From: Jarkko Sakkinen <jarkko@kernel.org>
To: Jonathan McDowell <noodles@earth.li>
Cc: linux-integrity@vger.kernel.org, ross.philipson@oracle.com,
Stefano Garzarella <sgarzare@redhat.com>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v7 03/11] KEYS: trusted: remove redundant instance of tpm2_hash_map
Date: Thu, 27 Nov 2025 21:03:39 +0200 [thread overview]
Message-ID: <aSigiwtumAKrJB5j@kernel.org> (raw)
In-Reply-To: <aSiOU7G1DEf-5-1a@earth.li>
On Thu, Nov 27, 2025 at 05:45:55PM +0000, Jonathan McDowell wrote:
> On Thu, Nov 27, 2025 at 03:54:35PM +0200, Jarkko Sakkinen wrote:
> > Trusted keys duplicates tpm2_hash_map from TPM driver internals. Implement
> > and export `tpm2_find_hash_alg()` in order to address this glitch, and
> > replace redundant code block with a call this new function.
> >
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > ---
> > v7:
> > - A new patch.
> > ---
> > drivers/char/tpm/tpm2-cmd.c | 19 +++++++++++++++--
> > include/linux/tpm.h | 7 ++-----
> > security/keys/trusted-keys/trusted_tpm2.c | 25 +++++------------------
> > 3 files changed, 24 insertions(+), 27 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> > index 97501c567c34..1393bfbeca64 100644
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -18,7 +18,10 @@ static bool disable_pcr_integrity;
> > module_param(disable_pcr_integrity, bool, 0444);
> > MODULE_PARM_DESC(disable_pcr_integrity, "Disable integrity protection of TPM2_PCR_Extend");
> >
> > -static struct tpm2_hash tpm2_hash_map[] = {
> > +static struct {
> > + unsigned int crypto_id;
> > + unsigned int alg_id;
> > +} tpm2_hash_map[] = {
> > {HASH_ALGO_SHA1, TPM_ALG_SHA1},
> > {HASH_ALGO_SHA256, TPM_ALG_SHA256},
> > {HASH_ALGO_SHA384, TPM_ALG_SHA384},
> > @@ -26,6 +29,18 @@ static struct tpm2_hash tpm2_hash_map[] = {
> > {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
> > };
> >
> > +int tpm2_find_hash_alg(unsigned int crypto_id)
> > +{
> > + int i;
> > +
> > + for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++)
> > + if (crypto_id == tpm2_hash_map[i].crypto_id)
> > + return tpm2_hash_map[i].alg_id;
> > +
> > + return -EINVAL;
> > +}
> > +EXPORT_SYMBOL_GPL(tpm2_find_hash_alg);
> > +
> > int tpm2_get_timeouts(struct tpm_chip *chip)
> > {
> > chip->timeout_a = msecs_to_jiffies(TPM2_TIMEOUT_A);
> > @@ -490,7 +505,7 @@ static int tpm2_init_bank_info(struct tpm_chip *chip, u32 bank_index)
> > for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
> > enum hash_algo crypto_algo = tpm2_hash_map[i].crypto_id;
> >
> > - if (bank->alg_id != tpm2_hash_map[i].tpm_id)
> > + if (bank->alg_id != tpm2_hash_map[i].alg_id)
> > continue;
> >
> > bank->digest_size = hash_digest_size[crypto_algo];
> > diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> > index 0e9e043f728c..e5fc7b73de2d 100644
> > --- a/include/linux/tpm.h
> > +++ b/include/linux/tpm.h
> > @@ -410,11 +410,6 @@ enum tpm2_session_attributes {
> > TPM2_SA_AUDIT = BIT(7),
> > };
> >
> > -struct tpm2_hash {
> > - unsigned int crypto_id;
> > - unsigned int tpm_id;
> > -};
> > -
> > int tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal);
> > void tpm_buf_reset(struct tpm_buf *buf, u16 tag, u32 ordinal);
> > int tpm_buf_init_sized(struct tpm_buf *buf);
> > @@ -465,6 +460,7 @@ static inline ssize_t tpm_ret_to_err(ssize_t ret)
> >
> > #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
> >
> > +unsigned int tpm2_alg_to_crypto_id(unsigned int alg_id);
> > extern int tpm_is_tpm2(struct tpm_chip *chip);
> > extern __must_check int tpm_try_get_ops(struct tpm_chip *chip);
> > extern void tpm_put_ops(struct tpm_chip *chip);
>
> This looks like an errant chunk? I can't see tpm2_alg_to_crypto_id defined
> or used?
