From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Date: Mon, 05 Oct 2020 00:26:59 +0000 Subject: [PATCH 3/3] KEYS: trusted: Fix migratable=1 failing Message-Id: <20201005002659.81588-4-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable List-Id: References: <20201005002659.81588-1-jarkko.sakkinen@linux.intel.com> In-Reply-To: <20201005002659.81588-1-jarkko.sakkinen@linux.intel.com> To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , stable@vger.kernel.org, "James E.J. Bottomley" , Mimi Zohar , David Howells , James Morris , "Serge E. Hallyn" , David Safford , "open list:KEYS-TRUSTED" , "open list:SECURITY SUBSYSTEM" , open list Consider the following transcript: $ keyctl add trusted kmk "new 32 blobauth=3Dhelloworld keyhandle=80000000 m= igratable=3D1" @u add_key: Invalid argument The documentation has the following description: migratable=3D 0|1 indicating permission to reseal to new PCR values, default 1 (resealing allowed) The consequence is that "migratable=3D1" should succeed. Fix this by allowing this condition to pass instead of return -EINVAL. [*] Documentation/security/keys/trusted-encrypted.rst Cc: stable@vger.kernel.org Cc: "James E.J. Bottomley" Cc: Mimi Zohar Cc: David Howells Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Signed-off-by: Jarkko Sakkinen --- security/keys/trusted-keys/trusted_tpm1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trus= ted-keys/trusted_tpm1.c index c1dfc32c780b..20ca18e17437 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_paylo= ad *pay, case Opt_migratable: if (*args[0].from =3D '0') pay->migratable =3D 0; - else + else if (*args[0].from !=3D '1') return -EINVAL; break; case Opt_pcrlock: --=20 2.25.1