Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default
From: Jarkko Sakkinen
Date: Mon May 27 2024 - 19:18:05 EST
On Tue May 28, 2024 at 12:36 AM EEST, James Bottomley wrote:
> On Mon, 2024-05-27 at 22:53 +0300, Jarkko Sakkinen wrote:
> > On Mon May 27, 2024 at 8:57 PM EEST, James Bottomley wrote:
> > > On Mon, 2024-05-27 at 18:34 +0300, Jarkko Sakkinen wrote:
> [...]
> > > > While looking at code I started to wanted what was the reasoning
> > > > for adding *undocumented* "TPM2_OA_TMPL" in include/linux/tpm.h.
> > > > It should really be in tpm2-sessions.c and named something like
> > > > TPM2_NULL_KEY_OA or similar.
> > >
> > > Well, because you asked for it. I originally had all the flags
> > > spelled out and I'm not a fan of this obscurity, but you have to do
> > > stuff like this to get patches accepted:
> > >
> > > https://lore.kernel.org/linux-integrity/CZCKTWU6ZCC9.2UTEQPEVICYHL@suppilovahvero/
> >
> > I still think the constant does make sense.
>
> I'm not so sure. The TCG simply defines it as a collection of flags
> and every TPM tool set I've seen simply uses a list of flags as well.
> The original design was that the template would be in this one place
> and everything else would call into it. I think the reason all
> template construction looks similar is for ease of auditing (it's easy
> to get things, particularly the flags, wrong).
>
> If it only has one use case, it should be spelled out but if someone
> else would use it then it should be in the tpm.h shared header.
It is used only in tpm2-sessions.c and for the null key so there it
should be. And it is also lacking the associated documentation. Now
both name and context it is used is lost.
BR, Jarkko