@...ysocki.net, linux-pm@...r.kernel.org,
        corbet@....net, jejb@...ux.ibm.com,
        Matthew Garrett <matthewgarrett@...gle.com>,
        Matthew Garrett <mjg59@...gle.com>,
        David Howells <dhowells@...hat.com>,
        James Morris <jmorris@...ei.org>,
        Paul Moore <paul@...l-moore.com>,
        "Serge E. Hallyn" <serge@...lyn.com>, keyrings@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR
 values in creation data

On Tue, Aug 23, 2022 at 15:25:20 -0700, Evan Green wrote:
> diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
> index 0bfb4c33974890..dc9e11bb4824da 100644
> --- a/Documentation/security/keys/trusted-encrypted.rst
> +++ b/Documentation/security/keys/trusted-encrypted.rst
> @@ -199,6 +199,10 @@ Usage::
>         policyhandle= handle to an authorization policy session that defines the
>                       same policy and with the same hash algorithm as was used to
>                       seal the key.
> +       creationpcrs= hex integer representing the set of PCR values to be
> +                     included in the PCR creation data. The bit corresponding
> +		     to each PCR should be 1 to be included, 0 to be ignored.
> +		     TPM2 only.

There's inconsistent whitespace here. Given the context, I suspect the
tabs should be expanded to spaces.

As for the docs themselves, this might preferrably mention how large
this is supposed to be. It seems to be limited to 32bits by the code.
What happens if fewer are provided? More? Will there always be at most
32 PCR values? Also, how are the bits interpreted? I presume bit 0 is
for PCR value 0?

Thanks for including docs.

Thanks,

--Ben

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