diff options
author | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2015-05-30 08:09:04 +0300 |
---|---|---|
committer | Peter Huewe <peterhuewe@gmx.de> | 2015-10-19 01:01:21 +0200 |
commit | 954650efb79f99d5c817c121bb0a7c6c53362048 (patch) | |
tree | 12da28fd54da6f329cdfe83b42e65a0479313b0e /include | |
parent | fe351e8d4eec801beeba1df1f36d76316be6f1a2 (diff) | |
download | linux-954650efb79f99d5c817c121bb0a7c6c53362048.tar.gz linux-954650efb79f99d5c817c121bb0a7c6c53362048.tar.bz2 linux-954650efb79f99d5c817c121bb0a7c6c53362048.zip |
tpm: seal/unseal for TPM 2.0
Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing
trusted keys.
This patch implements basic sealing and unsealing functionality for
TPM 2.0:
* Seal with a parent key using a 20 byte auth value.
* Unseal with a parent key using a 20 byte auth value.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
Diffstat (limited to 'include')
-rw-r--r-- | include/keys/trusted-type.h | 2 | ||||
-rw-r--r-- | include/linux/tpm.h | 26 |
2 files changed, 27 insertions, 1 deletions
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index c91651f91687..f91ecd9d1bb1 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -16,7 +16,7 @@ #define MIN_KEY_SIZE 32 #define MAX_KEY_SIZE 128 -#define MAX_BLOB_SIZE 320 +#define MAX_BLOB_SIZE 512 #define MAX_PCRINFO_SIZE 64 struct trusted_key_payload { diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 8350c538b486..706e63eea080 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -30,6 +30,8 @@ #define TPM_ANY_NUM 0xFFFF struct tpm_chip; +struct trusted_key_payload; +struct trusted_key_options; struct tpm_class_ops { const u8 req_complete_mask; @@ -46,11 +48,22 @@ struct tpm_class_ops { #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) +extern int tpm_is_tpm2(u32 chip_num); extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf); extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash); extern int tpm_send(u32 chip_num, void *cmd, size_t buflen); extern int tpm_get_random(u32 chip_num, u8 *data, size_t max); +extern int tpm_seal_trusted(u32 chip_num, + struct trusted_key_payload *payload, + struct trusted_key_options *options); +extern int tpm_unseal_trusted(u32 chip_num, + struct trusted_key_payload *payload, + struct trusted_key_options *options); #else +static inline int tpm_is_tpm2(u32 chip_num) +{ + return -ENODEV; +} static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) { return -ENODEV; } @@ -63,5 +76,18 @@ static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) { static inline int tpm_get_random(u32 chip_num, u8 *data, size_t max) { return -ENODEV; } + +static inline int tpm_seal_trusted(u32 chip_num, + struct trusted_key_payload *payload, + struct trusted_key_options *options) +{ + return -ENODEV; +} +static inline int tpm_unseal_trusted(u32 chip_num, + struct trusted_key_payload *payload, + struct trusted_key_options *options) +{ + return -ENODEV; +} #endif #endif |