git.baikalelectronics.ru Git - kernel.git/commit

author	David Safford <david.safford@gmail.com>
	Tue, 7 Jun 2022 18:07:57 +0000 (14:07 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 14 Jun 2022 16:36:25 +0000 (18:36 +0200)
commit	8c9f5d3ef8f1e620dce0e2a26bf30b1686078159
tree	dc833eedc522e7a08091a72807be7afd87159620	tree \| snapshot
parent	20ac9ccac8198e24827b81798f17994e1b1df311	commit \| diff

KEYS: trusted: tpm2: Fix migratable logic

commit 67c53f8a45593cb725a8402a5a4c787a4eb018b1 upstream.

When creating (sealing) a new trusted key, migratable
trusted keys have the FIXED_TPM and FIXED_PARENT attributes
set, and non-migratable keys don't. This is backwards, and
also causes creation to fail when creating a migratable key
under a migratable parent. (The TPM thinks you are trying to
seal a non-migratable blob under a migratable parent.)

The following simple patch fixes the logic, and has been
tested for all four combinations of migratable and non-migratable
trusted keys and parent storage keys. With this logic, you will
get a proper failure if you try to create a non-migratable
trusted key under a migratable parent storage key, and all other
combinations work correctly.

Cc: stable@vger.kernel.org # v5.13+
Fixes: ad3090d17dae ("security: keys: trusted: Make sealed key properly interoperable")
Signed-off-by: David Safford <david.safford@gmail.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>