On Tue, 31 Jan 2017, Jarkko Sakkinen wrote: > James, > > The discussion is about two features: > > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks > instead of just SHA-1 banks. It is recommended by TCG to do so in > order to prevent malicious use of PCRs. > 2. TPM 2.0 event log with backend support for OF device tree (for > getting address where you can grab it). > > These are required as baseline to implement full TPM 2.0 support for > IMA. The commits are fairly well baked and went through many iterations. > I've tested tpm_pcr_extend() patches. I haven't tested event log patches > but have extensively reviewed them and Ken Goldman has tested them with > POWER hardware. > > I don't believe that there is major risk to put them already into 4.11 > but it is fairly late so I just want a second opinion before putting > them into pull request. >
I'll take this for 4.11. IMA + TPM 2.0 is still developmental and not in wide use, afaik. -- James Morris <[email protected]> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
