git.baikalelectronics.ru Git - kernel.git/commit

author	Jarkko Sakkinen <jarkko@kernel.org>
	Thu, 28 Jan 2021 23:56:21 +0000 (01:56 +0200)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Tue, 16 Feb 2021 08:40:28 +0000 (10:40 +0200)
commit	34381812a16bdc0e738b2f4b04c4e607a61943b7
tree	2ab5fb0d0bb465e620b4b023080899efaab928eb	tree \| snapshot
parent	48e5e16750e6c4e3d20a90f3f23d3e4b53731d26	commit \| diff

KEYS: trusted: Reserve TPM for seal and unseal operations

When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
which are used to take temporarily the ownership of the TPM chip. The
ownership is only taken inside tpm_send(), but this is not sufficient,
as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
need to be done as a one single atom.

Take the TPM chip ownership before sending anything with
tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
TPM commands instead of tpm_send(), reverting back to the old behaviour.

Fixes: a81ee87fd426 ("KEYS: trusted: Move TPM2 trusted keys code")
Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: stable@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Acked-by Sumit Garg <sumit.garg@linaro.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

drivers/char/tpm/tpm.h		diff \| blob \| history
include/linux/tpm.h		diff \| blob \| history
security/keys/trusted-keys/trusted_tpm2.c		diff \| blob \| history