diff options
| author |   James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-12-12 12:58:35 -0500 |
|---|---|---|
| committer |   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2019-12-17 11:46:43 +0200 |
| commit | 45477b3fe3d10376b649b1b85fce72b2f9f1da84 (patch) | |
| tree | f69752a69b3338d21d95331963c7c86133d62cbf /security/keys | |
| parent | tpm_tis: reserve chip for duration of tpm_tis_core_init (diff) | |
| download | linux-dev-45477b3fe3d10376b649b1b85fce72b2f9f1da84.tar.xz linux-dev-45477b3fe3d10376b649b1b85fce72b2f9f1da84.zip | |
security: keys: trusted: fix lost handle flush
The original code, before it was moved into security/keys/trusted-keys
had a flush after the blob unseal. Without that flush, the volatile
handles increase in the TPM until it becomes unusable and the system
either has to be rebooted or the TPM volatile area manually flushed.
Fix by adding back the lost flush, which we now have to export because
of the relocation of the trusted key code may cause the consumer to be
modular.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Diffstat (limited to 'security/keys')
| -rw-r--r-- | security/keys/trusted-keys/trusted_tpm2.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index a9810ac2776f..08ec7f48f01d 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -309,6 +309,7 @@ int tpm2_unseal_trusted(struct tpm_chip *chip, return rc; rc = tpm2_unseal_cmd(chip, payload, options, blob_handle); + tpm2_flush_context(chip, blob_handle); return rc; } |