From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2253AC00140 for ; Wed, 24 Aug 2022 17:40:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240238AbiHXRkH (ORCPT ); Wed, 24 Aug 2022 13:40:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240251AbiHXRkF (ORCPT ); Wed, 24 Aug 2022 13:40:05 -0400 Received: from mail-oa1-x31.google.com (mail-oa1-x31.google.com [IPv6:2001:4860:4864:20::31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A68F661D65 for ; Wed, 24 Aug 2022 10:40:03 -0700 (PDT) Received: by mail-oa1-x31.google.com with SMTP id 586e51a60fabf-11c5ee9bf43so21729123fac.5 for ; Wed, 24 Aug 2022 10:40:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=iUc7iTn6xTAH7nh/o6yxXHdfKGNX4Z/5Jv6PbbsrmvE=; b=RlaeiBa5eL8zu0NgF7ARiV93OK31F7GkkyowxpdoTtVaIt6Yd6AwdmZeT4UhqxTOir TaQbTq0RY8Y6y+tGLDAhuRgnPvpdkEIOG/XPkwF4v5NCae8dReQI9E0ZTHaROIT2w45q f9sqGu0D99xgh/NvOUXrlPA/eOIMcCfk0srM0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=iUc7iTn6xTAH7nh/o6yxXHdfKGNX4Z/5Jv6PbbsrmvE=; b=DMaTShNVGr/WE/Am56rv1ju0D6MMKLarORzmGLVjsu6a0tMqsCNHKmavRN5dAw4sjR ybBEHtPcbbvQrgxHz0cEkXfNULHMev50guTq+6JAqfcD9r8BrulwKPzU3d5dDU5qCRsr 354XDCW8QXAMVv8o4byX2VJ5SGsJz5Ir5l0/uKzloQKsWKfDAo8LtJT0D9HilcjHKL0K HkzW9NzpWGHLGFJoirQUGDnrCjzOoIFHWAj4fJ6fSyP4/UdG+62GTXFvjQkQ/f3FQjn8 MmyPvHeoD0mK1A3cKGT5lSWT3VtPcL0cNc9iUV2zZGHuyMgyAJ6FKkmVedprKQyvbG6k AKUg== X-Gm-Message-State: ACgBeo3RGFgItmG3llHsejIWnUR8uX+EoHAr8Jb8+Yj+jXc+2o3pnJLR Phdczsc/iGgYMF7PGBeZNPhFCOpPrWsOMQ== X-Google-Smtp-Source: AA6agR4eUW1C2fcZEiD3L90RL4XIYJ0dgfSuzuhlPXmUOiV8n5tg90rmr5IjskLT36RGAdVuZxJehQ== X-Received: by 2002:a05:6870:8202:b0:11d:2ab8:15ba with SMTP id n2-20020a056870820200b0011d2ab815bamr3952355oae.66.1661362802714; Wed, 24 Aug 2022 10:40:02 -0700 (PDT) Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com. [209.85.160.54]) by smtp.gmail.com with ESMTPSA id p10-20020acabf0a000000b00344afa2b08bsm4180658oif.26.2022.08.24.10.40.02 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Aug 2022 10:40:02 -0700 (PDT) Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-11c59785966so21723702fac.11 for ; Wed, 24 Aug 2022 10:40:02 -0700 (PDT) X-Received: by 2002:a05:6808:3096:b0:342:ff93:4672 with SMTP id bl22-20020a056808309600b00342ff934672mr120785oib.174.1661362486729; Wed, 24 Aug 2022 10:34:46 -0700 (PDT) MIME-Version: 1.0 References: <20220823222526.1524851-1-evgreen@chromium.org> <20220823152108.v2.4.I32591db064b6cdc91850d777f363c9d05c985b39@changeid> In-Reply-To: From: Evan Green Date: Wed, 24 Aug 2022 10:34:10 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR values in creation data To: list.lkml.keyrings@me.benboeckel.net Cc: LKML , Gwendal Grignou , Eric Biggers , Matthew Garrett , Jarkko Sakkinen , zohar@linux.ibm.com, linux-integrity@vger.kernel.org, Pavel Machek , apronin@chromium.org, Daniil Lunev , "Rafael J. Wysocki" , Linux PM , Jonathan Corbet , "James E.J. Bottomley" , Matthew Garrett , Matthew Garrett , David Howells , James Morris , Paul Moore , "Serge E. Hallyn" , keyrings@vger.kernel.org, "open list:DOCUMENTATION" , linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Wed, Aug 24, 2022 at 4:56 AM Ben Boeckel wrote: > > On Tue, Aug 23, 2022 at 15:25:20 -0700, Evan Green wrote: > > diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst > > index 0bfb4c33974890..dc9e11bb4824da 100644 > > --- a/Documentation/security/keys/trusted-encrypted.rst > > +++ b/Documentation/security/keys/trusted-encrypted.rst > > @@ -199,6 +199,10 @@ Usage:: > > policyhandle= handle to an authorization policy session that defines the > > same policy and with the same hash algorithm as was used to > > seal the key. > > + creationpcrs= hex integer representing the set of PCR values to be > > + included in the PCR creation data. The bit corresponding > > + to each PCR should be 1 to be included, 0 to be ignored. > > + TPM2 only. > > There's inconsistent whitespace here. Given the context, I suspect the > tabs should be expanded to spaces. > > As for the docs themselves, this might preferrably mention how large > this is supposed to be. It seems to be limited to 32bits by the code. > What happens if fewer are provided? More? Will there always be at most > 32 PCR values? Also, how are the bits interpreted? I presume bit 0 is > for PCR value 0? Makes sense, I'll pin down the specification a bit better here and fix up the spacing. > > Thanks for including docs. Thanks for looking at them! -Evan