On Sun, Dec 02, 2018 at 10:10:36AM -0500, Mimi Zohar wrote: > Are you asking about coordinating staging the trusted key patches to > be upstreamed or about moving portions of the encrypted keys code out > of the keyring subsystem? > > I'm not sure there needs to be a separate encrypted-keys pull request. > Either they can be upstreamed via the TPM or the integrity subsystem > for now. Nothing that ought to be rushed. I'm speaking about this situation: 1. TPM 1.x trusted keys code is inside keyring subsystem. 2. TPM 2.0 trusted keys code is inside tpm subsystem. We are doing effort to make TPM subsystem more friendly to send custom commands outside (tpm_buf, my unnesting effort in progress, Tomas' clean ups for TPM 1.x code) so I'm more dilated to the 2nd option. /Jarkko
