Re: [PATCH v3 05/11] security: keys: trusted: Allow storage of PCR values in... | linux-security-module

Re: [PATCH v3 05/11] security: keys: trusted: Allow storage of PCR values in creation data

From: Ben Boeckel <hidden>
Date: 2022-09-27 16:58:23
Also in: keyrings, linux-doc, linux-integrity, linux-pm, lkml

On Tue, Sep 27, 2022 at 09:49:16 -0700, Evan Green wrote:

From: Matthew Garrett <redacted>

When TPMs generate keys, they can also generate some information
describing the state of the PCRs at creation time. This data can then
later be certified by the TPM, allowing verification of the PCR values.
This allows us to determine the state of the system at the time a key
was generated. Add an additional argument to the trusted key creation
options, allowing the user to provide the set of PCRs that should have
their values incorporated into the creation data.

Link: https://lore.kernel.org/lkml/20210220013255.1083202-6-matthewgarrett@google.com/ (local)
Signed-off-by: Matthew Garrett <redacted>
Signed-off-by: Evan Green <redacted>
---

Reviewed-by: Ben Boeckel <redacted>

Thanks!

--Ben

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help