Hi James, <snip> > diff --git a/security/keys/trusted-keys/tpm2key.asn1 > b/security/keys/trusted-keys/tpm2key.asn1 > new file mode 100644 > index 000000000000..f930fd812db3 > --- /dev/null > +++ b/security/keys/trusted-keys/tpm2key.asn1 > @@ -0,0 +1,23 @@ > +--- > +--- Note: This isn't quite the definition in the standard > +--- However, the Linux asn.1 parser doesn't understand > +--- [2] EXPLICIT SEQUENCE OF OPTIONAL > +--- So there's an extra intermediate TPMPolicySequence > +--- definition to work around this > + > +TPMKey ::= SEQUENCE { > + type OBJECT IDENTIFIER ({tpmkey_type}), > + emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL, > + policy [1] EXPLICIT TPMPolicySequence OPTIONAL, > + secret [2] EXPLICIT OCTET STRING OPTIONAL, > + parent INTEGER ({tpmkey_parent}), > + pubkey OCTET STRING ({tpmkey_pub}), > + privkey OCTET STRING ({tpmkey_priv}) > + } > + > +TPMPolicySequence ::= SEQUENCE OF TPMPolicy > + > +TPMPolicy ::= SEQUENCE { > + commandCode [0] EXPLICIT INTEGER ({tpmkey_code}), > + commandPolicy [1] EXPLICIT OCTET STRING > ({tpmkey_policy}) > + } I have been using your set of patches in order to get this ASN.1 parser/definition. I am implementing an asymmetric key parser/type TPM2 keys for enc/dec/sign/verify using keyctl. Note that this implementation goes in crypto/asymmetric_keys/, and your patches sit in security/keys/trusted-keys/. Currently I am just including "../../security/keys/trusted- keys/{tpm2key.asn1.h,tpm2-policy.h}" in order to use the ASN.1 parser to verify my keys, but this obviously isn't going to fly. Do you (or anyone) have any ideas as to how both trusted keys and asymmetric keys could share this ASN.1 parser/definition? Some common area that both security and crypto could include? Or maybe there is some common way the kernel does things like this? Thanks, James