Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5962462imu; Sun, 2 Dec 2018 07:11:45 -0800 (PST) X-Google-Smtp-Source: AFSGD/VFnNm6ARw7JvN2mH/6rBRjXZHL1uzyLkqb2OtKlbyHdhxiEFB6zuLujAMIlg5aJ+fCTZS1 X-Received: by 2002:a17:902:24e7:: with SMTP id l36mr909608plg.61.1543763505659; Sun, 02 Dec 2018 07:11:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543763505; cv=none; d=google.com; s=arc-20160816; b=cyvlIiJZdhzDVHEYrZJOa6B1wemJvt4ccMbWFE0FTxYP4mVZNQpGbdIPQ7/f5FWN08 TR5cjyHMBDbszBZW8/M5WrWn5IVB3NljkVK9ghFL+GZxoeJSvpLIaslLmbcnNb4C/42e XVI+xWvC70NzizEoZQpwID4Qhgyd/Xpq5qkA7a48cbHzw3nLhB+uspFPgtp5+OqYyRt/ umUQ8JHtRpR96nnUWwj7imm/dUpkk6jAIKE4P+O1kAolqcHMLLIV41NcUQ7o+xqiPvdM jjtyfmAv5J9c53HvZ5QW40ukrhW4J0gPk7KdeC7vtwWF5U5KPY2fwcdyRKL3KdTVJWVu FJMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=86ISozUTT6G+tPfKQ2xDjD4LaY/sJq0A+WF2Do81CRM=; b=0pZX/OKD5m6lsgtJJaRFOYeHwE8gooJp29jkIxF1hgJtDwitGyjCyBMel4CwwehiUb QSWzRWJe6zSuX2hMJvHHgI/QwNRUnv0NLZq1Iol85Q44w0ySWa1X/TmYM5c4t+DleydU Qa0CGd+0HalqEj2CCfHaaEEQvIO/csc0QKFhBLVlRnXOFvLyYAiNlMtZ+gwTRSHy9NIc t9B/OgNR5t0uaKKSDBp91fCkd+79+ArNf1CPkU/0nYVT6vdd5A5OLLuF10FtFlkXE34s TOoTvdktH/jHo+PLkry96Y+6jWCTCSBkUkFwVpXOwzn2CV50J/mziYkZe5BwLkq5X+Qs tZiA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e37si11922652plb.172.2018.12.02.07.11.30; Sun, 02 Dec 2018 07:11:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725894AbeLBPK5 (ORCPT + 99 others); Sun, 2 Dec 2018 10:10:57 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:58734 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725876AbeLBPK5 (ORCPT ); Sun, 2 Dec 2018 10:10:57 -0500 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wB2F3INm057329 for ; Sun, 2 Dec 2018 10:10:54 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2p48u3fjjk-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 02 Dec 2018 10:10:54 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sun, 2 Dec 2018 15:10:51 -0000 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Sun, 2 Dec 2018 15:10:49 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wB2FAm666095160 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sun, 2 Dec 2018 15:10:48 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F5F242047; Sun, 2 Dec 2018 15:10:48 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1102B42041; Sun, 2 Dec 2018 15:10:47 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.106.63]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Sun, 2 Dec 2018 15:10:46 +0000 (GMT) Subject: Re: [PATCH] docs: Extend trusted keys documentation for TPM 2.0 From: Mimi Zohar To: Jarkko Sakkinen , James Bottomley Cc: Jerry Snitselaar , Stefan Berger , keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Date: Sun, 02 Dec 2018 10:10:36 -0500 In-Reply-To: <20181130234646.GB3792@linux.intel.com> References: <20181019101758.1569-1-stefanb@linux.ibm.com> <20181106164603.w46wspmdj5e4slwe@cantor> <1541528254.8568.48.camel@linux.ibm.com> <20181130234507.GA3792@linux.intel.com> <20181130234646.GB3792@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18120215-0012-0000-0000-000002D373A8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18120215-0013-0000-0000-00002108C665 Message-Id: <1543763436.4216.196.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-02_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812020145 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2018-11-30 at 15:46 -0800, Jarkko Sakkinen wrote: > On Fri, Nov 30, 2018 at 03:45:07PM -0800, Jarkko Sakkinen wrote: > > On Tue, Nov 06, 2018 at 01:17:34PM -0500, Mimi Zohar wrote: > > > On Tue, 2018-11-06 at 09:46 -0700, Jerry Snitselaar wrote: > > > > On Fri Oct 19 18, Stefan Berger wrote: > > > > >Extend the documentation for trusted keys with documentation for how to > > > > >set up a key for a TPM 2.0 so it can be used with a TPM 2.0 as well. > > > > > > > > > >Signed-off-by: Stefan Berger > > > > >Reviewed-by: Mimi Zohar > > > > > > > > Acked-by: Jerry Snitselaar > > > > > > Thanks!  This patch is now staged in the #next-integrity-queued > > > branch. > > > > > > Mimi > > > > Reviewed-by: Jarkko Sakkinen > > Brings to mind, in the long run where the backend code for trusted keys > should reside. Are you asking about coordinating staging the trusted key patches to be upstreamed or about moving portions of the encrypted keys code out of the keyring subsystem? I'm not sure there needs to be a separate encrypted-keys pull request.  Either they can be upstreamed via the TPM or the integrity subsystem for now. Mimi