2020-08-21 13:56:23

by Coly Li

[permalink] [raw]
Subject: [PATCH v4] docs: trusted-encrypted.rst: update parameters for command examples

The parameters in command examples for tpm2_createprimary and
tpm2_evictcontrol are outdated, people (like me) are not able to create
trusted key by these command examples.

This patch updates the parameters of command example tpm2_createprimary
and tpm2_evictcontrol in trusted-encrypted.rst. With Linux kernel v5.8
and tpm2-tools-4.1, people can create a trusted key by following the
examples in this document.

Signed-off-by: Coly Li <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Reviewed-by: Stefan Berger <[email protected]>
Cc: Dan Williams <[email protected]>
Cc: James Bottomley <[email protected]>
Cc: Jason Gunthorpe <[email protected]>
Cc: Jonathan Corbet <[email protected]>
Cc: Mimi Zohar <[email protected]>
Cc: Peter Huewe <[email protected]>
---
Changelog:
v4: update Reviewed-by list, and Cc linux-doc and linux-integrity
maintainers.
v3: update commit log with review comments from Jarkko Sakkinen.
v2: remove the change of trusted key related operation.
v1: initial version.

Documentation/security/keys/trusted-encrypted.rst | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index 9483a7425ad5..1da879a68640 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst
@@ -39,10 +39,9 @@ With the IBM TSS 2 stack::

Or with the Intel TSS 2 stack::

- #> tpm2_createprimary --hierarchy o -G rsa2048 -o key.ctxt
+ #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
[...]
- handle: 0x800000FF
- #> tpm2_evictcontrol -c key.ctxt -p 0x81000001
+ #> tpm2_evictcontrol -c key.ctxt 0x81000001
persistentHandle: 0x81000001

Usage::
--
2.26.2


2020-09-09 17:31:17

by Jonathan Corbet

[permalink] [raw]
Subject: Re: [PATCH v4] docs: trusted-encrypted.rst: update parameters for command examples

On Fri, 21 Aug 2020 21:53:56 +0800
Coly Li <[email protected]> wrote:

> The parameters in command examples for tpm2_createprimary and
> tpm2_evictcontrol are outdated, people (like me) are not able to create
> trusted key by these command examples.
>
> This patch updates the parameters of command example tpm2_createprimary
> and tpm2_evictcontrol in trusted-encrypted.rst. With Linux kernel v5.8
> and tpm2-tools-4.1, people can create a trusted key by following the
> examples in this document.
>
> Signed-off-by: Coly Li <[email protected]>
> Reviewed-by: Jarkko Sakkinen <[email protected]>
> Reviewed-by: Stefan Berger <[email protected]>
> Cc: Dan Williams <[email protected]>
> Cc: James Bottomley <[email protected]>
> Cc: Jason Gunthorpe <[email protected]>
> Cc: Jonathan Corbet <[email protected]>
> Cc: Mimi Zohar <[email protected]>
> Cc: Peter Huewe <[email protected]>
> ---
> Changelog:
> v4: update Reviewed-by list, and Cc linux-doc and linux-integrity
> maintainers.
> v3: update commit log with review comments from Jarkko Sakkinen.
> v2: remove the change of trusted key related operation.
> v1: initial version.
>
> Documentation/security/keys/trusted-encrypted.rst | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
> index 9483a7425ad5..1da879a68640 100644
> --- a/Documentation/security/keys/trusted-encrypted.rst
> +++ b/Documentation/security/keys/trusted-encrypted.rst
> @@ -39,10 +39,9 @@ With the IBM TSS 2 stack::
>
> Or with the Intel TSS 2 stack::
>
> - #> tpm2_createprimary --hierarchy o -G rsa2048 -o key.ctxt
> + #> tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt
> [...]
> - handle: 0x800000FF
> - #> tpm2_evictcontrol -c key.ctxt -p 0x81000001
> + #> tpm2_evictcontrol -c key.ctxt 0x81000001
> persistentHandle: 0x81000001

This has been languishing, sorry; I've just applied it.

Thanks,

jon