On Wed, Aug 24, 2022 at 4:56 AM Ben Boeckel [off-list ref] wrote:

On Tue, Aug 23, 2022 at 15:25:20 -0700, Evan Green wrote:

quoted

diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
index 0bfb4c33974890..dc9e11bb4824da 100644
--- a/Documentation/security/keys/trusted-encrypted.rst
+++ b/Documentation/security/keys/trusted-encrypted.rst

@@ -199,6 +199,10 @@ Usage::
        policyhandle= handle to an authorization policy session that defines the
                      same policy and with the same hash algorithm as was used to
                      seal the key.
+       creationpcrs= hex integer representing the set of PCR values to be
+                     included in the PCR creation data. The bit corresponding
+                  to each PCR should be 1 to be included, 0 to be ignored.
+                  TPM2 only.

There's inconsistent whitespace here. Given the context, I suspect the
tabs should be expanded to spaces.

As for the docs themselves, this might preferrably mention how large
this is supposed to be. It seems to be limited to 32bits by the code.
What happens if fewer are provided? More? Will there always be at most
32 PCR values? Also, how are the bits interpreted? I presume bit 0 is
for PCR value 0?

Makes sense, I'll pin down the specification a bit better here and fix
up the spacing.

Thanks for including docs.

Thanks for looking at them!

-Evan