[PATCH 08/23] TPMLIB: Break TPM bits out of security/keys/trusted.c
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Fri Aug 24 07:52:27 UTC 2018
On Tue, Aug 21, 2018 at 04:57:43PM +0100, David Howells wrote:
> Break the TPM bits out of security/keys/trusted.c into their own call wrapper
> library.
>
> Signed-off-by: David Howells <dhowells at redhat.com>
I think the very first steps that we should take would be to make TPM
subsystem to use struct tpm_buf internally for everything and convert
tpm_send() to take tpm_buf instead of a raw buffer.
For TPM 2.0 the subsystem already uses tpm_buf. I remember Tomas Winkler
working on to do the same for TPM 1.x.
After that it would make sense to convert TPM 1.x to use struct tpm_buf to
construct commands.
After all of this is done it is possible to evaluate these changes.
BTW right now there is call wrapper interface provided by the TPM
subsystem for TPM 2.0 trusted keys. Not sure if this has been the
right design choice. TPM 1.x and TPM 2.0 trusted keys implementations
live in different subsystems ATM, which at least somewhat wrong.
/Jarkko
More information about the Linux-security-module-archive
mailing list