Re: [PATCH 4/9] security: keys: trusted: Store the handle of a loaded key

[PATCH 0/9] Enable hibernation when Lockdown is enabled · Matthew Garrett <hidden> · 2021-02-20
[PATCH 1/9] tpm: Add support for in-kernel resetting of PCRs · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 1/9] tpm: Add support for in-kernel resetting of PCRs · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
[PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-24
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · James Bottomley <hidden> · 2021-02-24
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-28
[PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
Re: [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-22
Re: [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-24
[PATCH 4/9] security: keys: trusted: Store the handle of a loaded key · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 4/9] security: keys: trusted: Store the handle of a loaded key · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
[PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Ben Boeckel <hidden> · 2021-02-21
Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-22
[PATCH 6/9] pm: hibernate: Optionally store and verify a hash of the image · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 6/9] pm: hibernate: Optionally store and verify a hash of the image · Evan Green <hidden> · 2021-05-05
[PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity · Randy Dunlap <hidden> · 2021-02-20
Re: [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-22
[PATCH 8/9] pm: hibernate: Verify the digest encryption key · Matthew Garrett <hidden> · 2021-02-20
[PATCH 9/9] pm: hibernate: seal the encryption key with a PCR policy · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Evan Green <hidden> · 2021-05-04
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Jarkko Sakkinen <jarkko@kernel.org> · 2021-05-05
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Jarkko Sakkinen <jarkko@kernel.org> · 2021-05-05
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Evan Green <hidden> · 2021-05-05

From: Jarkko Sakkinen <jarkko@kernel.org>
Date: 2021-02-20 03:07:53
Also in: keyrings, linux-integrity, lkml

On Sat, Feb 20, 2021 at 01:32:50AM +0000, Matthew Garrett wrote:

Certain in-kernel operations using a trusted key (such as creation
certification) require knowledge of the handle it's loaded at. Keep
a copy of that in the payload.

Signed-off-by: Matthew Garrett <redacted>

This looks good to me as well *as a code change*.

/Jarkko

quoted hunk ↗ jump to hunk

---
 include/keys/trusted-type.h               | 1 +
 security/keys/trusted-keys/trusted_tpm2.c | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
index 020e01a99ea4..154d8a1769c3 100644
--- a/include/keys/trusted-type.h
+++ b/include/keys/trusted-type.h

@@ -21,6 +21,7 @@
 
 struct trusted_key_payload {
 	struct rcu_head rcu;
+	unsigned int blob_handle;
 	unsigned int key_len;
 	unsigned int blob_len;
 	unsigned int creation_len;

diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 6357a51a24e9..a3673fffd834 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c

@@ -272,11 +272,13 @@ static int tpm2_load_cmd(struct tpm_chip *chip,
 	}
 
 	rc = tpm_send(chip, buf.data, tpm_buf_length(&buf));
-	if (!rc)
+	if (!rc) {
 		*blob_handle = be32_to_cpup(
 			(__be32 *) &buf.data[TPM_HEADER_SIZE]);
-	else
+		payload->blob_handle = *blob_handle;
+	} else {
 		goto out;
+	}
 
 	rc = tpm2_unpack_blob(payload);
 out:

-- 
2.30.0.617.g56c4b15f3c-goog

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help