[PATCH v3 05/11] security: keys: trusted: Allow storage of PCR values in creation data
Ben Boeckel
me at benboeckel.net
Tue Sep 27 16:58:43 UTC 2022
On Tue, Sep 27, 2022 at 09:49:16 -0700, Evan Green wrote:
> From: Matthew Garrett <matthewgarrett at google.com>
>
> When TPMs generate keys, they can also generate some information
> describing the state of the PCRs at creation time. This data can then
> later be certified by the TPM, allowing verification of the PCR values.
> This allows us to determine the state of the system at the time a key
> was generated. Add an additional argument to the trusted key creation
> options, allowing the user to provide the set of PCRs that should have
> their values incorporated into the creation data.
>
> Link: https://lore.kernel.org/lkml/20210220013255.1083202-6-matthewgarrett@google.com/
> Signed-off-by: Matthew Garrett <mjg59 at google.com>
> Signed-off-by: Evan Green <evgreen at chromium.org>
> ---
Reviewed-by: Ben Boeckel <linux at me.benboeckel.net>
Thanks!
--Ben
More information about the Linux-security-module-archive
mailing list