[PATCH v4 05/11] security: keys: trusted: Allow storage of PCR values in creation data
Kees Cook
keescook at chromium.org
Fri Nov 4 18:34:31 UTC 2022
On Thu, Nov 03, 2022 at 11:01:13AM -0700, Evan Green wrote:
> From: Matthew Garrett <matthewgarrett at google.com>
>
> When TPMs generate keys, they can also generate some information
> describing the state of the PCRs at creation time. This data can then
> later be certified by the TPM, allowing verification of the PCR values.
> This allows us to determine the state of the system at the time a key
> was generated. Add an additional argument to the trusted key creation
> options, allowing the user to provide the set of PCRs that should have
> their values incorporated into the creation data.
>
> Link: https://lore.kernel.org/lkml/20210220013255.1083202-6-matthewgarrett@google.com/
> Signed-off-by: Matthew Garrett <mjg59 at google.com>
Reviewed-by: Kees Cook <keescook at chromium.org>
--
Kees Cook
More information about the Linux-security-module-archive
mailing list