On Mon, 2019-12-09 at 22:20 +0200, Jarkko Sakkinen wrote: > On Sat, Dec 07, 2019 at 09:06:40PM -0800, James Bottomley wrote: > > The big problem with this patch is still that we can't yet combine > > policy with authorization because that requires proper session > > handling, but at least with this rewrite it becomes possible > > (whereas it was never possible with the old external policy session > > code). Thus, when we have the TPM 2.0 security patch upstream, > > we'll be able to use the session logic from that patch to imlement > > authorizations. > > This essentially means that this is an RFC, not something that can be > merged at this point before whatever you mean by proper has been > landed. No it doesn't. It just means we have a limitation in the keys that needs to be removed at a later time when we have the authentication mechanisms. Since there will simply be a feature added with no backward compat problems, it's not a merge blocker. James
