From: Jarkko S. <jar...@li...> - 2018-08-24 07:52:38
|
On Tue, Aug 21, 2018 at 04:57:43PM +0100, David Howells wrote: > Break the TPM bits out of security/keys/trusted.c into their own call wrapper > library. > > Signed-off-by: David Howells <dho...@re...> I think the very first steps that we should take would be to make TPM subsystem to use struct tpm_buf internally for everything and convert tpm_send() to take tpm_buf instead of a raw buffer. For TPM 2.0 the subsystem already uses tpm_buf. I remember Tomas Winkler working on to do the same for TPM 1.x. After that it would make sense to convert TPM 1.x to use struct tpm_buf to construct commands. After all of this is done it is possible to evaluate these changes. BTW right now there is call wrapper interface provided by the TPM subsystem for TPM 2.0 trusted keys. Not sure if this has been the right design choice. TPM 1.x and TPM 2.0 trusted keys implementations live in different subsystems ATM, which at least somewhat wrong. /Jarkko |