On Thu May 23, 2024 at 5:20 PM EEST, Jarkko Sakkinen wrote: > There's no reason to encode OID_TPMSealedData at run-time, as it never > changes. > > Replace it with an encoded u8-array, which has the same number of > elements: > > 67 81 05 0A 01 05 > > Include OBJECT IDENTIFIER (0x06) tag and length as the prologue so that > the OID can be simply copied to the blob leading to: > > 06 06 67 81 05 0A 01 05 > > Since this in stationary place in the buffer it is guaranteed to always > fit and not further checks are required. > > Reviewed-by: David Howells <dhowe...@redhat.com> > Signed-off-by: Jarkko Sakkinen <jar...@kernel.org>
Does not really substitute distribution kernel testing, which is IMHO essential for something like TPM2 boot in systemd but for simple patches like this, the following does a trivial smoke test: export LINUX_OVERRIDE_SRCDIR=<path to a kernel tree with a trusted keys patch> git clone https://gitlab.com/jarkkojs/linux-tpmdd-test.git cd linux-tpmdd-test cmake -Bbuild && make -Cbuild buildroot-prepare make -Cbuild/buildroot/build build/buildroot/build/images/run-tests.sh I'm planning to migrate at some point to systemd and make it appear more like distribution tho.. For recompiling just kernel only thing needed is: rm -rf build/buildroot/build/build/linux-custom make -Cbuild/buildroot/build I've put this also to the MAINTAINERS entry of TPM driver although I use it also for keyrings etc. Also it is open for contributions via Gitlab merge requests (not requesting them per se but I'm open to such possibility). BR, Jarkko