ECC: Use ECC SRK for OOBE device |
|||
Issue descriptionAs discussed with apronin@, we don't need to create both ECC SRK (Storage root key, a primary key of storage hierarchy) and RSA SRK. Only one type SRK will exists at the same time. We will change kRSAStorageRootKey to kStorageRootKey and make all functions that need SRK to access this permanent handle. Notice that, we won't follow the suggestion in "A Practical Guide to TPM 2.0", Ch15 (https://link.springer.com/book/10.1007/978-1-4302-6584-9) to separate the key tree by the algorithm type of the keys.
,
Nov 30
,
Dec 6
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/842df195bf93795c3e71857bba5fd0810ac25c3f commit 842df195bf93795c3e71857bba5fd0810ac25c3f Author: Meng-Huan Yu <menghuan@chromium.org> Date: Thu Dec 06 22:35:37 2018 trunks: Use one SRK handle everywhere We will use only one handle for SRK instead of 2 (RSA, ECC). All key will put under this SRK no matter what's its key type. Remove kECCStorageRootKey and mark as deprecated. Also, rename kRSAStorageRootKey to kStorageRootKey. Since kECCStorageRootKey is not in used, this CL is expected no change the production behavior. BUG= chromium:910490 TEST=1) unittest in trunks/chaps/cryptohome 2) manually login at the device with RSA SRK generated Change-Id: I6fff0c23aa531aacb634f4bdbb1e1631d37e3a8b Reviewed-on: https://chromium-review.googlesource.com/1362641 Commit-Ready: Meng-Huan Yu <menghuan@chromium.org> Tested-by: Meng-Huan Yu <menghuan@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/842df195bf93795c3e71857bba5fd0810ac25c3f/chaps/tpm2_utility_impl.cc [modify] https://crrev.com/842df195bf93795c3e71857bba5fd0810ac25c3f/cryptohome/tpm2_impl.cc [modify] https://crrev.com/842df195bf93795c3e71857bba5fd0810ac25c3f/trunks/tpm_utility_test.cc [modify] https://crrev.com/842df195bf93795c3e71857bba5fd0810ac25c3f/trunks/tpm_utility.h [modify] https://crrev.com/842df195bf93795c3e71857bba5fd0810ac25c3f/trunks/tpm_utility_impl.cc [modify] https://crrev.com/842df195bf93795c3e71857bba5fd0810ac25c3f/chaps/tpm2_utility_test.cc
,
Dec 8
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/0b071fa376483223c933d29b60655741742bb28b commit 0b071fa376483223c933d29b60655741742bb28b Author: Meng-Huan Yu <menghuan@chromium.org> Date: Sat Dec 08 16:44:05 2018 trunks: Refactor CreateStorageRootKeys() in tpm_unility_impl Since we only need one SRK for now on. Refactor the whole logic of CreateStorageRootKeys() to remove the duplicated code. BUG= chromium:910490 TEST=unittest in trunks (expected no chagne the behavior) Change-Id: Ice449240893014b8633c0982ee089697b9e0e234 Reviewed-on: https://chromium-review.googlesource.com/1362642 Commit-Ready: Meng-Huan Yu <menghuan@chromium.org> Tested-by: Meng-Huan Yu <menghuan@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/0b071fa376483223c933d29b60655741742bb28b/trunks/tpm_utility_impl.cc
,
Dec 12
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/6cb3aa7ca959d3a3d4fc73db5c70014e7c29aac0 commit 6cb3aa7ca959d3a3d4fc73db5c70014e7c29aac0 Author: Meng-Huan Yu <menghuan@chromium.org> Date: Wed Dec 12 17:40:56 2018 trunks: Use ECC SRK by default in OOBE Change to generate ECC SRK first and then RSA SRK. This will make all OOBE devices use ECC SRK by default. BUG= chromium:910490 TEST=1) unittest in trunks 2) login at OOBE device 3) login at RSA SRK generated device Verified the cryptohome key is generated and used in mount process of cryptohome for 2) and 3) Change-Id: Ic15419c5b6fdbd1c8678e11b6fe9e0fa19cd9b91 Reviewed-on: https://chromium-review.googlesource.com/1362643 Commit-Ready: Meng-Huan Yu <menghuan@chromium.org> Tested-by: Meng-Huan Yu <menghuan@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/6cb3aa7ca959d3a3d4fc73db5c70014e7c29aac0/trunks/tpm_utility_impl.cc
,
Dec 13
|
|||
►
Sign in to add a comment |
|||
Comment 1 by menghuan@chromium.org
, Nov 30