| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <683216c3-d61a-1b24-c38c-b3f4348ce876@huawei.com>
Date: Mon, 16 Oct 2017 10:53:13 +0800
From: Boshi Wang <wangboshi@...wei.com>
To: <linux-integrity@...r.kernel.org>
CC: <linux-security-module@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: [PATCH] keys, trusted: fix missing support for TPM 2.0 in
trusted_update()
Call tpm_seal_trusted() in trusted_update() for TPM 2.0 chips.
Signed-off-by: Boshi Wang <wangboshi@...wei.com>
---
security/keys/trusted.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index ddfaebf..563fe5f 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -1065,6 +1065,11 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
size_t datalen = prep->datalen;
char *datablob;
int ret = 0;
+ int tpm2;
+
+ tpm2 = tpm_is_tpm2(TPM_ANY_NUM);
+ if (tpm2 < 0)
+ return tpm2;
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
return -ENOKEY;
@@ -1110,7 +1115,10 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
dump_payload(p);
dump_payload(new_p);
- ret = key_seal(new_p, new_o);
+ if (tpm2)
+ ret = tpm_seal_trusted(TPM_ANY_NUM, new_p, new_o);
+ else
+ ret = key_seal(new_p, new_o);
if (ret < 0) {
pr_info("trusted_key: key_seal failed (%d)\n", ret);
kzfree(new_p);
--
2.10.1
Powered by blists - more mailing lists