• Jarkko Sakkinen's avatar
    KEYS: trusted: Reserve TPM for seal and unseal operations · 8c657a05
    Jarkko Sakkinen authored
    When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
    the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
    which are used to take temporarily the ownership of the TPM chip. The
    ownership is only taken inside tpm_send(), but this is not sufficient,
    as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
    need to be done as a one single atom.
    
    Take the TPM chip ownership before sending anything with
    tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
    TPM commands instead of tpm_send(), reverting back to the old behaviour.
    
    Fixes: 2e19e101 ("KEYS: trusted: Move TPM2 trusted keys code")
    Reported-by: default avatar"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
    Cc: stable@vger.kernel.org
    Cc: David Howells <dhowells@redhat.com>
    Cc: Mimi Zohar <zohar@linux.ibm.com>
    Cc: Sumit Garg <sumit.garg@linaro.org>
    Acked-by Sumit Garg <sumit.garg@linaro.org>
    Tested-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    8c657a05
tpm.h 6.62 KB