Home
last modified time | relevance | path

Searched hist:"5 beb0c435bdde35a09376566b0e28f7df87c9f68" (Results 1 – 2 of 2) sorted by relevance

/linux/include/keys/
H A Dtrusted-type.hdiff 5beb0c435bdde35a09376566b0e28f7df87c9f68 Sat Oct 31 16:53:44 CET 2015 Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> keys, trusted: seal with a TPM2 authorization policy

TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.

Two following new options have been added for trusted keys:

* 'policydigest=': provide an auth policy digest for sealing.
* 'policyhandle=': provide a policy session handle for unsealing.

If 'hash=' option is supplied after 'policydigest=' option, this
will result an error because the state of the option would become
mixed.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Peter Huewe <peterhuewe@gmx.de>
/linux/drivers/char/tpm/
H A Dtpm2-cmd.cdiff 5beb0c435bdde35a09376566b0e28f7df87c9f68 Sat Oct 31 16:53:44 CET 2015 Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> keys, trusted: seal with a TPM2 authorization policy

TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.

Two following new options have been added for trusted keys:

* 'policydigest=': provide an auth policy digest for sealing.
* 'policyhandle=': provide a policy session handle for unsealing.

If 'hash=' option is supplied after 'policydigest=' option, this
will result an error because the state of the option would become
mixed.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Peter Huewe <peterhuewe@gmx.de>