Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* KEYS-TRUSTED git
@ 2019-09-08  0:10 Jarkko Sakkinen
  2019-09-08 14:20 ` Mimi Zohar
  0 siblings, 1 reply; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-08  0:10 UTC (permalink / raw)
  To: linux-integrity; +Cc: zohar, jejb, dhowells, sumit.garg

It seems that at least vast majority of the trusted keys patches flow
through my tree to the mainline. Still, it is undocumented in the
MAINTAINERS file.

So, should I just add my TPM tree as the upstream there? Or should I
just create a new GIT for trusted keys? My TPM PR goes to Linux ATM.
Should my trusted keys PR go to David instead? That would definitely
require own tree.

With Sumit's recent work trusted keys is turning more than just being
TPM keys so now it is a good time to consider the flow... Sumit, I'm
sorry that I haven't added your first series yet. I need to first sync
up how we are going to move forward.

/Jarkko


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-08  0:10 KEYS-TRUSTED git Jarkko Sakkinen
@ 2019-09-08 14:20 ` Mimi Zohar
  2019-09-09  6:27   ` Sumit Garg
                     ` (2 more replies)
  0 siblings, 3 replies; 20+ messages in thread
From: Mimi Zohar @ 2019-09-08 14:20 UTC (permalink / raw)
  To: Jarkko Sakkinen, linux-integrity; +Cc: jejb, dhowells, sumit.garg

On Sun, 2019-09-08 at 03:10 +0300, Jarkko Sakkinen wrote:
> It seems that at least vast majority of the trusted keys patches flow
> through my tree to the mainline. Still, it is undocumented in the
> MAINTAINERS file.
> 
> So, should I just add my TPM tree as the upstream there? Or should I
> just create a new GIT for trusted keys? My TPM PR goes to Linux ATM.
> Should my trusted keys PR go to David instead? That would definitely
> require own tree.
> 
> With Sumit's recent work trusted keys is turning more than just being
> TPM keys so now it is a good time to consider the flow... Sumit, I'm
> sorry that I haven't added your first series yet. I need to first sync
> up how we are going to move forward.

Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
based keys.  Now would be a good time to set up at least a separate
branch or GIT repo.

Are all "trust" methods equivalent?  As new "trust" methods are
defined, there should be a document describing the trust method, with
a comparison to the TPM.

(It would be nice to have some kernel selftests to ensure existing
methods don't break.)

Mimi


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-08 14:20 ` Mimi Zohar
@ 2019-09-09  6:27   ` Sumit Garg
  2019-09-09 10:40     ` Mimi Zohar
                       ` (2 more replies)
  2019-09-09 16:33   ` Jarkko Sakkinen
  2019-09-09 16:52   ` Jarkko Sakkinen
  2 siblings, 3 replies; 20+ messages in thread
From: Sumit Garg @ 2019-09-09  6:27 UTC (permalink / raw)
  To: Mimi Zohar, Jarkko Sakkinen; +Cc: linux-integrity, jejb, dhowells

On Sun, 8 Sep 2019 at 19:50, Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Sun, 2019-09-08 at 03:10 +0300, Jarkko Sakkinen wrote:
> > It seems that at least vast majority of the trusted keys patches flow
> > through my tree to the mainline. Still, it is undocumented in the
> > MAINTAINERS file.
> >
> > So, should I just add my TPM tree as the upstream there? Or should I
> > just create a new GIT for trusted keys? My TPM PR goes to Linux ATM.
> > Should my trusted keys PR go to David instead? That would definitely
> > require own tree.
> >
> > With Sumit's recent work trusted keys is turning more than just being
> > TPM keys so now it is a good time to consider the flow... Sumit, I'm
> > sorry that I haven't added your first series yet. I need to first sync
> > up how we are going to move forward.

@Jarkko: No worries, I understand the situation.

>
> Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> based keys.  Now would be a good time to set up at least a separate
> branch or GIT repo.

+1

>
> Are all "trust" methods equivalent?  As new "trust" methods are
> defined, there should be a document describing the trust method, with
> a comparison to the TPM.

For Trusted Execution Environment (TEE) as a new "trust" method, I
have tried to document it here [1]. Please share your thoughts on this
patch [1] in case I missed something. I would be happy to incorporate
your feedback. Also, can you elaborate on "comparison to the TPM",
what specifics parameters are you looking for documentation?

