[PATCH tpm-work 0/3] move the tpm-work branch to an assuan based tpm handling daemon

Wiktor Kwapisiewicz wiktor at metacode.biz
Mon Jul 30 21:44:56 CEST 2018 

Hi James,

I'm very interested in your TPM patches (as a user).

Could I ask you some questions on how does it work?

I would like to have keys wrapped by TPM in such a way that the change 
in system configuration would render the key useless. As far as I've 
seen it's possible to do that by utilizing Platform Configuration 
Registers (PCRs). Would keys created by your TPM code have this property?

Thanks in advance for answer!

Kind regards,
Wiktor

> Sorry this has taken so long.  For some reason, I found assuan really
> hard to get on with and the documentation somewhat perfunctory, so I
> had to actually go the libassuan sources a lot to figure out what was
> going on.  Being incredibly lazy, the first patch in the series
> actually abstracts out most of the scdaemon handling code so it can be
> re-used for the tpm2daemon.  Patch 2 actually does the shift and patch
> 3 tidies up the linking.  I'm sure I got a lot wrong, but it's a start.
>   There's obviously a large amount of documentation that would need
> writing as well.
> 
> James
> 
> ---
> 
> James Bottomley (3):
>    agent: separate out daemon handling infrastructure for reuse
>    tpm2: handle via a new assuan connected daemon
>    tpm2: Make libtss directly linked
> 
>   Makefile.am             |    7 +-
>   agent/Makefile.am       |    5 +-
>   agent/agent.h           |   46 +-
>   agent/call-daemon.c     |  570 +++++++++++++++++++
>   agent/call-scd.c        |  543 +-----------------
>   agent/call-tpm2d.c      |  272 +++++++++
>   agent/command-ssh.c     |   10 +-
>   agent/command.c         |    4 +-
>   agent/divert-tpm2.c     |   62 +-
>   agent/gpg-agent.c       |   22 +-
>   common/homedir.c        |    7 +
>   common/util.h           |    1 +
>   configure.ac            |   12 +-
>   tools/gpgconf-comp.c    |    2 +
>   tpm2d/Makefile.am       |   18 +
>   tpm2d/command.c         |  574 +++++++++++++++++++
>   {agent => tpm2d}/tpm2.c |  239 +++-----
>   {agent => tpm2d}/tpm2.h |   15 +-
>   tpm2d/tpm2daemon.c      | 1432 +++++++++++++++++++++++++++++++++++++++++++++++
>   tpm2d/tpm2daemon.h      |  130 +++++
>   20 files changed, 3218 insertions(+), 753 deletions(-)
>   create mode 100644 agent/call-daemon.c
>   create mode 100644 agent/call-tpm2d.c
>   create mode 100644 tpm2d/Makefile.am
>   create mode 100644 tpm2d/command.c
>   rename {agent => tpm2d}/tpm2.c (79%)
>   rename {agent => tpm2d}/tpm2.h (64%)
>   create mode 100644 tpm2d/tpm2daemon.c
>   create mode 100644 tpm2d/tpm2daemon.h
> 

-- 
https://metacode.biz/@wiktor

More information about the Gnupg-devel mailing list