lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aNQpvQBV43dhS6ad@kernel.org>
Date: Wed, 24 Sep 2025 20:26:21 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Jonathan McDowell <noodles@...th.li>
Cc: linux-integrity@...r.kernel.org,
	Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
	Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
	David Howells <dhowells@...hat.com>,
	Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	James Bottomley <James.Bottomley@...senpartnership.com>,
	Mimi Zohar <zohar@...ux.ibm.com>,
	open list <linux-kernel@...r.kernel.org>,
	"open list:KEYS/KEYRINGS" <keyrings@...r.kernel.org>,
	"open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH] tpm2-sessions: Remove unnecessary wrapper

On Wed, Sep 24, 2025 at 09:35:24AM +0100, Jonathan McDowell wrote:
> On Mon, Sep 22, 2025 at 02:50:09PM +0300, Jarkko Sakkinen wrote:
> > From: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
> > 
> > Open code tpm_buf_append_hmac_session_opt() because it adds unnecessary
> > disperancy to the call sites (and reduces the amount of code).
> > 
> > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>
> 
> I don't have a strong opinion on whether this is significantly better, but
> for 2 call sites it's not unreasonable, so:
> 
> Reviewed-By: Jonathan McDowell <noodles@...th.li>

I'll explain a bit of context.

I'm opening tpm2-session knot by knot and once it is like out and naked
my grand plan is to create a single function tpm2_authenticate or similar
function that wraps a TPM command into an authenticated TPM command.

The main priority with each patch is to do at least microscopic amount
of more than just pure clean up. The tpm_buf series and this series
sort of converge towards the same common goal. I think this is a good
way to move forward and refactor complex functionality without causing
major risks in production.

They key topic on this all maximizing the decoupling and it goes beyond
just "fixing tpm2-sessions". By doing this process we can more easily
re-use parts of the driver code in early boot code and sort of create
enablers for e.g., Trenchboot.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