Re: [PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2021-01-29 at 14:44 +0530, Sumit Garg wrote:
> On Fri, 29 Jan 2021 at 05:26, <jarkko@xxxxxxxxxx> wrote:
> > 
> > From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> > 
> > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
> > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
> > which are used to take temporarily the ownership of the TPM chip. The
> > ownership is only taken inside tpm_send(), but this is not sufficient,
> > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
> > need to be done as a one single atom.
> > 
> > Take the TPM chip ownership before sending anything with
> > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
> > TPM commands instead of tpm_send(), reverting back to the old behaviour.
> > 
> > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
> > Reported-by: "James E.J. Bottomley" <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> > Cc: stable@xxxxxxxxxxxxxxx
> > Cc: David Howells <dhowells@xxxxxxxxxx>
> > Cc: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> > Cc: Sumit Garg <sumit.garg@xxxxxxxxxx>
> > Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> > ---
> >  drivers/char/tpm/tpm.h                    |  4 ----
> >  include/linux/tpm.h                       |  5 ++++-
> >  security/keys/trusted-keys/trusted_tpm2.c | 24 ++++++++++++++++++-----
> >  3 files changed, 23 insertions(+), 10 deletions(-)
> > 
> 
> Acked-by: Sumit Garg <sumit.garg@xxxxxxxxxx>

Thanks.

/Jarkko




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux