[PATCH v2] KEYS: trusted: Use ASN.1 encoded OID

David Howells dhowells at redhat.com
Thu May 23 13:36:29 UTC 2024


Jarkko Sakkinen <jarkko at kernel.org> wrote:

> There's no reason to encode OID_TPMSealedData at run-time, as it never
> changes.
> 
> Replace it with the encoded version, which has exactly the same size:
> 
> 	67 81 05 0A 01 05
> 
> Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> the OID can be simply copied to the blob.

This seems reasonable.  We have a limited set of OIDs we can generate
(currently 1).  Better to store the BER-encoded form and copy that in rather
than trying to turn a pretty-printed OID into the BER encoding unless we
absolutely have to.

David




More information about the Linux-security-module-archive mailing list