Re: One question about trusted key of keyring in Linux kernel.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2019-12-04 at 03:01 +0000, Zhao, Shirley wrote:
> Hi, James, 
> 
> Using policy digest to reload trusted key, doesn't work, either. 
> Please check the steps below. 
> I think policy digest should be calculated by TPM when verifying the
> policy to reload key. 

You misunderstand my meaning: the API we have now doesn't work; the key
blob the kernel returns currently after key create won't reload because
it contains extraneous data.  I was proposing a working API I thought
might replace it, but obviously it has to be coded up and accepted into
a kernel version before you can use it.

If you want to get trusted keys working today, I think the TPM 1.2 API
still works if you have a TPM 1.2 system.

James




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux