diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-10-19 09:30:47 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-10-19 10:10:57 +0200 |
| commit | dc1768131a94d0e123c2e692215628ebce0b01fa (patch) | |
| tree | 5266e2ac725eb08c4a55d9a35bf9feb4829f78b9 | |
| parent | resolved,test-fileio: use "re" when opening files (diff) | |
| download | systemd-dc1768131a94d0e123c2e692215628ebce0b01fa.tar.xz systemd-dc1768131a94d0e123c2e692215628ebce0b01fa.zip | |
shared/tpm2-util: wrap comments
| -rw-r--r-- | src/shared/tpm2-util.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 16c907587c..13e92c4144 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -1049,7 +1049,8 @@ static int tpm2_make_policy_session( #if HAVE_OPENSSL _cleanup_(EVP_PKEY_freep) EVP_PKEY *pk = NULL; if (pubkey_size > 0) { - /* If a pubkey is specified, load it to validate it, even if the PCR mask for this is actually zero, and we are thus not going to use it. */ + /* If a pubkey is specified, load it to validate it, even if the PCR mask for this is + * actually zero, and we are thus not going to use it. */ _cleanup_fclose_ FILE *f = fmemopen((void*) pubkey, pubkey_size, "r"); if (!f) return log_oom(); @@ -1579,11 +1580,11 @@ int tpm2_unseal(const char *device, return log_error_errno(r, "TPM2 support is not installed."); /* So here's what we do here: We connect to the TPM2 chip. As we do when sealing we generate a - * "primary" key on the TPM2 chip, with the same parameters as well as a PCR-bound policy - * session. Given we pass the same parameters, this will result in the same "primary" key, and same - * policy hash (the latter of course, only if the PCR values didn't change in between). We unmarshal - * the encrypted key we stored in the LUKS2 JSON token header and upload it into the TPM2, where it - * is decrypted if the seed and the PCR policy were right ("unsealing"). We then download the result, + * "primary" key on the TPM2 chip, with the same parameters as well as a PCR-bound policy session. + * Given we pass the same parameters, this will result in the same "primary" key, and same policy + * hash (the latter of course, only if the PCR values didn't change in between). We unmarshal the + * encrypted key we stored in the LUKS2 JSON token header and upload it into the TPM2, where it is + * decrypted if the seed and the PCR policy were right ("unsealing"). We then download the result, * and use it to unlock the LUKS2 volume. */ start = now(CLOCK_MONOTONIC); |