On Mon, 2022-11-14 at 13:00 -0500, James Bottomley wrote: > On Mon, 2022-11-14 at 09:43 -0800, Evan Green wrote: > > On Mon, Nov 14, 2022 at 8:56 AM James Bottomley > > <jejb@xxxxxxxxxxxxx> > > wrote: > [...] > > > Of course, since openssl_tpm2_engine is the complete reference > > > implementation that means I'll have to add the creation PCRs > > > implementation to it ... unless you'd like to do it? > > > > I am willing to help as I'm the one making the mess. How does it > > sequence along with your draft submission (before, after, > > simultaneous)? > > At the moment, just send patches. The openssl_tpm2_engine is > developed on a groups.io mailing list: > > https://groups.io/g/openssl-tpm2-engine/ > > You need an IETF specific tool (xml2rfc) to build the rfc from the > xml, but it's available in most distros as python3-xml2rfc. If you > don't want to learn the IETF XML I can help you code up the patch to > add that to the draft spec. Just as a heads up, the patch series implementing signed policy (and thus taking option [3]) is on the mailing list for review: https://groups.io/g/openssl-tpm2-engine/message/296 With apologies for the awful lack of threading in the groups.io interface. So you don't have to build the RFC yourself, I published the proposed update on my website: https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.txt If you want to use option [4] for the creation data, it's available. Regards, James
