On 12.11.2010, 08:34 Huang Ying wrote:
On Fri, 2010-11-12 at 15:30 +0800, Mathias Krause wrote:
>> On 12.11.2010, 01:33 Huang Ying wrote:
>>> Why the improvement of ECB is so small? I can not understand it. It
>>> should be as big as CBC.
>>
>> I don't know why the ECB variant is so slow compared
David Safford wrote:
> David, does this look ok to you? If so, I will do two patches, one to
> fix the helper name throughout the existing tpm.c, and then a new
> version of the tpm_send patch which uses the new name.
I prefer my suggestion: Wrapping the module_put() up so that you don't see it
On Fri, 2010-11-12 at 19:24 -0200, Rajiv Andrade wrote:
>
> Hi Dave,
>
> On 11/12/2010 12:48 PM, David Safford wrote:
>
> > On Fri, 2010-11-12 at 14:11 +, David Howells wrote:
> >> Mimi Zohar wrote:
> >>
> > + module_put(chip->dev->driver->owner);
> Where's the corresponding
Hi Dave,
On 11/12/2010 12:48 PM, David Safford wrote:
On Fri, 2010-11-12 at 14:11 +, David Howells wrote:
Mimi Zohar wrote:
+ module_put(chip->dev->driver->owner);
Where's the corresponding module_get()? I suspect this should be wrapped to
match tpm_chip_find_get().
David
Th
Mimi Zohar wrote:
> > Why do you allow the master key to be supplied by a user-defined key rather
> > than requiring a trusted-key unconditionally?
>
> This is for systems without a TPM. The logic needs to exist, whether it
> is here or in EVM. By doing it here, a user could provide a passphras
On Fri, 2010-11-12 at 19:45 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > Defines a new kernel key-type called 'encrypted'. Encrypted keys are
>
> Many of the comments I made against patch #3 also apply here. Use 'Define'
> rather than 'Defines' here for example.
Was expecting your com
Mimi Zohar wrote:
> Defines a new kernel key-type called 'encrypted'. Encrypted keys are
Many of the comments I made against patch #3 also apply here. Use 'Define'
rather than 'Defines' here for example.
> index 000..e2312e0
> --- /dev/null
> +++ b/include/keys/encrypted-type.h
> @@ -0,0 +
> >
> adding a consistent random value to a your void * pointers sounds like a fine
> solution to the problem, then. As long as you use the same random value for
> the
> lifetime of the system, that will give you consistent values. And you have to
> use the same random input consistently to ha
On Fri, Nov 12, 2010 at 12:39:41PM -0500, Dan Rosenberg wrote:
> Thanks for your response.
>
> > >
> > Just use get_random_bytes, or initalize an instance of cprng with
> > get_random_bytes.
> >
>
> Will do.
>
> >
> > Depends on your goal, if you just wnat to hide the pointers, why not just
David Safford wrote:
> > > +#define TPM_DEBUG 0
> >
> > The TPM_DEBUG stuff should probably be in the directory with the sources,
> > not in a directory for others to include.
>
> Maybe some confusion here - trusted_defined.h is in the sources - only
> trusted-type.h is public in include/keys/.
On Fri, 2010-11-12 at 16:52 +, David Howells wrote:
> Mimi Zohar wrote:
Again, thanks for the detailed review!
Willdo on all suggestions with a couple of comments/questions:
> > +#define TPM_MAX_BUF_SIZE 512
> > +#define TPM_TAG_RQU_COMMAND193
> > +#define TPM_TAG_R
Thanks for your response.
> >
> Just use get_random_bytes, or initalize an instance of cprng with
> get_random_bytes.
>
Will do.
>
> Depends on your goal, if you just wnat to hide the pointers, why not just
> print
> NULL instead of the value? If you want to maintain some level of uniquenes
On Fri, Nov 12, 2010 at 08:32:01AM -0500, Dan Rosenberg wrote:
> Hi Crypto people,
>
> I'm planning on submitting a patch that introduces a new %p format
> specifier that obfuscates kernel pointers depending on privileges. This
> change is for security reasons - many networking protocols expose
>
Mimi Zohar wrote:
> +enum {
> + Opt_err = -1,
> + Opt_new = 1, Opt_load, Opt_update,
> + Opt_keyhandle, Opt_keyauth, Opt_blobauth,
> + Opt_pcrinfo, Opt_pcrlock, Opt_migratable
> +};
The compiler can generate slightly more efficient code if you don't skip 0 in
your enum.
> +stati
On Fri, 2010-11-12 at 14:11 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > > > + module_put(chip->dev->driver->owner);
> > >
> > > Where's the corresponding module_get()? I suspect this should be wrapped
> > > to
> > > match tpm_chip_find_get().
> > >
> > > David
> >
> > The mod
Mimi Zohar wrote:
> > > + module_put(chip->dev->driver->owner);
> >
> > Where's the corresponding module_get()? I suspect this should be wrapped to
> > match tpm_chip_find_get().
> >
> > David
>
> The module_get() is in tpm_chip_find_get(), which is just a helper.
> (It's used this way throug
Hi Crypto people,
I'm planning on submitting a patch that introduces a new %p format
specifier that obfuscates kernel pointers depending on privileges. This
change is for security reasons - many networking protocols expose
pointers to socket structures in their /proc interfaces, which are
attract
On Thu, 2010-11-11 at 21:57 +, David Howells wrote:
> Mimi Zohar wrote:
Thanks for the helpful comments - much appreciated.
Willdo on all of them - just one question on the last comment:
> > +/*
> > + * Have the TPM seal(encrypt) the trusted key, possibly based on
> > + * Platform Configurat
Well.. That was not the case before.
I made a new patch set.
I will send updates for SHA and AES soon after some more testing.
- Dmitry
On 12/11/10 02:05, ext Herbert Xu wrote:
> On Thu, Nov 11, 2010 at 08:11:21PM +0200, Dmitry Kasatkin wrote:
>
>> Hi,
>>
>> Yes. Our HW is capable of produci
19 matches
Mail list logo
