From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org
Subject: [PATCH v2 1/8] security: keys: trusted: flush the key handle after use
Date: Tue, 10 Dec 2019 00:05:29 +0000 [thread overview]
Message-ID: <1575936329.31378.51.camel@HansenPartnership.com> (raw)
In-Reply-To: <1575936272.31378.50.camel@HansenPartnership.com>
The trusted keys code currently loads a blob into the TPM and unseals
on the handle. However, it never flushes the handle meaning that
volatile contexts build up until the TPM becomes unusable. Fix this
by flushing the handle after the unseal.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
v2: use EXPORT_SYMBOL_GPL
---
drivers/char/tpm/tpm.h | 1 -
drivers/char/tpm/tpm2-cmd.c | 1 +
include/linux/tpm.h | 1 +
security/keys/trusted-keys/trusted_tpm2.c | 1 +
4 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index b9e1547be6b5..5620747da0cf 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
struct tpm_digest *digests);
int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
-void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
u32 *value, const char *desc);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index fdb457704aa7..13696deceae8 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
tpm_transmit_cmd(chip, &buf, 0, "flushing context");
tpm_buf_destroy(&buf);
}
+EXPORT_SYMBOL_GPL(tpm2_flush_context);
struct tpm2_get_cap_out {
u8 more_data;
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 0d6e949ba315..03e9b184411b 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -403,6 +403,7 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen);
extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
extern struct tpm_chip *tpm_default_chip(void);
+void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
#else
static inline int tpm_is_tpm2(struct tpm_chip *chip)
{
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index a9810ac2776f..08ec7f48f01d 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -309,6 +309,7 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
return rc;
rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
+ tpm2_flush_context(chip, blob_handle);
return rc;
}
--
2.16.4
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
keyrings@vger.kernel.org
Subject: [PATCH v2 1/8] security: keys: trusted: flush the key handle after use
Date: Mon, 09 Dec 2019 16:05:29 -0800 [thread overview]
Message-ID: <1575936329.31378.51.camel@HansenPartnership.com> (raw)
In-Reply-To: <1575936272.31378.50.camel@HansenPartnership.com>
The trusted keys code currently loads a blob into the TPM and unseals
on the handle. However, it never flushes the handle meaning that
volatile contexts build up until the TPM becomes unusable. Fix this
by flushing the handle after the unseal.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
v2: use EXPORT_SYMBOL_GPL
---
drivers/char/tpm/tpm.h | 1 -
drivers/char/tpm/tpm2-cmd.c | 1 +
include/linux/tpm.h | 1 +
security/keys/trusted-keys/trusted_tpm2.c | 1 +
4 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index b9e1547be6b5..5620747da0cf 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
struct tpm_digest *digests);
int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
-void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
u32 *value, const char *desc);
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index fdb457704aa7..13696deceae8 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
tpm_transmit_cmd(chip, &buf, 0, "flushing context");
tpm_buf_destroy(&buf);
}
+EXPORT_SYMBOL_GPL(tpm2_flush_context);
struct tpm2_get_cap_out {
u8 more_data;
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 0d6e949ba315..03e9b184411b 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -403,6 +403,7 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
extern int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen);
extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
extern struct tpm_chip *tpm_default_chip(void);
+void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
#else
static inline int tpm_is_tpm2(struct tpm_chip *chip)
{
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index a9810ac2776f..08ec7f48f01d 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -309,6 +309,7 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
return rc;
rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
+ tpm2_flush_context(chip, blob_handle);
return rc;
}
--
2.16.4
next prev parent reply other threads:[~2019-12-10 0:05 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 0:04 [PATCH v2 0/8] Fix TPM 2.0 trusted keys James Bottomley
2019-12-10 0:04 ` James Bottomley
2019-12-10 0:05 ` James Bottomley [this message]
2019-12-10 0:05 ` [PATCH v2 1/8] security: keys: trusted: flush the key handle after use James Bottomley
2019-12-10 0:06 ` [PATCH v2 2/8] lib: add asn.1 encoder James Bottomley
2019-12-10 0:06 ` James Bottomley
2019-12-10 8:18 ` David Woodhouse
2019-12-10 13:20 ` James Bottomley
2019-12-10 13:20 ` James Bottomley
2019-12-10 14:08 ` David Howells
2019-12-10 18:53 ` James Bottomley
2019-12-10 18:53 ` James Bottomley
2019-12-10 22:37 ` David Woodhouse
2019-12-11 13:02 ` James Bottomley
2019-12-11 13:02 ` James Bottomley
2019-12-18 10:50 ` David Howells
2019-12-18 23:10 ` James Bottomley
2019-12-18 23:10 ` James Bottomley
2019-12-20 16:06 ` James Bottomley
2019-12-20 16:06 ` James Bottomley
2019-12-10 0:06 ` [PATCH v2 3/8] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2019-12-10 0:06 ` James Bottomley
2019-12-10 8:18 ` David Woodhouse
2019-12-10 13:22 ` James Bottomley
2019-12-10 13:22 ` James Bottomley
2019-12-10 0:07 ` [PATCH v2 4/8] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
2019-12-10 0:07 ` James Bottomley
2019-12-10 0:08 ` [PATCH v2 5/8] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2019-12-10 0:08 ` James Bottomley
2019-12-10 0:08 ` [PATCH v2 6/8] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
2019-12-10 0:08 ` James Bottomley
2019-12-10 0:09 ` [PATCH v2 7/8] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
2019-12-10 0:09 ` James Bottomley
2019-12-10 0:10 ` [PATCH v2 8/8] security: keys: trusted: implement counter/timer policy James Bottomley
2019-12-10 0:10 ` James Bottomley
2019-12-11 17:59 ` [PATCH v2 0/8] Fix TPM 2.0 trusted keys Jarkko Sakkinen
2019-12-11 17:59 ` Jarkko Sakkinen
2019-12-14 20:37 ` James Bottomley
2019-12-14 20:37 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1575936329.31378.51.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.