Re: RFC: 'ioctl' for keyrings

From: David Howells
Date: Fri Mar 14 2014 - 13:14:51 EST


Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:

> > As I understand the code, I think operations being performed from ->update()
> > are:
> >
> > (a) Resealing a key with a new pcrs (trusted).
> >
> > (b) Changing the master key (encrypted).
> >
> > Mimi, Dmitry: is this list right?
>
> In addition to resealing trusted keys to a new TPM PCR value, there are
> a few other options that can be modified (eg. keyauth, blobauth,
> pcrlock). Encrypted keys can be encrypted/decrypted with a new master
> key (trusted or user key type).

Can (re)sealing a key be viewed as encrypting it? Is the difference between
sealing a key and encrypting a key the use of hardware support?

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/