On 4/5/2017 3:43 PM, Jarkko Sakkinen wrote: > Which one is needed for IMA? I mean for in-kernel API you should not add > any extra flexibility. Please implement the patch set with the minimal > flexibility in mind. Just enough to get IMA uses cases done and explain > in the commit messages your rationale based on requirements of the IMA.
Currently IMA is using crypto IDs, but if a TPM algorithm is not supported by the crypto subsystem, its TPM ID could be used to perform the hash operation directly with the TPM. I was thinking to send to TPM users crypto IDs. However, tpm2_pcr_extend() accepts as input a tpm2_digest structure, which includes a TPM ID. To use crypto IDs, TPM users could provide concatenated digests in an array of unsigned chars. But then, tpm_pcr_extend() would have to extract each digest and place it in a tpm2_digest structure, before calling tpm2_pcr_extend(). Roberto ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
