On Tue, Sep 27, 2022 at 09:49:16 -0700, Evan Green wrote: > From: Matthew Garrett <matthewgarrett@xxxxxxxxxx> > > When TPMs generate keys, they can also generate some information > describing the state of the PCRs at creation time. This data can then > later be certified by the TPM, allowing verification of the PCR values. > This allows us to determine the state of the system at the time a key > was generated. Add an additional argument to the trusted key creation > options, allowing the user to provide the set of PCRs that should have > their values incorporated into the creation data. > > Link: https://lore.kernel.org/lkml/20210220013255.1083202-6-matthewgarrett@xxxxxxxxxx/ > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> > Signed-off-by: Evan Green <evgreen@xxxxxxxxxxxx> > --- Reviewed-by: Ben Boeckel <linux@xxxxxxxxxxxxxxxxx> Thanks! --Ben
