| Message ID | 1446134370-11460-5-git-send-email-jarkko.sakkinen@linux.intel.com |
|---|---|
| State | New |
| Headers | show |
On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote: > Documented 'hash=' option. No reason for a separate patch. Please squash this patch with the one that introduced the new option. Mimi > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > Documentation/security/keys-trusted-encrypted.txt | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt > index e105ae9..fd2565b 100644 > --- a/Documentation/security/keys-trusted-encrypted.txt > +++ b/Documentation/security/keys-trusted-encrypted.txt > @@ -38,6 +38,9 @@ Usage: > pcrlock= pcr number to be extended to "lock" blob > migratable= 0|1 indicating permission to reseal to new PCR values, > default 1 (resealing allowed) > + hash= hash algorithm name as a string. For TPM 1.x the only > + allowed value is sha1. For TPM 2.x the allowed values > + are sha1, sha256, sha384, sha512 and sm3-256. > > "keyctl print" returns an ascii hex copy of the sealed key, which is in standard > TPM_STORED_DATA format. The key length for new keys are always in bytes. ------------------------------------------------------------------------------
On Thu, Oct 29, 2015 at 03:26:02PM -0400, Mimi Zohar wrote: > On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote: > > Documented 'hash=' option. > > No reason for a separate patch. Please squash this patch with the one > that introduced the new option. Right. I'm going to do this and also swapping the order of patches (from "1. tpm 2. trusted" to "1. trusted 2. tpm") so that they can be tested separately (and thereby also moving change to trusted_key_option to "trusted" patch). > Mimi /Jarkko ------------------------------------------------------------------------------
diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt index e105ae9..fd2565b 100644 --- a/Documentation/security/keys-trusted-encrypted.txt +++ b/Documentation/security/keys-trusted-encrypted.txt @@ -38,6 +38,9 @@ Usage: pcrlock= pcr number to be extended to "lock" blob migratable= 0|1 indicating permission to reseal to new PCR values, default 1 (resealing allowed) + hash= hash algorithm name as a string. For TPM 1.x the only + allowed value is sha1. For TPM 2.x the allowed values + are sha1, sha256, sha384, sha512 and sm3-256. "keyctl print" returns an ascii hex copy of the sealed key, which is in standard TPM_STORED_DATA format. The key length for new keys are always in bytes.
Documented 'hash=' option. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- Documentation/security/keys-trusted-encrypted.txt | 3 +++ 1 file changed, 3 insertions(+)