On Thu, 15 Aug 2019 at 20:36, Mimi Zohar <zohar@xxxxxxxxxx> wrote: > > On Thu, 2019-08-15 at 18:33 +0530, Sumit Garg wrote: > > Hi Mimi, > > > > On Wed, 14 Aug 2019 at 18:54, Mimi Zohar <zohar@xxxxxxxxxx> wrote: > > > > > > Hi Sumit, > > > > > > On Tue, 2019-08-13 at 13:22 +0530, Sumit Garg wrote: > > > > This patch-set is an outcome of discussion here [1]. It has evolved very > > > > much since v1 to create, consolidate and generalize trusted keys > > > > subsystem. > > > > > > > > This framework has been tested with trusted keys support provided via TEE > > > > but I wasn't able to test it with a TPM device as I don't possess one. It > > > > would be really helpful if others could test this patch-set using a TPM > > > > device. > > > > > > With the "CONFIG_HEADER_TEST" and "CONFIG_KERNEL_HEADER_TEST" config > > > options enabled, which is required for linux-next, it fails to build. > > > > > > > TBH, I wasn't aware about this test feature for headers. > > It's new to me too. > > > It looks like > > the header which fails this test is "include/keys/trusted_tpm.h" which > > is basically a rename of "include/keys/trusted.h" plus changes in this > > patch-set. > > > > And "include/keys/trusted.h" header is already put under blacklist > > here: "include/Kbuild +68" as it fails to build. So its that rename > > due to which build failure is observed now. > > > > It seems to be an easy fix for this build failure via following changes: > > > > diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h > > index 7b593447920b..ca1bec0ef65d 100644 > > --- a/include/keys/trusted_tpm.h > > +++ b/include/keys/trusted_tpm.h > > @@ -2,6 +2,9 @@ > > #ifndef __TRUSTED_TPM_H > > #define __TRUSTED_TPM_H > > > > +#include <keys/trusted-type.h> > > +#include <linux/tpm_command.h> > > + > > /* implementation specific TPM constants */ > > #define MAX_BUF_SIZE 1024 > > #define TPM_GETRANDOM_SIZE 14 > > > > So I will include above changes in this patch-set and also remove > > "include/keys/trusted.h" header from the blacklist. > > That works, thanks. With this patch set, at least the EVM trusted key > is properly being decrypted by the encrypted key with both a TPM 1.2 > and PTT TPM 2.0. My laptop still boots properly. Over the weekend > I'll try to actually review the patches. > Thanks Mimi for testing this patch-set. -Sumit > Mimi
