Re: [PATCH v8 16/22] tpm2: Support authorized policy

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v8 16/22] tpm2: Support authorized policy

From:	James Bottomley
Subject:	Re: [PATCH v8 16/22] tpm2: Support authorized policy
Date:	Tue, 16 Jan 2024 10:39:45 -0500
User-agent:	Evolution 3.42.4

On Tue, 2024-01-16 at 17:20 +0800, Gary Lin via Grub-devel wrote:
[...]
> (*1) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
> (*2) https://github.com/okirch/pcr-oracle

Just a curiosity question, but have you tested the interoperability of
pcr-oracle keys?  It looks like you got the ASN header straight from
openssl_tpm2_engine, so it should all just work, but verifying that the
seal/unseal and sign_tpm2_policy commands from openssl_tpm2_engine:

https://build.opensuse.org/package/show/security:tls/openssl_tpm2_engine

can be used to create sealed keys for this code would nicely verify
that.

James

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v8 08/22] protectors: Add key protectors framework, (continued)
- [PATCH v8 09/22] tpm2: Add TPM Software Stack (TSS), Gary Lin, 2024/01/16
- [PATCH v8 11/22] cryptodisk: Support key protectors, Gary Lin, 2024/01/16
- [PATCH v8 10/22] protectors: Add TPM2 Key Protector, Gary Lin, 2024/01/16
- [PATCH v8 13/22] tpm2: Add TPM2 types, structures, and command constants, Gary Lin, 2024/01/16
- [PATCH v8 12/22] util/grub-protect: Add new tool, Gary Lin, 2024/01/16
- [PATCH v8 14/22] tpm2: Add more marshal/unmarshal functions, Gary Lin, 2024/01/16
- [PATCH v8 15/22] tpm2: Implement more TPM2 commands, Gary Lin, 2024/01/16
- [PATCH v8 16/22] tpm2: Support authorized policy, Gary Lin, 2024/01/16
  - Re: [PATCH v8 16/22] tpm2: Support authorized policy, James Bottomley <=
    - Re: [PATCH v8 16/22] tpm2: Support authorized policy, Gary Lin, 2024/01/17
- [PATCH v8 18/22] cryptodisk: Fallback to passphrase, Gary Lin, 2024/01/16
- [PATCH v8 17/22] protectors: Implement NV index, Gary Lin, 2024/01/16
- [PATCH v8 19/22] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/01/16
- [PATCH v8 20/22] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/01/16
- [PATCH v8 22/22] tests: Add tpm2_test, Gary Lin, 2024/01/16
- [PATCH v8 21/22] tpm2: Enable tpm2 module for grub-emu, Gary Lin, 2024/01/16

Prev by Date: Re: Strange failure during de_CH.po generation with make -j
Next by Date: Re: [PATCH v8 01/22] posix_wrap: tweaks in preparation for libtasn1
Previous by thread: [PATCH v8 16/22] tpm2: Support authorized policy
Next by thread: Re: [PATCH v8 16/22] tpm2: Support authorized policy
Index(es):
- Date
- Thread