On Fri, 2021-01-29 at 14:44 +0530, Sumit Garg wrote:
> On Fri, 29 Jan 2021 at 05:26, <jarkko@xxxxxxxxxx> wrote:
> >
> > From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> >
> > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
> > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
> > which are used to take temporarily the ownership of the TPM chip. The
> > ownership is only taken inside tpm_send(), but this is not sufficient,
> > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
> > need to be done as a one single atom.
> >
> > Take the TPM chip ownership before sending anything with
> > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
> > TPM commands instead of tpm_send(), reverting back to the old behaviour.
> >
> > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
> > Reported-by: "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> > Cc: stable@xxxxxxxxxxxxxxx
> > Cc: David Howells <dhowells@xxxxxxxxxx>
> > Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> > Cc: Sumit Garg <sumit.garg@xxxxxxxxxx>
> > Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> > ---
> > drivers/char/tpm/tpm.h | 4 ----
> > include/linux/tpm.h | 5 ++++-
> > security/keys/trusted-keys/trusted_tpm2.c | 24 ++++++++++++++++++-----
> > 3 files changed, 23 insertions(+), 10 deletions(-)
> >
>
> Acked-by: Sumit Garg <sumit.garg@xxxxxxxxxx>
Thanks.
/Jarkko
