Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1783077pxa; Sun, 16 Aug 2020 10:56:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzFz3HVlZhClGyoGeZ6Fshl7TNRw3fnjaUaJ7HYfgxCMb0CWrMu8F+JXGYdF/ZXRQAE06jl X-Received: by 2002:a17:906:4a0d:: with SMTP id w13mr4460479eju.247.1597600579352; Sun, 16 Aug 2020 10:56:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597600579; cv=none; d=google.com; s=arc-20160816; b=XfodXuPXq+2HWE8FKlqk1p7Cjisnt34ZFLx7Xuzc3Xz17Dezmg+HKK4HzjVhmDJ66e ZrcUMSiWvcDyZD2Meejmc1OjHLrPidBg8mC/kFaQAbr05Lw/bBfkRxMjPkQGhbtYevJ/ dlxoOlEsvCeHAO/Pj/uUrMrQsvEWfYqFcZAbxe1Kit/EKlCoPcc4LFZhT7Z6aOoo4Dk8 cK5C3xeF7epobfCmFhGHU4Kx73ccuuZvOvhbxcCEih30rt8Qkmcl0ArisjU5r33MLJxP zJ/85QslvtlbEmWSvrQ92x3rEBfE+FzChUE5dLBVkHFWYWMZR1IhDB9+H09Jyr21Y071 eubw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:reply-to:from:subject:message-id :dkim-signature; bh=4nXD3aImX6M64sQgFxiSKLNFtYkND9wGT+mb610YBpM=; b=ee5b68VYvFYgwoKjYCF9CNM9Hs3YLe8judJ15+E1ie7yLIhcm2PyhSyR9YAqI07Xpi IMgqOcmb6qSuAinJSR+KCCamHKhOZ583mpEDJxLzNQSGz0iyVVNzAk2feYmdgVjTgCum M5nXy6eX61qkgC6cq2BQwX2OSJqiWH2yAwOclS0pNNslQtPkgSN2R0pKuFQpBxOlwR9L SQ+V7B4MuEygiY6xuGSWt/dMWsiKyOup7IjRKqwl7UN6KY9GqGmkG2L5M4TuonyVxAmX MapHnueDLPaXjlsmFPHvIDQR6XbSWacW7C9jb7tjIqWnmtuMhAW8lLc10pa1u9BusKVZ IQ6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=KyeXjMgm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d2si10562891ejm.717.2020.08.16.10.55.35; Sun, 16 Aug 2020 10:56:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=KyeXjMgm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729239AbgHPRId (ORCPT + 99 others); Sun, 16 Aug 2020 13:08:33 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:30424 "EHLO mx0b-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726825AbgHPRIc (ORCPT ); Sun, 16 Aug 2020 13:08:32 -0400 Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 07GH36N7022608; Sun, 16 Aug 2020 13:08:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=4nXD3aImX6M64sQgFxiSKLNFtYkND9wGT+mb610YBpM=; b=KyeXjMgm510MnIEDW5c8NBtutiuAAWGxDzP6EB0YgU5TlpmtU3A7t6ve8r1/fZ0pTYev frwhBxa27Q2ienHvEgY45Mrwgqn1rDyfYRVNxJxxn/BKrdKZQfCkVBq+BNIom+M2ApD1 b8ikOChjOn/7zm2CBEPheQer5hallhk24L/tQ+bwyIc0byAgaHuxBhhr5Qr9KmQa/FP4 qSEN30WhErX3/leJh4uaKas3PdS6COZoONq+chAINTrBHsQJVJneUc1RlOxp85Z7tgNV mTJ/tF2q007hLUveAnmV3AwyIA+4fM6HYSamXAVSRZkYUN7hqg5zj0w9/M5aMzRu0EjH ZQ== Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 32y4kw4juj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 16 Aug 2020 13:08:24 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 07GH2ZYh021533; Sun, 16 Aug 2020 17:08:23 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma02wdc.us.ibm.com with ESMTP id 32x7b8auj3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 16 Aug 2020 17:08:23 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 07GH8McF62521822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 16 Aug 2020 17:08:22 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9830A78060; Sun, 16 Aug 2020 17:08:22 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2D3DB7805E; Sun, 16 Aug 2020 17:08:21 +0000 (GMT) Received: from [153.66.254.174] (unknown [9.80.233.55]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Sun, 16 Aug 2020 17:08:20 +0000 (GMT) Message-ID: <1597597699.8344.11.camel@linux.ibm.com> Subject: Re: [PATCH RESEND] docs: update trusted-encrypted.rst From: James Bottomley Reply-To: jejb@linux.ibm.com To: Coly Li , Stefan Berger Cc: keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, Dan Williams , Jarkko Sakkinen , Mimi Zohar Date: Sun, 16 Aug 2020 10:08:19 -0700 In-Reply-To: <096636f4-a928-dd00-dba6-216651c3d63b@suse.de> References: <20200815075143.47082-1-colyli@suse.de> <096636f4-a928-dd00-dba6-216651c3d63b@suse.de> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687 definitions=2020-08-16_07:2020-08-14,2020-08-16 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 lowpriorityscore=0 bulkscore=0 priorityscore=1501 impostorscore=0 clxscore=1015 spamscore=0 malwarescore=0 phishscore=0 mlxlogscore=799 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008160141 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2020-08-17 at 01:01 +0800, Coly Li wrote: > On 2020/8/17 00:06, Stefan Berger wrote: > > On 8/15/20 3:51 AM, Coly Li wrote: [...] > > > Usage:: > > > @@ -115,7 +114,7 @@ append 'keyhandle=0x81000001' to statements > > > between quotes, such as > > > > > > A note in this file states this: > > > > Note: When using a TPM 2.0 with a persistent key with handle > > 0x81000001, append 'keyhandle=0x81000001' to statements between > > quotes, such as "new 32 keyhandle=0x81000001". > > > > Now if someone was (still) interested in TPM 1.2 then the below > > changes you are proposing wouldn't work for them. Maybe you should > > adapt the note to state that these keyhandle=... should be removed > > for the TPM 1.2 case. > > > > I agree. Indeed I have no idea why number 0x81000001 is used, and I > don't have practice experience with TPM 1.2. Now the purpose of this > patch accomplished: experts response and confirm my guess :-) It was the conventional persistent value for the RSA 2048 version of the primary storage seed. Originally the PC spec required the manufacturer provision this on all TPM 2.0 based PC class systems. Unfortunately in spite of it being in the Windows Hardware guide no manufacturer ever did, meaning you either have to create it yourself or do something different. Because of usability problems, every consumer of TPM key function has opted to do something different, namely derive the EC primary if no parent is specified. James