KEYS: trusted: Reserve TPM for seal and unseal operations - linux-dev - Linux kernel development work

diff options

author	Jarkko Sakkinen <jarkko@kernel.org>	2021-01-29 01:56:21 +0200
committer	Jarkko Sakkinen <jarkko@kernel.org>	2021-02-16 10:40:28 +0200
commit	8c657a0590de585b1115847c17b34a58025f2f4b (patch)
tree	2ab5fb0d0bb465e620b4b023080899efaab928eb /drivers/crypto/Kconfig
parent	KEYS: trusted: Fix migratable=1 failing (diff)
download	linux-dev-8c657a0590de585b1115847c17b34a58025f2f4b.tar.xz linux-dev-8c657a0590de585b1115847c17b34a58025f2f4b.zip

KEYS: trusted: Reserve TPM for seal and unseal operations

When TPM 2.0 trusted keys code was moved to the trusted keys subsystem, the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(), which are used to take temporarily the ownership of the TPM chip. The ownership is only taken inside tpm_send(), but this is not sufficient, as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT need to be done as a one single atom. Take the TPM chip ownership before sending anything with tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send TPM commands instead of tpm_send(), reverting back to the old behaviour. Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code") Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com> Cc: stable@vger.kernel.org Cc: David Howells <dhowells@redhat.com> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Sumit Garg <sumit.garg@linaro.org> Acked-by Sumit Garg <sumit.garg@linaro.org> Tested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Diffstat (limited to 'drivers/crypto/Kconfig')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: