Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

       pcrlock=	     pcr number to be extended to "lock" blob

       migratable=   0|1 indicating permission to reseal to new PCR values,

                     default 1 (resealing allowed)

       hash=         hash algorithm name as a string. For TPM 1.x the only

                     allowed value is sha1. For TPM 2.x the allowed values

                     are sha1, sha256, sha384, sha512 and sm3-256.

       policydigest= digest for the authorization policy. must be calculated

                     with the same hash algorithm as specified by the 'hash='

                     option.

       policyhandle= handle to an authorization policy session that defines the

                     same policy and with the same hash algorithm as was used to

                     seal the key.

"keyctl print" returns an ascii hex copy of the sealed key, which is in standard

TPM_STORED_DATA format.  The key length for new keys are always in bytes.

			goto error_free_cert;

	} else if (!prep->trusted) {

		ret = x509_validate_trust(cert, get_system_trusted_keyring());

		if (ret)

			ret = x509_validate_trust(cert, get_ima_mok_keyring());

		if (!ret)

			prep->trusted = 1;

	}

	[HASH_ALGO_TGR_128]	= "tgr128",

	[HASH_ALGO_TGR_160]	= "tgr160",

	[HASH_ALGO_TGR_192]	= "tgr192",

	[HASH_ALGO_SM3_256]	= "sm3-256",

};

EXPORT_SYMBOL_GPL(hash_algo_name);

	[HASH_ALGO_TGR_128]	= TGR128_DIGEST_SIZE,

	[HASH_ALGO_TGR_160]	= TGR160_DIGEST_SIZE,

	[HASH_ALGO_TGR_192]	= TGR192_DIGEST_SIZE,

	[HASH_ALGO_SM3_256]	= SM3256_DIGEST_SIZE,

};

EXPORT_SYMBOL_GPL(hash_digest_size);

{

	int duration_idx = TPM_UNDEFINED;

	int duration = 0;

	u8 category = (ordinal >> 24) & 0xFF;

	if ((category == TPM_PROTECTED_COMMAND && ordinal < TPM_MAX_ORDINAL) ||

	    (category == TPM_CONNECTION_COMMAND && ordinal < TSC_MAX_ORDINAL))

	/*

	 * We only have a duration table for protected commands, where the upper

	 * 16 bits are 0. For the few other ordinals the fallback will be used.

	 */

	if (ordinal < TPM_MAX_ORDINAL)

		duration_idx = tpm_ordinal_duration[ordinal];

	if (duration_idx != TPM_UNDEFINED)

	struct duration_t *duration_cap;

	ssize_t rc;

	if (chip->flags & TPM_CHIP_FLAG_TPM2) {

		/* Fixed timeouts for TPM2 */

		chip->vendor.timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);

		chip->vendor.timeout_b = msecs_to_jiffies(TPM2_TIMEOUT_B);

		chip->vendor.timeout_c = msecs_to_jiffies(TPM2_TIMEOUT_C);

		chip->vendor.timeout_d = msecs_to_jiffies(TPM2_TIMEOUT_D);

		chip->vendor.duration[TPM_SHORT] =

		    msecs_to_jiffies(TPM2_DURATION_SHORT);

		chip->vendor.duration[TPM_MEDIUM] =

		    msecs_to_jiffies(TPM2_DURATION_MEDIUM);

		chip->vendor.duration[TPM_LONG] =

		    msecs_to_jiffies(TPM2_DURATION_LONG);

		return 0;

	}

	tpm_cmd.header.in = tpm_getcap_header;

	tpm_cmd.params.getcap_in.cap = TPM_CAP_PROP;

	tpm_cmd.params.getcap_in.subcap_size = cpu_to_be32(4);

};

enum tpm2_return_codes {

	TPM2_RC_INITIALIZE	= 0x0100,

	TPM2_RC_TESTING		= 0x090A,

	TPM2_RC_HASH		= 0x0083, /* RC_FMT1 */

	TPM2_RC_INITIALIZE	= 0x0100, /* RC_VER1 */

	TPM2_RC_DISABLED	= 0x0120,

	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */

};

enum tpm2_algorithms {

	TPM2_ALG_SHA1		= 0x0004,

	TPM2_ALG_KEYEDHASH	= 0x0008,

	TPM2_ALG_SHA256		= 0x000B,

	TPM2_ALG_NULL		= 0x0010

	TPM2_ALG_SHA384		= 0x000C,

	TPM2_ALG_SHA512		= 0x000D,

	TPM2_ALG_NULL		= 0x0010,

	TPM2_ALG_SM3_256	= 0x0012,

};

enum tpm2_command_codes {

	unsigned long base;		/* TPM base address */

	int irq;

	int probed_irq;

	int region_size;

	int have_region;