[1] https://patchwork.kernel.org/patch/11065679/

-Sumit

>
> (It would be nice to have some kernel selftests to ensure existing
> methods don't break.)
>
> Mimi
>

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09  6:27   ` Sumit Garg
@ 2019-09-09 10:40     ` Mimi Zohar
  2019-09-09 16:36     ` Jarkko Sakkinen
  2019-09-10 11:43     ` Jarkko Sakkinen
  2 siblings, 0 replies; 20+ messages in thread
From: Mimi Zohar @ 2019-09-09 10:40 UTC (permalink / raw)
  To: Sumit Garg, Jarkko Sakkinen
  Cc: linux-integrity, jejb, dhowells, Kenneth Goldman, David Safford,
	Monty Wiseman

[Cc'ing Ken, Dave, & Monty]

On Mon, 2019-09-09 at 11:57 +0530, Sumit Garg wrote:
> On Sun, 8 Sep 2019 at 19:50, Mimi Zohar <zohar@linux.ibm.com> wrote:

> > Are all "trust" methods equivalent?  As new "trust" methods are
> > defined, there should be a document describing the trust method, with
> > a comparison to the TPM.
> 
> For Trusted Execution Environment (TEE) as a new "trust" method, I
> have tried to document it here [1]. Please share your thoughts on this
> patch [1] in case I missed something. I would be happy to incorporate
> your feedback. Also, can you elaborate on "comparison to the TPM",
> what specifics parameters are you looking for documentation?

For example, the security properties/guarantees of a hardware TPM are
different than a software TPM.  Could we capture that difference in
chart form?  As new "trust" methods are added, include that
information in the chart and extend the chart with other information,
as needed.

Mimi

> 
> [1] https://patchwork.kernel.org/patch/11065679/
> 
> -Sumit


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-08 14:20 ` Mimi Zohar
  2019-09-09  6:27   ` Sumit Garg
@ 2019-09-09 16:33   ` Jarkko Sakkinen
  2019-09-09 16:52   ` Jarkko Sakkinen
  2 siblings, 0 replies; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-09 16:33 UTC (permalink / raw)
  To: Mimi Zohar; +Cc: linux-integrity, jejb, dhowells, sumit.garg

On Sun, Sep 08, 2019 at 10:20:31AM -0400, Mimi Zohar wrote:
> On Sun, 2019-09-08 at 03:10 +0300, Jarkko Sakkinen wrote:
> > It seems that at least vast majority of the trusted keys patches flow
> > through my tree to the mainline. Still, it is undocumented in the
> > MAINTAINERS file.
> > 
> > So, should I just add my TPM tree as the upstream there? Or should I
> > just create a new GIT for trusted keys? My TPM PR goes to Linux ATM.
> > Should my trusted keys PR go to David instead? That would definitely
> > require own tree.
> > 
> > With Sumit's recent work trusted keys is turning more than just being
> > TPM keys so now it is a good time to consider the flow... Sumit, I'm
> > sorry that I haven't added your first series yet. I need to first sync
> > up how we are going to move forward.
> 
> Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> based keys.  Now would be a good time to set up at least a separate
> branch or GIT repo.
> 
> Are all "trust" methods equivalent?  As new "trust" methods are
> defined, there should be a document describing the trust method, with
> a comparison to the TPM.
> 
> (It would be nice to have some kernel selftests to ensure existing
> methods don't break.)

We could put this (with appropriate mods whatever they are) to
selftests:

https://raw.githubusercontent.com/jsakkine-intel/tpm2-scripts/master/keyctl-smoke.sh

No near adequate but it is starting point...

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09  6:27   ` Sumit Garg
  2019-09-09 10:40     ` Mimi Zohar
@ 2019-09-09 16:36     ` Jarkko Sakkinen
  2019-09-10  5:13       ` Sumit Garg
  2019-09-10 11:43     ` Jarkko Sakkinen
  2 siblings, 1 reply; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-09 16:36 UTC (permalink / raw)
  To: Sumit Garg; +Cc: Mimi Zohar, linux-integrity, jejb, dhowells

On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> For Trusted Execution Environment (TEE) as a new "trust" method, I
> have tried to document it here [1]. Please share your thoughts on this
> patch [1] in case I missed something. I would be happy to incorporate
> your feedback. Also, can you elaborate on "comparison to the TPM",
> what specifics parameters are you looking for documentation?

