On Mon, Sep 21, 2020 at 07:28:04PM -0700, James Bottomley wrote: > Updated to fix compile problem identified by 0day > > General cover letter minus policy bit: > > This patch updates the trusted key code to export keys in the ASN.1 > format used by current TPM key tools (openssl_tpm2_engine and > openconnect). The current code will try to load keys containing > policy, but being unable to formulate the policy commands necessary to > load them, the unseal will always fail unless the policy is executed > in user space and a pre-formed policy session passed in. > > The key format is designed to be compatible with our two openssl > engine implementations as well as with the format used by openconnect. > I've added seal/unseal to my engine so I can use it for > interoperability testing and I'll later use this for sealed symmetric > keys via engine: > > https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/ > > James I started a kernel build for GLK NUC that I have. I'm hopeful that tpm2-scripts fix will sort out this patch set. Will report the results once I have them. I have a hunch that things will finally work out. Using my master branch without the trusted keys fixes that I did. /Jarkko