[PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops
James Bottomley
James.Bottomley at HansenPartnership.com
Tue Sep 18 11:30:12 UTC 2018
On Tue, 2018-09-18 at 08:00 +0100, David Woodhouse wrote:
>
> On Sat, 2018-09-08 at 16:26 +0100, David Howells wrote:
> > Marcel Holtmann <marcel at holtmann.org> wrote:
> >
> > >
> > > so I have reviewed and tested this code. In addition, we have
> > > test cases for it in ELL (embedded linux library).
> >
> > I wonder if there's any practical way to add a test for this to the
> > keyutils test suite. I'm guessing it's quite tricky, given the
> > extra bits you need to emulate the TPM.
>
> Right, for a lot of userspace stuff we have the TPM emulator but for
> the kernel you might need to run in qemu, which I believe can emulate
> a TPM now (or at least, can talk to the TPM emulator, which has the
> same effect).
Actually, you don't necessarily. I use this patch:
https://marc.info/?l=tpmdd-devel&m=148392353230117
Which allows me to make a TCP connection to the software TPM running in
userspace without having to have the TPM components in qemu (or even to
run virtual). I used it to debug all the in-kernel resource manager
patches. It's TPM 2.0, but could easily be modified to work with 1.2
James
More information about the Linux-security-module-archive
mailing list