Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758333AbbKSLIG (ORCPT <rfc822;w@1wt.eu>);
	Thu, 19 Nov 2015 06:08:06 -0500
Received: from mailext.sit.fraunhofer.de ([141.12.72.89]:43986 "EHLO
	mailext.sit.fraunhofer.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756791AbbKSLIE convert rfc822-to-8bit (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 19 Nov 2015 06:08:04 -0500
X-Greylist: delayed 441 seconds by postgrey-1.27 at vger.kernel.org; Thu, 19 Nov 2015 06:08:02 EST
From: "Fuchs, Andreas" <andreas.fuchs@sit.fraunhofer.de>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Peter Huewe <peterhuewe@gmx.de>, Marcel Selhorst <tpmdd@selhorst.net>,
        David Howells <dhowells@redhat.com>
CC: Jonathan Corbet <corbet@lwn.net>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        David Safford <safford@us.ibm.com>,
        open list <linux-kernel@vger.kernel.org>,
        "moderated list:TPM DEVICE DRIVER" 
	<tpmdd-devel@lists.sourceforge.net>,
        "open list:KEYS-ENCRYPTED" <linux-security-module@vger.kernel.org>,
        "open list:KEYS-ENCRYPTED" <keyrings@vger.kernel.org>,
        James Morris <james.l.morris@oracle.com>,
        "Serge E. Hallyn" <serge@hallyn.com>
Subject: RE: [tpmdd-devel] [PATCH 2/2] keys, trusted: seal with a policy
Thread-Topic: [tpmdd-devel] [PATCH 2/2] keys, trusted: seal with a policy
Thread-Index: AQHRIVUM2ZM/Ki28uEqsOFlz5gjZEp6jD+r0
Date: Thu, 19 Nov 2015 10:59:57 +0000
Message-ID: <9F48E1A823B03B4790B7E6E69430724D9D974334@EXCH2010B.sit.fraunhofer.de>
References: <1447777643-10777-1-git-send-email-jarkko.sakkinen@linux.intel.com>,<1447777643-10777-3-git-send-email-jarkko.sakkinen@linux.intel.com>
In-Reply-To: <1447777643-10777-3-git-send-email-jarkko.sakkinen@linux.intel.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [79.242.104.91]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8BIT
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1053
Lines: 25

> ________________________________________
> From: Jarkko Sakkinen [jarkko.sakkinen@linux.intel.com]
> Sent: Tuesday, November 17, 2015 17:27
> 
> Support for sealing with a authorization policy.
> 
> Two new options for trusted keys:
> 
> * 'policydigest=': provide an auth policy digest for sealing.
> * 'policyhandle=': provide a policy session handle for unsealing.

Hi Jarkko,

just out of curiosity; when testing this, how did you calculate the blobauth parameter ?
Since its calculation requires the cpHash for the unseal()-command...
If you "predict" the cpHash in userSpace, this would mean that userspace needs to know the
kernels way of constructing the unseal()-command to the TPM, which in turn would make
this part of the ABI and require documentation before upstreaming, imho.

Cheers,
Andreas--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/