On Mon, 2019-12-09 at 14:05 -0800, Matthew Garrett wrote: > On Sat, Dec 7, 2019 at 9:08 PM James Bottomley > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > We have a need in the TPM trusted keys to return the ASN.1 form of > > the TPM key blob so it can be operated on by tools outside of the > > kernel. To do that, we have to be able to read and write the key > > format. The current ASN.1 decoder does fine for reading, but we > > need pieces of an ASN.1 encoder to return the key blob. > > Is there a reason the kernel needs to do this encoding, rather than > having something in userland do the translation? Well, yes, we'd have to define a format to pass up first and then you'd always need an encoder programme to do it. Given it's fairly simple to encode the key format, doing it directly in ASN.1 ... especially as we already read ASN.1 keys, seems to be the best for the user. James