On Fri, 2019-12-13 at 07:35 -0500, James Bottomley wrote: > On Fri, 2019-12-13 at 11:10 +0530, Sumit Garg wrote: [...] > > Also, I think we need "#else" part for this API as well. > > No, we shouldn't ... the #else part is only for functions which are > called when the TPM isn't compiled in. That should never happen with > tpm2_flush_context, so if it ever does we want the compile to break. Just on this bit, it looks like we've given insufficient thought to what it means to move TPM internals using code outside of the tpm directory. I think we really need two include/linux files, one tpm.h for external code that going to do stuff which it would do anyway even if a TPM weren't compiled in, like the PCR read and extend. The other tpm-internal.h for code that wants access to TPM internal functions like flushing and session handling and will take care itself of the case where the TPM isn't compiled in, like the trusted key code does through Kconfig dependencies. The test should be easy: if it was originally in drivers/char/tpm/tpm.h it belongs in include/linux/tpm- internals.h James
