-
David Safford authored
When creating (sealing) a new trusted key, migratable trusted keys have the FIXED_TPM and FIXED_PARENT attributes set, and non-migratable keys don't. This is backwards, and also causes creation to fail when creating a migratable key under a migratable parent. (The TPM thinks you are trying to seal a non-migratable blob under a migratable parent.) The following simple patch fixes the logic, and has been tested for all four combinations of migratable and non-migratable trusted keys and parent storage keys. With this logic, you will get a proper failure if you try to create a non-migratable trusted key under a migratable parent storage key, and all other combinations work correctly. Cc: stable@vger.kernel.org # v5.13+ Fixes: e5fb5d2c ("security: keys: trusted: Make sealed key properly interoperable") Signed-off-by:
David Safford <david.safford@gmail.com> Reviewed-by:
Ahmad Fatoum <a.fatoum@pengutronix.de> Reviewed-by:
Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by:
dda53843
