WSL2-Linux-Kernel/security/keys/trusted-keys
David Safford 0dcc35c1c2 KEYS: trusted: tpm2: Fix migratable logic
commit dda5384313 upstream.

When creating (sealing) a new trusted key, migratable
trusted keys have the FIXED_TPM and FIXED_PARENT attributes
set, and non-migratable keys don't. This is backwards, and
also causes creation to fail when creating a migratable key
under a migratable parent. (The TPM thinks you are trying to
seal a non-migratable blob under a migratable parent.)

The following simple patch fixes the logic, and has been
tested for all four combinations of migratable and non-migratable
trusted keys and parent storage keys. With this logic, you will
get a proper failure if you try to create a non-migratable
trusted key under a migratable parent storage key, and all other
combinations work correctly.

Cc: stable@vger.kernel.org # v5.13+
Fixes: e5fb5d2c5a ("security: keys: trusted: Make sealed key properly interoperable")
Signed-off-by: David Safford <david.safford@gmail.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-14 18:36:25 +02:00
..
Makefile KEYS: trusted: Introduce TEE based Trusted Keys 2021-04-14 16:30:30 +03:00
tpm2key.asn1 security: keys: trusted: use ASN.1 TPM2 key format for the blobs 2021-04-14 16:30:30 +03:00
trusted_core.c KEYS: trusted: Avoid calling null function trusted_key_exit 2022-04-08 14:23:09 +02:00
trusted_tee.c KEYS: trusted: Introduce TEE based Trusted Keys 2021-04-14 16:30:30 +03:00
trusted_tpm1.c KEYS: trusted: Fix memory leak on object td 2021-05-12 22:36:36 +03:00
trusted_tpm2.c KEYS: trusted: tpm2: Fix migratable logic 2022-06-14 18:36:25 +02:00