I think the right order is actually:

1. Set up the GIT tree.
2. Merge your TEE patches (when they pass the review phase).
3. Come up with the documentation.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-08 14:20 ` Mimi Zohar
  2019-09-09  6:27   ` Sumit Garg
  2019-09-09 16:33   ` Jarkko Sakkinen
@ 2019-09-09 16:52   ` Jarkko Sakkinen
  2019-09-09 17:24     ` Mimi Zohar
  2019-09-10 14:21     ` Jarkko Sakkinen
  2 siblings, 2 replies; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-09 16:52 UTC (permalink / raw)
  To: Mimi Zohar, dhowells; +Cc: linux-integrity, jejb, sumit.garg

On Sun, Sep 08, 2019 at 10:20:31AM -0400, Mimi Zohar wrote:
> Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> based keys.  Now would be a good time to set up at least a separate
> branch or GIT repo.

I created a tree for trusted keys:

http://git.infradead.org/users/jjs/linux-trusted-keys.git

The remaining issue before I send a patch to update MAINTAINERS is whether
the flow goes through David to Linus or directly to Linus.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09 16:52   ` Jarkko Sakkinen
@ 2019-09-09 17:24     ` Mimi Zohar
  2019-09-13 13:32       ` Jarkko Sakkinen
  2019-09-10 14:21     ` Jarkko Sakkinen
  1 sibling, 1 reply; 20+ messages in thread
From: Mimi Zohar @ 2019-09-09 17:24 UTC (permalink / raw)
  To: Jarkko Sakkinen, dhowells; +Cc: linux-integrity, jejb, sumit.garg

On Mon, 2019-09-09 at 17:52 +0100, Jarkko Sakkinen wrote:
> On Sun, Sep 08, 2019 at 10:20:31AM -0400, Mimi Zohar wrote:
> > Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> > based keys.  Now would be a good time to set up at least a separate
> > branch or GIT repo.
> 
> I created a tree for trusted keys:
> 
> http://git.infradead.org/users/jjs/linux-trusted-keys.git
> 
> The remaining issue before I send a patch to update MAINTAINERS is whether
> the flow goes through David to Linus or directly to Linus.

David?


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09 16:36     ` Jarkko Sakkinen
@ 2019-09-10  5:13       ` Sumit Garg
  2019-09-13 13:34         ` Jarkko Sakkinen
  0 siblings, 1 reply; 20+ messages in thread
From: Sumit Garg @ 2019-09-10  5:13 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Mimi Zohar, linux-integrity, jejb, dhowells

On Mon, 9 Sep 2019 at 22:06, Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > For Trusted Execution Environment (TEE) as a new "trust" method, I
> > have tried to document it here [1]. Please share your thoughts on this
> > patch [1] in case I missed something. I would be happy to incorporate
> > your feedback. Also, can you elaborate on "comparison to the TPM",
> > what specifics parameters are you looking for documentation?
>
> I think the right order is actually:
>
> 1. Set up the GIT tree.
> 2. Merge your TEE patches (when they pass the review phase).
> 3. Come up with the documentation.

Sounds good to me.

-Sumit

>
> /Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09  6:27   ` Sumit Garg
  2019-09-09 10:40     ` Mimi Zohar
  2019-09-09 16:36     ` Jarkko Sakkinen
@ 2019-09-10 11:43     ` Jarkko Sakkinen
  2019-09-10 12:32       ` Sumit Garg
  2019-09-11  9:27       ` Jarkko Sakkinen
  2 siblings, 2 replies; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-10 11:43 UTC (permalink / raw)
  To: Sumit Garg; +Cc: Mimi Zohar, linux-integrity, jejb, dhowells

On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> @Jarkko: No worries, I understand the situation.

I made the call to add them anyway to my TPM tree.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-10 11:43     ` Jarkko Sakkinen
@ 2019-09-10 12:32       ` Sumit Garg
  2019-09-11  9:27       ` Jarkko Sakkinen
  1 sibling, 0 replies; 20+ messages in thread
From: Sumit Garg @ 2019-09-10 12:32 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Mimi Zohar, linux-integrity, jejb, dhowells

On Tue, 10 Sep 2019 at 17:13, Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > @Jarkko: No worries, I understand the situation.
>
> I made the call to add them anyway to my TPM tree.

Thanks.

