Re: [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR values in creation data
From: Ben Boeckel
Date: Wed Aug 24 2022 - 07:56:57 EST
On Tue, Aug 23, 2022 at 15:25:20 -0700, Evan Green wrote:
> diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
> index 0bfb4c33974890..dc9e11bb4824da 100644
> --- a/Documentation/security/keys/trusted-encrypted.rst
> +++ b/Documentation/security/keys/trusted-encrypted.rst
> @@ -199,6 +199,10 @@ Usage::
> policyhandle= handle to an authorization policy session that defines the
> same policy and with the same hash algorithm as was used to
> seal the key.
> + creationpcrs= hex integer representing the set of PCR values to be
> + included in the PCR creation data. The bit corresponding
> + to each PCR should be 1 to be included, 0 to be ignored.
> + TPM2 only.
There's inconsistent whitespace here. Given the context, I suspect the
tabs should be expanded to spaces.
As for the docs themselves, this might preferrably mention how large
this is supposed to be. It seems to be limited to 32bits by the code.
What happens if fewer are provided? More? Will there always be at most
32 PCR values? Also, how are the bits interpreted? I presume bit 0 is
for PCR value 0?
Thanks for including docs.
Thanks,
--Ben