From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: Re: [PATCH v15 0/5] TPM 2.0 trusted key rework
Date: Fri, 19 Feb 2021 10:35:00 -0800 [thread overview]
Message-ID: <17a8229bf8ebc87ad02429643aeee78d803f34f2.camel@HansenPartnership.com> (raw)
In-Reply-To: <YDACehLCy4f2sDzo@kernel.org>
On Fri, 2021-02-19 at 20:24 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 27, 2021 at 11:06:12AM -0800, James Bottomley wrote:
> > v15: fix 0day sign issue and add reviews and testeds
> >
> > General cover letter minus policy bit:
> >
> > This patch updates the trusted key code to export keys in the ASN.1
> > format used by current TPM key tools (openssl_tpm2_engine and
> > openconnect). The current code will try to load keys containing
> > policy, but being unable to formulate the policy commands necessary
> > to
> > load them, the unseal will always fail unless the policy is
> > executed
> > in user space and a pre-formed policy session passed in.
> >
> > The key format is designed to be compatible with our two openssl
> > engine implementations as well as with the format used by
> > openconnect.
> > I've added seal/unseal to my engine so I can use it for
> > interoperability testing and I'll later use this for sealed
> > symmetric
> > keys via engine:
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/
> >
> > James
> >
> > ---
> >
> > James Bottomley (5):
> > lib: add ASN.1 encoder
> > oid_registry: Add TCG defined OIDS for TPM keys
> > security: keys: trusted: fix TPM2 authorizations
> > security: keys: trusted: use ASN.1 TPM2 key format for the blobs
> > security: keys: trusted: Make sealed key properly interoperable
>
> This is online again in the master branch.
>
> I've mangled the commits as follows:
>
> 1. Fixed my emails to jarkko@kernel.org.
> 2. Adjusted the Makefile, i.e. separate lines for each entry.
> 3. Fixed the checkpatch issues.
>
> I guess we could potentially re-consider this to rc2 pull? With all
> the mangling required, did not make sense to include this to the
> first pull.
The way I usually do this in SCSI, because stuff always happens
immediately before the merge window that causes some pull material to
be held over, is an early push, which you've done followed by a late
push on the Friday before the merge window closes of the rest of the
stuff. This is an example from the last but one merge window:
https://lore.kernel.org/linux-scsi/fdee2336d2a7eada3749e07c3cc6ea682f8200b3.camel@HansenPartnership.com/
https://lore.kernel.org/linux-scsi/4affd2a9c347e5f1231485483bf852737ea08151.camel@HansenPartnership.com/
Linus seems to be happy with this pattern as long as it's well
explained.
James
next prev parent reply other threads:[~2021-02-19 18:35 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-27 19:06 [PATCH v15 0/5] TPM 2.0 trusted key rework James Bottomley
2021-01-27 19:06 ` [PATCH v15 1/5] lib: add ASN.1 encoder James Bottomley
2021-01-27 19:06 ` [PATCH v15 2/5] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2021-01-27 19:06 ` [PATCH v15 3/5] security: keys: trusted: fix TPM2 authorizations James Bottomley
2021-01-27 19:06 ` [PATCH v15 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs James Bottomley
2021-01-30 16:29 ` Jarkko Sakkinen
2021-01-30 17:12 ` James Bottomley
2021-01-27 19:06 ` [PATCH v15 5/5] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2021-01-28 6:00 ` [PATCH v15 0/5] TPM 2.0 trusted key rework Jarkko Sakkinen
2021-02-10 15:58 ` [PATCH v15 3/5] security: keys: trusted: fix TPM2 authorizations David Howells
2021-02-10 16:12 ` James Bottomley
2021-02-12 11:55 ` Jarkko Sakkinen
2021-02-19 18:24 ` [PATCH v15 0/5] TPM 2.0 trusted key rework Jarkko Sakkinen
2021-02-19 18:35 ` James Bottomley [this message]
2021-02-20 2:39 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17a8229bf8ebc87ad02429643aeee78d803f34f2.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).