-Sumit

>
> /Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09 16:52   ` Jarkko Sakkinen
  2019-09-09 17:24     ` Mimi Zohar
@ 2019-09-10 14:21     ` Jarkko Sakkinen
  1 sibling, 0 replies; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-10 14:21 UTC (permalink / raw)
  To: Mimi Zohar, dhowells; +Cc: linux-integrity, jejb, sumit.garg

On Mon, Sep 09, 2019 at 05:52:00PM +0100, Jarkko Sakkinen wrote:
> On Sun, Sep 08, 2019 at 10:20:31AM -0400, Mimi Zohar wrote:
> > Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> > based keys.  Now would be a good time to set up at least a separate
> > branch or GIT repo.
> 
> I created a tree for trusted keys:
> 
> http://git.infradead.org/users/jjs/linux-trusted-keys.git
> 
> The remaining issue before I send a patch to update MAINTAINERS is whether
> the flow goes through David to Linus or directly to Linus.

I use my tpmdd tree for trusted-keys changes too. For me managing two
trees is only adds to work and probably does not add that much value to
anyone else. The only glitch is the tree's name...

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-10 11:43     ` Jarkko Sakkinen
  2019-09-10 12:32       ` Sumit Garg
@ 2019-09-11  9:27       ` Jarkko Sakkinen
  2019-09-11  9:29         ` Jarkko Sakkinen
  1 sibling, 1 reply; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-11  9:27 UTC (permalink / raw)
  To: Sumit Garg, jejb; +Cc: Mimi Zohar, linux-integrity, dhowells

On Tue, Sep 10, 2019 at 12:43:36PM +0100, Jarkko Sakkinen wrote:
> On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > @Jarkko: No worries, I understand the situation.
> 
> I made the call to add them anyway to my TPM tree.

Also,

Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

I think I give a shot of doing one more PR to 5.4 because that would
help both your and James' work because this is the kind of intersection
point betwen them.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-11  9:27       ` Jarkko Sakkinen
@ 2019-09-11  9:29         ` Jarkko Sakkinen
  2019-09-11  9:36           ` Jarkko Sakkinen
  0 siblings, 1 reply; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-11  9:29 UTC (permalink / raw)
  To: Sumit Garg, jejb; +Cc: Mimi Zohar, linux-integrity, dhowells

On Wed, Sep 11, 2019 at 10:27:08AM +0100, Jarkko Sakkinen wrote:
> On Tue, Sep 10, 2019 at 12:43:36PM +0100, Jarkko Sakkinen wrote:
> > On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > > @Jarkko: No worries, I understand the situation.
> > 
> > I made the call to add them anyway to my TPM tree.
> 
> Also,
> 
> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> 
> I think I give a shot of doing one more PR to 5.4 because that would
> help both your and James' work because this is the kind of intersection
> point betwen them.

Polished short summaries a bit:

1. Start with capital letter.
2. s/tpm2/TPM2/g

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-11  9:29         ` Jarkko Sakkinen
@ 2019-09-11  9:36           ` Jarkko Sakkinen
  2019-09-11  9:58             ` Sumit Garg
  0 siblings, 1 reply; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-11  9:36 UTC (permalink / raw)
  To: Sumit Garg, jejb; +Cc: Mimi Zohar, linux-integrity, dhowells

On Wed, Sep 11, 2019 at 10:29:26AM +0100, Jarkko Sakkinen wrote:
> On Wed, Sep 11, 2019 at 10:27:08AM +0100, Jarkko Sakkinen wrote:
> > On Tue, Sep 10, 2019 at 12:43:36PM +0100, Jarkko Sakkinen wrote:
> > > On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > > > @Jarkko: No worries, I understand the situation.
> > > 
> > > I made the call to add them anyway to my TPM tree.
> > 
> > Also,
> > 
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > 
> > I think I give a shot of doing one more PR to 5.4 because that would
> > help both your and James' work because this is the kind of intersection
> > point betwen them.
> 
> Polished short summaries a bit:
> 
> 1. Start with capital letter.
> 2. s/tpm2/TPM2/g

Now also in my next branch. I wait for 24h or so and if no alarms are
rised I'll send a PR. The code changes for the most part mechanically
move stuff, which makes me confident that I can still do a PR with
these changes.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-11  9:36           ` Jarkko Sakkinen
@ 2019-09-11  9:58             ` Sumit Garg
  2019-09-11 11:28               ` Sumit Garg
  0 siblings, 1 reply; 20+ messages in thread
From: Sumit Garg @ 2019-09-11  9:58 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: jejb, Mimi Zohar, linux-integrity, dhowells

