05 Jun, 2019

1 commit

• b886d83c5   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 ... Browse Code »

  Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license as published by
  the free software foundation version 2 of the license

  extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-only

  has been chosen to replace the boilerplate/reference in 315 file(s).

  Signed-off-by: Thomas Gleixner
  Reviewed-by: Allison Randal
  Reviewed-by: Armijn Hemel
  Cc: linux-spdx@vger.kernel.org
  Link: https://lkml.kernel.org/r/20190531190115.503150771@linutronix.de
  Signed-off-by: Greg Kroah-Hartman

  Thomas Gleixner

  2019-06-05 23:37:17 +0800  

10 Feb, 2016

1 commit

• f3c82ade7   tpm: fix checks for policy digest existence in tpm2_seal_trusted() ... Browse Code »

  In my original patch sealing with policy was done with dynamically
  allocated buffer that I changed later into an array so the checks in
  tpm2-cmd.c became invalid. This patch fixes the issue.

  Fixes: 5beb0c435bdd ("keys, trusted: seal with a TPM2 authorization policy")
  Reported-by: Dan Carpenter
  Signed-off-by: Jarkko Sakkinen
  Acked-by: Peter Huewe

  Jarkko Sakkinen

  2016-02-10 10:10:55 +0800  

20 Dec, 2015

2 commits

• 5beb0c435   keys, trusted: seal with a TPM2 authorization policy ... Browse Code »

  TPM2 supports authorization policies, which are essentially
  combinational logic statements repsenting the conditions where the data
  can be unsealed based on the TPM state. This patch enables to use
  authorization policies to seal trusted keys.

  Two following new options have been added for trusted keys:

  * 'policydigest=': provide an auth policy digest for sealing.
  * 'policyhandle=': provide a policy session handle for unsealing.

  If 'hash=' option is supplied after 'policydigest=' option, this
  will result an error because the state of the option would become
  mixed.

  Signed-off-by: Jarkko Sakkinen
  Tested-by: Colin Ian King
  Reviewed-by: Mimi Zohar
  Acked-by: Peter Huewe

  Jarkko Sakkinen

  2015-12-20 21:27:13 +0800  
• 5ca4c20cf   keys, trusted: select hash algorithm for TPM2 chips ... Browse Code »

  Added 'hash=' option for selecting the hash algorithm for add_key()
  syscall and documentation for it.

  Added entry for sm3-256 to the following tables in order to support
  TPM_ALG_SM3_256:

  * hash_algo_name
  * hash_digest_size

  Includes support for the following hash algorithms:

  * sha1
  * sha256
  * sha384
  * sha512
  * sm3-256

  Signed-off-by: Jarkko Sakkinen
  Tested-by: Colin Ian King
  Reviewed-by: James Morris
  Reviewed-by: Mimi Zohar
  Acked-by: Peter Huewe

  Jarkko Sakkinen

  2015-12-20 21:27:12 +0800  

19 Oct, 2015

2 commits

• 954650efb   tpm: seal/unseal for TPM 2.0 ... Browse Code »

  Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing
  trusted keys.

  This patch implements basic sealing and unsealing functionality for
  TPM 2.0:

  * Seal with a parent key using a 20 byte auth value.
  * Unseal with a parent key using a 20 byte auth value.

  Signed-off-by: Jarkko Sakkinen
  Signed-off-by: Peter Huewe

  Jarkko Sakkinen

  2015-10-19 07:01:21 +0800  
• fe351e8d4   keys, trusted: move struct trusted_key_options to trusted-type.h ... Browse Code »

  Moved struct trusted_key_options to trustes-type.h so that the fields
  can be accessed from drivers/char/tpm.

  Signed-off-by: Jarkko Sakkinen
  Signed-off-by: Peter Huewe

  Jarkko Sakkinen

  2015-10-19 07:01:21 +0800  

29 Nov, 2010

1 commit

• d00a1c72f   keys: add new trusted key-type ... Browse Code »

  Define a new kernel key-type called 'trusted'. Trusted keys are random
  number symmetric keys, generated and RSA-sealed by the TPM. The TPM
  only unseals the keys, if the boot PCRs and other criteria match.
  Userspace can only ever see encrypted blobs.

  Based on suggestions by Jason Gunthorpe, several new options have been
  added to support additional usages.

  The new options are:
  migratable= designates that the key may/may not ever be updated
  (resealed under a new key, new pcrinfo or new auth.)

  pcrlock=n extends the designated PCR 'n' with a random value,
  so that a key sealed to that PCR may not be unsealed
  again until after a reboot.

  keyhandle= specifies the sealing/unsealing key handle.

  keyauth= specifies the sealing/unsealing key auth.

  blobauth= specifies the sealed data auth.

  Implementation of a kernel reserved locality for trusted keys will be
  investigated for a possible future extension.

  Changelog:
  - Updated and added examples to Documentation/keys-trusted-encrypted.txt
  - Moved generic TPM constants to include/linux/tpm_command.h
  (David Howell's suggestion.)
  - trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure
  error handling, added const qualifiers where appropriate.
  - moved to late_initcall
  - updated from hash to shash (suggestion by David Howells)
  - reduced worst stack usage (tpm_seal) from 530 to 312 bytes
  - moved documentation to Documentation directory (suggestion by David Howells)
  - all the other code cleanups suggested by David Howells
  - Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)
  - New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on
  discussions with Jason Gunthorpe)
  - Free payload on failure to create key(reported/fixed by Roberto Sassu)
  - Updated Kconfig and other descriptions (based on Serge Hallyn's suggestion)
  - Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)

  Signed-off-by: David Safford
  Signed-off-by: Mimi Zohar
  Signed-off-by: James Morris

  Mimi Zohar

  2010-11-29 05:55:25 +0800