This patch-set is an outcome of discussion here [1]. It has evolved very much since v1 to create, consolidate and generalize trusted keys subsystem.
This framework has been tested with trusted keys support provided via TEE but I wasn't able to test it with a TPM device as I don't possess one. It would be really helpful if others could test this patch-set using a TPM device.
[1] https://www.mail-archive.com/linux-doc@vger.kernel.org/msg30591.html
Changes in v4: 1. Separate patch for export of tpm_buf code to include/linux/tpm.h 2. Change TPM1.x trusted keys code to use common tpm_buf 3. Keep module name as trusted.ko only
Changes in v3:
Move TPM2 trusted keys code to trusted keys subsystem.
Changes in v2:
Split trusted keys abstraction patch for ease of review.
Sumit Garg (5): tpm: move tpm_buf code to include/linux/ KEYS: trusted: use common tpm_buf for TPM1.x code KEYS: trusted: create trusted keys subsystem KEYS: trusted: move tpm2 trusted keys code KEYS: trusted: Add generic trusted keys framework
crypto/asymmetric_keys/asym_tpm.c | 2 +- drivers/char/tpm/tpm-chip.c | 1 + drivers/char/tpm/tpm-interface.c | 56 --- drivers/char/tpm/tpm.h | 230 ----------- drivers/char/tpm/tpm2-cmd.c | 308 +-------------- include/keys/trusted-type.h | 45 +++ include/keys/{trusted.h => trusted_tpm.h} | 61 +-- include/linux/tpm.h | 270 ++++++++++++- security/keys/Makefile | 2 +- security/keys/trusted-keys/Makefile | 9 + security/keys/trusted-keys/trusted-common.c | 343 ++++++++++++++++ .../keys/{trusted.c => trusted-keys/trusted-tpm.c} | 437 +++++---------------- security/keys/trusted-keys/trusted-tpm2.c | 378 ++++++++++++++++++ 13 files changed, 1141 insertions(+), 1001 deletions(-) rename include/keys/{trusted.h => trusted_tpm.h} (64%) create mode 100644 security/keys/trusted-keys/Makefile create mode 100644 security/keys/trusted-keys/trusted-common.c rename security/keys/{trusted.c => trusted-keys/trusted-tpm.c} (72%) create mode 100644 security/keys/trusted-keys/trusted-tpm2.c