[PATCH 08/23] TPMLIB: Break TPM bits out of security/keys/trusted.c
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Fri Aug 24 08:49:30 UTC 2018
On Fri, Aug 24, 2018 at 10:52:27AM +0300, Jarkko Sakkinen wrote:
> On Tue, Aug 21, 2018 at 04:57:43PM +0100, David Howells wrote:
> > Break the TPM bits out of security/keys/trusted.c into their own call wrapper
> > library.
> >
> > Signed-off-by: David Howells <dhowells at redhat.com>
>
> I think the very first steps that we should take would be to make TPM
> subsystem to use struct tpm_buf internally for everything and convert
> tpm_send() to take tpm_buf instead of a raw buffer.
>
> For TPM 2.0 the subsystem already uses tpm_buf. I remember Tomas Winkler
> working on to do the same for TPM 1.x.
>
> After that it would make sense to convert TPM 1.x to use struct tpm_buf to
> construct commands.
>
> After all of this is done it is possible to evaluate these changes.
>
> BTW right now there is call wrapper interface provided by the TPM
> subsystem for TPM 2.0 trusted keys. Not sure if this has been the
> right design choice. TPM 1.x and TPM 2.0 trusted keys implementations
> live in different subsystems ATM, which at least somewhat wrong.
Tomas' patches are scattered here:
https://patchwork.kernel.org/patch/10261169/
I could rebase them and make a patch set out of them when I have time.
/Jarkko
More information about the Linux-security-module-archive
mailing list