On Fri, Dec 04, 2020 at 06:43:14AM +0200, Jarkko Sakkinen wrote: > On Sun, Nov 29, 2020 at 02:20:00PM -0800, James Bottomley wrote: > > We have a need in the TPM2 trusted keys to return the ASN.1 form of > > the TPM key blob so it can be operated on by tools outside of the > > kernel. The specific tools are the openssl_tpm2_engine, openconnect > > and the Intel tpm2-tss-engine. To do that, we have to be able to read > > and write the same binary key format the tools use. The current ASN.1 > > decoder does fine for reading, but we need pieces of an ASN.1 encoder > > to write the key blob in binary compatible form. > > > > For backwards compatibility, the trusted key reader code will still > > accept the two TPM2B quantities that it uses today, but the writer > > will only output the ASN.1 form. > > > > The current implementation only encodes the ASN.1 bits we actually need. > > > > Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> > > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > > Also: > > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> > > I've successfully used this multiple times already. Hmm... Does this need ack from anyone outside of TPM space? /Jarkko
