Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5104063imm; Tue, 18 Sep 2018 04:30:36 -0700 (PDT) X-Google-Smtp-Source: ANB0VdacifW/hZlfgeapsvpBRYfFqyQesH0u0AzqraFht4JpN5SfmrK89SMuubGXZtc3bFtSzAQe X-Received: by 2002:a17:902:15c5:: with SMTP id a5-v6mr29086075plh.137.1537270236053; Tue, 18 Sep 2018 04:30:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537270236; cv=none; d=google.com; s=arc-20160816; b=SvHyr+2RNa3B01EZbKcTpAEUr5GwxhzmEQpeUm9mRukQPJ0OxjCsmQ8kJgTTMoIbSN MZJcXm0IBKhtab/SOaFT3obo9WHcx1+kTPNm3OwdW4rBcmT24f+j1jV0v0W28CdsgD6B trnyJJ5967JZ87ELSUKqF6xT6cnXt6DhdkEX8JjPu6lmAEutI3Lwvw5TKfobjSAVT/Al 4ildFcpWHOMdPCRj533T6SFOeiFZb5X60x7WFw66d05N1desA3LRk/w6VW8Th/Vwchvb WaWldRsH9EjELo8Cw3hqxefXwQ2DhPHlWPKrmL8GEMGwfngfvPueJWrWmE5wSRNI8d2w sM3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature; bh=q+p2zj5Iv4HQplEsHnthDZOVM8ZP6WG4mrOWCOQoXZ8=; b=ebIaWycW+o3R//pHwxzwHpjNDiSosw/WQp0DuRtN24WxAl2PkpxUJqexdu89f423cT +3GndOTXWtgd803vMAvH2aSNVwr5gUSEtWQ7y0mdS3b7ICKPohNCIuo52ibmrSAsLqV+ QXtceHgF2qPsN9l6T5KziOuqAK1zoaeSwwHyciCAMs0Q5qR2QvvGgNbf3z0lgNIF8mze V6OLLc2feOcflM4U3J9FnwvdcKAzI8rv5GiUnGDFY+uIL56ROYFI9WPlimjaefbUbJZm 43d+YaJskFOefniZJxO/+veK+Xcjq6/no3StQASGE9scl5wTNMvkPcvYbwXkOV4t57fY 1e1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=fxi3UlBG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s125-v6si18416504pfb.335.2018.09.18.04.30.20; Tue, 18 Sep 2018 04:30:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=fxi3UlBG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729347AbeIRRCZ (ORCPT + 99 others); Tue, 18 Sep 2018 13:02:25 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:42598 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727228AbeIRRCY (ORCPT ); Tue, 18 Sep 2018 13:02:24 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id AD2A18EE23D; Tue, 18 Sep 2018 04:30:14 -0700 (PDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QZoCQskO_XWl; Tue, 18 Sep 2018 04:30:14 -0700 (PDT) Received: from [172.20.5.140] (50-235-16-99-static.hfc.comcastbusiness.net [50.235.16.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 8D2188EE0ED; Tue, 18 Sep 2018 04:30:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1537270214; bh=swa7oxdKgGZQncA0MLpDAT7vlDqQUQlA3ofzgHSK80A=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=fxi3UlBGHE84BvtLYZFZwIdj3NZYqWopERA+fmhCLwLH1sTSrFjyaf5Vkmg2xQk3c Kg0sL0Mb/DjfqpsnFiV4txnFZfBn+rTouzWY2zZcv4y8P9GQT+BOMswZhw2TNXjCKd ATYL4aiOVGAgYAIbClRB6VsqJaX0UPDR7I1eD+2c= Message-ID: <1537270212.3424.4.camel@HansenPartnership.com> Subject: Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops From: James Bottomley To: David Woodhouse , David Howells , Marcel Holtmann Cc: James Morris , Denis Kenzior , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Date: Tue, 18 Sep 2018 07:30:12 -0400 In-Reply-To: <1537254055.20009.64.camel@infradead.org> References: <25C89575-D4E9-48FB-BEC9-383B09F32E44@holtmann.org> <153618445730.7946.10001472635835806478.stgit@warthog.procyon.org.uk> <12101.1536420374@warthog.procyon.org.uk> <1537254055.20009.64.camel@infradead.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-09-18 at 08:00 +0100, David Woodhouse wrote: > > On Sat, 2018-09-08 at 16:26 +0100, David Howells wrote: > > Marcel Holtmann wrote: > > > > > > > > so I have reviewed and tested this code. In addition, we have > > > test cases for it in ELL (embedded linux library). > > > > I wonder if there's any practical way to add a test for this to the > > keyutils test suite.  I'm guessing it's quite tricky, given the > > extra bits you need to emulate the TPM. > > Right, for a lot of userspace stuff we have the TPM emulator but for > the kernel you might need to run in qemu, which I believe can emulate > a TPM now (or at least, can talk to the TPM emulator, which has the > same effect). Actually, you don't necessarily. I use this patch: https://marc.info/?l=tpmdd-devel&m=148392353230117 Which allows me to make a TCP connection to the software TPM running in userspace without having to have the TPM components in qemu (or even to run virtual). I used it to debug all the in-kernel resource manager patches. It's TPM 2.0, but could easily be modified to work with 1.2 James