KEYS: trusted: allow trusted.ko to initialize w/o a TPM
Allow trusted.ko to initialize w/o a TPM. This commit also adds checks
to the exported functions to fail when a TPM is not available.
Fixes: 240730437d ("KEYS: trusted: explicitly use tpm_chip structure...")
Cc: James Morris <jmorris@namei.org>
Reported-by: Dan Williams <dan.j.williams@intel.com>
Tested-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
This commit is contained in:
Jarkko Sakkinen
James Morris
Родитель
7110629263
Коммит
c78719203f
|
|
@ -135,6 +135,9 @@ int TSS_authhmac(unsigned char *digest, const unsigned char *key,
|
|||
int ret;
|
||||
va_list argp;
|
||||
|
||||
if (!chip)
|
||||
return -ENODEV;
|
||||
|
||||
sdesc = init_sdesc(hashalg);
|
||||
if (IS_ERR(sdesc)) {
|
||||
pr_info("trusted_key: can't alloc %s\n", hash_alg);
|
||||
|
|
@ -196,6 +199,9 @@ int TSS_checkhmac1(unsigned char *buffer,
|
|||
va_list argp;
|
||||
int ret;
|
||||
|
||||
if (!chip)
|
||||
return -ENODEV;
|
||||
|
||||
bufsize = LOAD32(buffer, TPM_SIZE_OFFSET);
|
||||
tag = LOAD16(buffer, 0);
|
||||
ordinal = command;
|
||||
|
|
@ -363,6 +369,9 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
|
|||
{
|
||||
int rc;
|
||||
|
||||
if (!chip)
|
||||
return -ENODEV;
|
||||
|
||||
dump_tpm_buf(cmd);
|
||||
rc = tpm_send(chip, cmd, buflen);
|
||||
dump_tpm_buf(cmd);
|
||||
|
|
@ -429,6 +438,9 @@ int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
|
|||
{
|
||||
int ret;
|
||||
|
||||
if (!chip)
|
||||
return -ENODEV;
|
||||
|
||||
INIT_BUF(tb);
|
||||
store16(tb, TPM_TAG_RQU_COMMAND);
|
||||
store32(tb, TPM_OIAP_SIZE);
|
||||
|
|
@ -1245,9 +1257,13 @@ static int __init init_trusted(void)
|
|||
{
|
||||
int ret;
|
||||
|
||||
/* encrypted_keys.ko depends on successful load of this module even if
|
||||
* TPM is not used.
|
||||
*/
|
||||
chip = tpm_default_chip();
|
||||
if (!chip)
|
||||
return -ENOENT;
|
||||
return 0;
|
||||
|
||||
ret = init_digests();
|
||||
if (ret < 0)
|
||||
goto err_put;
|
||||
|
|
@ -1269,10 +1285,12 @@ err_put:
|
|||
|
||||
static void __exit cleanup_trusted(void)
|
||||
{
|
||||
put_device(&chip->dev);
|
||||
kfree(digests);
|
||||
trusted_shash_release();
|
||||
unregister_key_type(&key_type_trusted);
|
||||
if (chip) {
|
||||
put_device(&chip->dev);
|
||||
kfree(digests);
|
||||
trusted_shash_release();
|
||||
unregister_key_type(&key_type_trusted);
|
||||
}
|
||||
}
|
||||
|
||||
late_initcall(init_trusted);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче