git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
	Sat, 31 Oct 2015 15:53:44 +0000 (17:53 +0200)
committer	Tim Gardner <tim.gardner@canonical.com>
	Mon, 29 Feb 2016 15:58:06 +0000 (08:58 -0700)
commit	4183ba6497e19efbcd4e02c98273651a78a3fc45
tree	b15e78de4ed5ac203804333d2268770451ade226	tree
parent	15004a55f833851d4b70c042de67e36e493ac428	commit \| diff

keys, trusted: seal with a TPM2 authorization policy

BugLink: http://bugs.launchpad.net/bugs/1398274
TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.

Two following new options have been added for trusted keys:

* 'policydigest=': provide an auth policy digest for sealing.
* 'policyhandle=': provide a policy session handle for unsealing.

If 'hash=' option is supplied after 'policydigest=' option, this
will result an error because the state of the option would become
mixed.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Peter Huewe <peterhuewe@gmx.de>
(cherry picked from commit 5beb0c435bdde35a09376566b0e28f7df87c9f68)
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

Documentation/security/keys-trusted-encrypted.txt		diff \| blob \| blame \| history
drivers/char/tpm/tpm2-cmd.c		diff \| blob \| blame \| history
include/keys/trusted-type.h		diff \| blob \| blame \| history
security/keys/trusted.c		diff \| blob \| blame \| history