Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760303AbbKTOxT (ORCPT ); Fri, 20 Nov 2015 09:53:19 -0500 Received: from mga01.intel.com ([192.55.52.88]:50179 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751356AbbKTOxQ (ORCPT ); Fri, 20 Nov 2015 09:53:16 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,323,1444719600"; d="scan'208";a="855742952" Date: Fri, 20 Nov 2015 16:53:08 +0200 From: Jarkko Sakkinen To: "Fuchs, Andreas" Cc: Peter Huewe , Marcel Selhorst , David Howells , Jonathan Corbet , "open list:DOCUMENTATION" , open list , "moderated list:TPM DEVICE DRIVER" , "open list:KEYS-ENCRYPTED" , "open list:KEYS-ENCRYPTED" , James Morris , "Serge E. Hallyn" Subject: Re: [tpmdd-devel] [PATCH 2/2] keys, trusted: seal with a policy Message-ID: <20151120145308.GA31448@intel.com> References: <1447777643-10777-1-git-send-email-jarkko.sakkinen@linux.intel.com> <1447777643-10777-3-git-send-email-jarkko.sakkinen@linux.intel.com> <9F48E1A823B03B4790B7E6E69430724D9D974334@EXCH2010B.sit.fraunhofer.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9F48E1A823B03B4790B7E6E69430724D9D974334@EXCH2010B.sit.fraunhofer.de> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1303 Lines: 32 On Thu, Nov 19, 2015 at 10:59:57AM +0000, Fuchs, Andreas wrote: > > ________________________________________ > > From: Jarkko Sakkinen [jarkko.sakkinen@linux.intel.com] > > Sent: Tuesday, November 17, 2015 17:27 > > > > Support for sealing with a authorization policy. > > > > Two new options for trusted keys: > > > > * 'policydigest=': provide an auth policy digest for sealing. > > * 'policyhandle=': provide a policy session handle for unsealing. > > Hi Jarkko, > > just out of curiosity; when testing this, how did you calculate the blobauth parameter ? > Since its calculation requires the cpHash for the unseal()-command... > If you "predict" the cpHash in userSpace, this would mean that userspace needs to know the > kernels way of constructing the unseal()-command to the TPM, which in turn would make > this part of the ABI and require documentation before upstreaming, imho. Is this a comment about the patch? Have you actually read the source code or where is this coming from? Please read the source code. > Cheers, > Andreas-- /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/