On Fri, 2020-05-15 at 05:22 +0300, Jarkko Sakkinen wrote:
> On Thu, 2020-05-14 at 17:31 +0300, Jarkko Sakkinen wrote:
> > I'm compiling now kernel with all series included.
> >
> > Kind of checking if I could just take the whole series. Let see.
> >
> > In all cases I want the style errors in 3/8 to be fixes with a
> > helper
> > but maybe better to hold before sending anything. Possibly that is
> > all
> > needed I'll just carve that patch myself.
> >
> > Please don't do anything for the moment.
>
> This is what I tried first (with the full series applied):
>
> #!/bin/sh
>
> die()
> {
> keyctl clear @u
> ./tpm2-flush --all-transient
> exit $1
> }
>
> KEYHANDLE=$(./tpm2-root-key || die 1)
> KEYID=$(keyctl add trusted kmk "new 32 keyhandle=$KEYHANDLE
> hash=sha256" @u || die 1)
>
> echo "$KEYID ($KEYHANDLE)"
>
> keyctl pipe $KEYID > blob.hex || die 1
> keyctl clear @u || die 1
>
> echo "Import key from blob"
>
> keyctl add trusted kmk "load `cat blob.hex` keyhandle=$KEYHANDLE" @u
> || die 1
>
> die 0
>
> Result:
>
> sudo ./keyctl-smoke.sh
> 566201053 (0x80000000)
> keyctl_read_alloc: Permission denied
Well, it's clearly failing in keyctl pipe
I do confess to never having tested a volatile primary, but I just did
so and it works for me. I will also add the keyhandle in the load
isn't necessary, because it should be in the blob, but there should
also be no harm (just tested).
However, I don't have keyctl_read_alloc in my tree, so it may be an
incompatibility with another patch set. What's your base and what
other patches do you have applied?
James
> Any ideas what I might have done wrong? Have not tried auth value yet
> but afaik the above should fully test import and export.
>
> Uses tpm2-scripts:
>
> https://github.com/jsakkine-intel/tpm2-scripts
>
> I'll probably move these to git.infradead.org because I don't like
> really like at all Github and my kernel tree is there anyway.
>
> /Jarkko
>