On Wed, 11 Sep 2019 at 15:06, Jarkko Sakkinen
<jarkko.sakkinen@linux.intel.com> wrote:
>
> On Wed, Sep 11, 2019 at 10:29:26AM +0100, Jarkko Sakkinen wrote:
> > On Wed, Sep 11, 2019 at 10:27:08AM +0100, Jarkko Sakkinen wrote:
> > > On Tue, Sep 10, 2019 at 12:43:36PM +0100, Jarkko Sakkinen wrote:
> > > > On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > > > > @Jarkko: No worries, I understand the situation.
> > > >
> > > > I made the call to add them anyway to my TPM tree.
> > >
> > > Also,
> > >
> > > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > >
> > > I think I give a shot of doing one more PR to 5.4 because that would
> > > help both your and James' work because this is the kind of intersection
> > > point betwen them.
> >
> > Polished short summaries a bit:
> >
> > 1. Start with capital letter.
> > 2. s/tpm2/TPM2/g
>
> Now also in my next branch. I wait for 24h or so and if no alarms are
> rised I'll send a PR. The code changes for the most part mechanically
> move stuff, which makes me confident that I can still do a PR with
> these changes.

Did you notice an issue reported by kbuild test robot? It looks like
asymmetric keys based on TPM also relied on old tpm_buf method. So we
need to transition them also to use new tpm_buf method. I can work on
corresponding changes required but need your help to test it.

-Sumit

>
> /Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-11  9:58             ` Sumit Garg
@ 2019-09-11 11:28               ` Sumit Garg
  0 siblings, 0 replies; 20+ messages in thread
From: Sumit Garg @ 2019-09-11 11:28 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: jejb, Mimi Zohar, linux-integrity, dhowells

On Wed, 11 Sep 2019 at 15:28, Sumit Garg <sumit.garg@linaro.org> wrote:
>
> On Wed, 11 Sep 2019 at 15:06, Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
> >
> > On Wed, Sep 11, 2019 at 10:29:26AM +0100, Jarkko Sakkinen wrote:
> > > On Wed, Sep 11, 2019 at 10:27:08AM +0100, Jarkko Sakkinen wrote:
> > > > On Tue, Sep 10, 2019 at 12:43:36PM +0100, Jarkko Sakkinen wrote:
> > > > > On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > > > > > @Jarkko: No worries, I understand the situation.
> > > > >
> > > > > I made the call to add them anyway to my TPM tree.
> > > >
> > > > Also,
> > > >
> > > > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > >
> > > > I think I give a shot of doing one more PR to 5.4 because that would
> > > > help both your and James' work because this is the kind of intersection
> > > > point betwen them.
> > >
> > > Polished short summaries a bit:
> > >
> > > 1. Start with capital letter.
> > > 2. s/tpm2/TPM2/g
> >
> > Now also in my next branch. I wait for 24h or so and if no alarms are
> > rised I'll send a PR. The code changes for the most part mechanically
> > move stuff, which makes me confident that I can still do a PR with
> > these changes.
>
> Did you notice an issue reported by kbuild test robot? It looks like
> asymmetric keys based on TPM also relied on old tpm_buf method. So we
> need to transition them also to use new tpm_buf method. I can work on
> corresponding changes required but need your help to test it.
>

Patch: https://lkml.org/lkml/2019/9/11/312 to transition TPM
asymmetric keys code.

-Sumit

>
> >
> > /Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-09 17:24     ` Mimi Zohar
@ 2019-09-13 13:32       ` Jarkko Sakkinen
  2019-09-15 20:53         ` Mimi Zohar
  0 siblings, 1 reply; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-13 13:32 UTC (permalink / raw)
  To: Mimi Zohar; +Cc: dhowells, linux-integrity, jejb, sumit.garg

On Mon, Sep 09, 2019 at 01:24:58PM -0400, Mimi Zohar wrote:
> On Mon, 2019-09-09 at 17:52 +0100, Jarkko Sakkinen wrote:
> > On Sun, Sep 08, 2019 at 10:20:31AM -0400, Mimi Zohar wrote:
> > > Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> > > based keys.  Now would be a good time to set up at least a separate
> > > branch or GIT repo.
> > 
> > I created a tree for trusted keys:
> > 
> > http://git.infradead.org/users/jjs/linux-trusted-keys.git
> > 
> > The remaining issue before I send a patch to update MAINTAINERS is whether
> > the flow goes through David to Linus or directly to Linus.
> 
> David?

