diff mbox

[v1,4/4] keys, trusted: update documentation for 'hash=' option

Message ID 1446134370-11460-5-git-send-email-jarkko.sakkinen@linux.intel.com (mailing list archive)
State New, archived
Headers show

Commit Message

Jarkko Sakkinen Oct. 29, 2015, 3:59 p.m. UTC
Documented 'hash=' option.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 Documentation/security/keys-trusted-encrypted.txt | 3 +++
 1 file changed, 3 insertions(+)

Comments

Mimi Zohar Oct. 29, 2015, 7:26 p.m. UTC | #1
On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote:
> Documented 'hash=' option.

No reason for a separate patch.  Please squash this patch with the one
that introduced the new option.

Mimi

> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> ---
>  Documentation/security/keys-trusted-encrypted.txt | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
> index e105ae9..fd2565b 100644
> --- a/Documentation/security/keys-trusted-encrypted.txt
> +++ b/Documentation/security/keys-trusted-encrypted.txt
> @@ -38,6 +38,9 @@ Usage:
>         pcrlock=	  pcr number to be extended to "lock" blob
>         migratable= 0|1 indicating permission to reseal to new PCR values,
>                     default 1 (resealing allowed)
> +       hash=      hash algorithm name as a string. For TPM 1.x the only
> +                  allowed value is sha1. For TPM 2.x the allowed values
> +		  are sha1, sha256, sha384, sha512 and sm3-256.
> 
>  "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
>  TPM_STORED_DATA format.  The key length for new keys are always in bytes.



------------------------------------------------------------------------------
Jarkko Sakkinen Oct. 30, 2015, 11:08 a.m. UTC | #2
On Thu, Oct 29, 2015 at 03:26:02PM -0400, Mimi Zohar wrote:
> On Thu, 2015-10-29 at 17:59 +0200, Jarkko Sakkinen wrote:
> > Documented 'hash=' option.
> 
> No reason for a separate patch.  Please squash this patch with the one
> that introduced the new option.

Right. I'm going to do this and also swapping the order of patches (from
"1.  tpm 2. trusted" to "1. trusted 2. tpm") so that they can be tested
separately (and thereby also moving change to trusted_key_option to
"trusted" patch).

> Mimi

/Jarkko

------------------------------------------------------------------------------
diff mbox

Patch

diff --git a/Documentation/security/keys-trusted-encrypted.txt b/Documentation/security/keys-trusted-encrypted.txt
index e105ae9..fd2565b 100644
--- a/Documentation/security/keys-trusted-encrypted.txt
+++ b/Documentation/security/keys-trusted-encrypted.txt
@@ -38,6 +38,9 @@  Usage:
        pcrlock=	  pcr number to be extended to "lock" blob
        migratable= 0|1 indicating permission to reseal to new PCR values,
                    default 1 (resealing allowed)
+       hash=      hash algorithm name as a string. For TPM 1.x the only
+                  allowed value is sha1. For TPM 2.x the allowed values
+		  are sha1, sha256, sha384, sha512 and sm3-256.
 
 "keyctl print" returns an ascii hex copy of the sealed key, which is in standard
 TPM_STORED_DATA format.  The key length for new keys are always in bytes.