From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: David Woodhouse <dwmw2@infradead.org>, linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: Re: [PATCH 1/8] security: keys: trusted: flush the key handle after use
Date: Mon, 09 Dec 2019 07:38:15 -0800 [thread overview]
Message-ID: <1575905895.3340.8.camel@HansenPartnership.com> (raw)
In-Reply-To: <89e3c7c531b228673089ad892d5e6390642ced85.camel@infradead.org>
On Mon, 2019-12-09 at 08:31 +0000, David Woodhouse wrote:
> On Sat, 2019-12-07 at 21:07 -0800, James Bottomley wrote:
> > The trusted keys code currently loads a blob into the TPM and
> > unseals
> > on the handle. However, it never flushes the handle meaning that
> > volatile contexts build up until the TPM becomes unusable. Fix
> > this
> > by flushing the handle after the unseal.
> >
> > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.c
> > om>
> > ---
> > drivers/char/tpm/tpm.h | 1 -
> > drivers/char/tpm/tpm2-cmd.c | 1 +
> > include/linux/tpm.h | 1 +
> > security/keys/trusted-keys/trusted_tpm2.c | 1 +
> > 4 files changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> > index b9e1547be6b5..5620747da0cf 100644
> > --- a/drivers/char/tpm/tpm.h
> > +++ b/drivers/char/tpm/tpm.h
> > @@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32
> > pcr_idx,
> > int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> > struct tpm_digest *digests);
> > int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
> > -void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
> > ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
> > u32 *value, const char *desc);
> >
> > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-
> > cmd.c
> > index fdb457704aa7..b87592f4a6c7 100644
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip,
> > u32 handle)
> > tpm_transmit_cmd(chip, &buf, 0, "flushing context");
> > tpm_buf_destroy(&buf);
> > }
> > +EXPORT_SYMBOL(tpm2_flush_context);
>
>
> Everything else is EXPORT_SYMBOL_GPL(). Why EXPORT_SYMBOL() here?
No reason ... well, except I'm not sure the difference has any utility,
but since I don't really care either way, I'll change all the exports.
James
next prev parent reply other threads:[~2019-12-09 15:38 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-08 5:06 [PATCH 0/8] Fix TPM 2.0 trusted keys James Bottomley
2019-12-08 5:07 ` [PATCH 1/8] security: keys: trusted: flush the key handle after use James Bottomley
2019-12-09 8:31 ` David Woodhouse
2019-12-09 15:38 ` James Bottomley [this message]
2019-12-08 5:08 ` [PATCH 2/8] lib: add asn.1 encoder James Bottomley
2019-12-09 8:50 ` David Woodhouse
2019-12-09 15:46 ` James Bottomley
2019-12-09 22:05 ` Matthew Garrett
2019-12-09 22:43 ` James Bottomley
2019-12-08 5:09 ` [PATCH 3/8] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2019-12-09 8:55 ` David Woodhouse
2019-12-09 16:21 ` James Bottomley
2020-06-19 20:45 ` Wiseman, Monty (GE Research, US)
2020-06-19 22:50 ` Jerry Snitselaar
2020-06-20 15:36 ` James Bottomley
2020-06-23 1:17 ` Jarkko Sakkinen
2019-12-08 5:10 ` [PATCH 4/8] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
2019-12-09 10:04 ` David Woodhouse
2019-12-09 16:31 ` James Bottomley
2019-12-08 5:11 ` [PATCH 5/8] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2019-12-09 10:09 ` David Woodhouse
2019-12-09 17:23 ` James Bottomley
2019-12-08 5:12 ` [PATCH 6/8] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
2019-12-09 10:18 ` David Woodhouse
2019-12-09 18:03 ` James Bottomley
2019-12-09 18:44 ` David Woodhouse
2019-12-09 19:11 ` James Bottomley
2019-12-25 17:08 ` Ken Goldman
2019-12-08 5:13 ` [PATCH 7/8] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
2019-12-08 5:14 ` [PATCH 8/8] security: keys: trusted: implement counter/timer policy James Bottomley
2019-12-09 20:20 ` [PATCH 0/8] Fix TPM 2.0 trusted keys Jarkko Sakkinen
2019-12-09 20:57 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1575905895.3340.8.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.