I think using tpmdd tree makes sense because there is so much
correlation.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-10  5:13       ` Sumit Garg
@ 2019-09-13 13:34         ` Jarkko Sakkinen
  0 siblings, 0 replies; 20+ messages in thread
From: Jarkko Sakkinen @ 2019-09-13 13:34 UTC (permalink / raw)
  To: Sumit Garg; +Cc: Mimi Zohar, linux-integrity, jejb, dhowells

On Tue, Sep 10, 2019 at 10:43:27AM +0530, Sumit Garg wrote:
> On Mon, 9 Sep 2019 at 22:06, Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
> >
> > On Mon, Sep 09, 2019 at 11:57:45AM +0530, Sumit Garg wrote:
> > > For Trusted Execution Environment (TEE) as a new "trust" method, I
> > > have tried to document it here [1]. Please share your thoughts on this
> > > patch [1] in case I missed something. I would be happy to incorporate
> > > your feedback. Also, can you elaborate on "comparison to the TPM",
> > > what specifics parameters are you looking for documentation?
> >
> > I think the right order is actually:
> >
> > 1. Set up the GIT tree.
> > 2. Merge your TEE patches (when they pass the review phase).
> > 3. Come up with the documentation.
> 
> Sounds good to me.

Come to 2nd thoughts. As long as the master has your changes, James
should be fine and James' changes also work as a test bed for your
changes. Decided to postpone.

/Jarkko

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: KEYS-TRUSTED git
  2019-09-13 13:32       ` Jarkko Sakkinen
@ 2019-09-15 20:53         ` Mimi Zohar
  0 siblings, 0 replies; 20+ messages in thread
From: Mimi Zohar @ 2019-09-15 20:53 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: dhowells, linux-integrity, jejb, sumit.garg

On Fri, 2019-09-13 at 14:32 +0100, Jarkko Sakkinen wrote:
> On Mon, Sep 09, 2019 at 01:24:58PM -0400, Mimi Zohar wrote:
> > On Mon, 2019-09-09 at 17:52 +0100, Jarkko Sakkinen wrote:
> > > On Sun, Sep 08, 2019 at 10:20:31AM -0400, Mimi Zohar wrote:
> > > > Thanks, Jarkko.  Agreed, trusted keys is becoming more than just TPM
> > > > based keys.  Now would be a good time to set up at least a separate
> > > > branch or GIT repo.
> > > 
> > > I created a tree for trusted keys:
> > > 
> > > http://git.infradead.org/users/jjs/linux-trusted-keys.git
> > > 
> > > The remaining issue before I send a patch to update MAINTAINERS is whether
> > > the flow goes through David to Linus or directly to Linus.
> > 
> > David?
> 
> I think using tpmdd tree makes sense because there is so much
> correlation.

Yes, agreed.

Mimi


^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, back to index

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-08  0:10 KEYS-TRUSTED git Jarkko Sakkinen
2019-09-08 14:20 ` Mimi Zohar
2019-09-09  6:27   ` Sumit Garg
2019-09-09 10:40     ` Mimi Zohar
2019-09-09 16:36     ` Jarkko Sakkinen
2019-09-10  5:13       ` Sumit Garg
2019-09-13 13:34         ` Jarkko Sakkinen
2019-09-10 11:43     ` Jarkko Sakkinen
2019-09-10 12:32       ` Sumit Garg
2019-09-11  9:27       ` Jarkko Sakkinen
2019-09-11  9:29         ` Jarkko Sakkinen
2019-09-11  9:36           ` Jarkko Sakkinen
2019-09-11  9:58             ` Sumit Garg
2019-09-11 11:28               ` Sumit Garg
2019-09-09 16:33   ` Jarkko Sakkinen
2019-09-09 16:52   ` Jarkko Sakkinen
2019-09-09 17:24     ` Mimi Zohar
2019-09-13 13:32       ` Jarkko Sakkinen
2019-09-15 20:53         ` Mimi Zohar
2019-09-10 14:21     ` Jarkko Sakkinen

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox