On Wed, Mar 04, 2020 at 06:27:39PM -0800, James Bottomley wrote: > We have a need in the TPM2 trusted keys to return the ASN.1 form of > the TPM key blob so it can be operated on by tools outside of the > kernel. The specific tools are the openssl_tpm2_engine, openconnect > and the Intel tpm2-tss-engine. To do that, we have to be able to read > and write the same binary key format the tools use. The current ASN.1 > decoder does fine for reading, but we need pieces of an ASN.1 encoder > to write the key blob in binary compatible form. > > For backwards compatibility, the trusted key reader code will still > accept the two TPM2B quantities that it uses today, but the writer > will only output the ASN.1 form. > > The current implementation only encodes the ASN.1 bits we actually need. > > Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> For me this looks good (saw your other mail about spacing, no worries). Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> /Jarkko
