2015-11-07 18:58:09

by Jeremiah Mahler

[permalink] [raw]
Subject: Re: [PATCH 08/10] tpm: seal/unseal for TPM 2.0

Jarkko,

On Fri, Oct 16, 2015 at 09:40:27PM +0300, Jarkko Sakkinen wrote:
> Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing
> trusted keys.
>
> This patch implements basic sealing and unsealing functionality for
> TPM 2.0:
>
> * Seal with a parent key using a 20 byte auth value.
> * Unseal with a parent key using a 20 byte auth value.
>
> Signed-off-by: Jarkko Sakkinen <[email protected]>
> ---
> drivers/char/tpm/tpm-interface.c | 76 ++++++++++++
> drivers/char/tpm/tpm.h | 15 ++-
> drivers/char/tpm/tpm2-cmd.c | 250 ++++++++++++++++++++++++++++++++++++++-
> include/keys/trusted-type.h | 2 +-
> include/linux/tpm.h | 26 ++++
> 5 files changed, 366 insertions(+), 3 deletions(-)
>

This patch adds a lot of code but doesn't use any of it until later
patches. This can make using 'git bisect' more difficult because it
will point to the wrong patches. If this were my patch series I would
combine this patch with the later ones that actually start using the
code.

[...]

--
- Jeremiah Mahler


2015-11-07 21:39:30

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH 08/10] tpm: seal/unseal for TPM 2.0

On Sat, Nov 07, 2015 at 10:58:03AM -0800, Jeremiah Mahler wrote:
> Jarkko,
>
> On Fri, Oct 16, 2015 at 09:40:27PM +0300, Jarkko Sakkinen wrote:
> > Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing
> > trusted keys.
> >
> > This patch implements basic sealing and unsealing functionality for
> > TPM 2.0:
> >
> > * Seal with a parent key using a 20 byte auth value.
> > * Unseal with a parent key using a 20 byte auth value.
> >
> > Signed-off-by: Jarkko Sakkinen <[email protected]>
> > ---
> > drivers/char/tpm/tpm-interface.c | 76 ++++++++++++
> > drivers/char/tpm/tpm.h | 15 ++-
> > drivers/char/tpm/tpm2-cmd.c | 250 ++++++++++++++++++++++++++++++++++++++-
> > include/keys/trusted-type.h | 2 +-
> > include/linux/tpm.h | 26 ++++
> > 5 files changed, 366 insertions(+), 3 deletions(-)
> >
>
> This patch adds a lot of code but doesn't use any of it until later
> patches. This can make using 'git bisect' more difficult because it
> will point to the wrong patches. If this were my patch series I would
> combine this patch with the later ones that actually start using the
> code.
>
> [...]

I do agree with you that it'd had been a good idea. Thanks for the
feedback.

> --
> - Jeremiah Mahler
> --

/Jarkko