It is! Thanks, will remove.
>
> > @@ -477,6 +473,7 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> > extern int tpm_get_random(struct tpm_chip *chip, u8 *data, size_t max);
> > extern struct tpm_chip *tpm_default_chip(void);
> > void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
> > +int tpm2_find_hash_alg(unsigned int crypto_id);
> >
> > static inline void tpm_buf_append_empty_auth(struct tpm_buf *buf, u32 handle)
> > {
> > diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> > index 024be262702f..3205732fb4b7 100644
> > --- a/security/keys/trusted-keys/trusted_tpm2.c
> > +++ b/security/keys/trusted-keys/trusted_tpm2.c
> > @@ -18,14 +18,6 @@
> >
> > #include "tpm2key.asn1.h"
> >
> > -static struct tpm2_hash tpm2_hash_map[] = {
> > - {HASH_ALGO_SHA1, TPM_ALG_SHA1},
> > - {HASH_ALGO_SHA256, TPM_ALG_SHA256},
> > - {HASH_ALGO_SHA384, TPM_ALG_SHA384},
> > - {HASH_ALGO_SHA512, TPM_ALG_SHA512},
> > - {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
> > -};
> > -
> > static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> >
> > static int tpm2_key_encode(struct trusted_key_payload *payload,
> > @@ -244,24 +236,17 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
> > off_t offset = TPM_HEADER_SIZE;
> > struct tpm_buf buf, sized;
> > int blob_len = 0;
> > - u32 hash;
> > + int hash;
> > u32 flags;
> > - int i;
> > int rc;
> >
> > - for (i = 0; i < ARRAY_SIZE(tpm2_hash_map); i++) {
> > - if (options->hash == tpm2_hash_map[i].crypto_id) {
> > - hash = tpm2_hash_map[i].tpm_id;
> > - break;
> > - }
> > - }
> > -
> > - if (i == ARRAY_SIZE(tpm2_hash_map))
> > - return -EINVAL;
> > -
> > if (!options->keyhandle)
> > return -EINVAL;
> >
> > + hash = tpm2_find_hash_alg(options->hash);
> > + if (hash)
> > + return hash;
> > +
> > rc = tpm_try_get_ops(chip);
> > if (rc)
> > return rc;
> > --
> > 2.52.0
>
> J.
>
> --
> Design a system any fool can use, and only a fool will want to use it.
BR, Jarkko
next prev parent reply other threads:[~2025-11-27 19:03 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-27 13:54 [PATCH v7 00/11] Prepare TPM driver for Trenchboot Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 01/11] tpm: Cap the number of PCR banks Jarkko Sakkinen
2025-11-27 16:09 ` Roberto Sassu
2025-11-27 17:14 ` Jarkko Sakkinen
2025-11-27 17:17 ` Roberto Sassu
2025-11-27 18:52 ` Jarkko Sakkinen
2025-11-28 9:21 ` Roberto Sassu
2025-11-28 15:10 ` Jarkko Sakkinen
2025-11-28 18:05 ` Jarkko Sakkinen
2025-12-03 0:57 ` Lai, Yi
2025-12-03 1:11 ` Jarkko Sakkinen
2025-12-03 1:26 ` Lai, Yi
2025-12-03 2:03 ` Jarkko Sakkinen
2025-12-03 1:54 ` Jarkko Sakkinen
2025-12-03 1:54 ` Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 02/11] tpm: Use -EPERM as fallback error code in tpm_ret_to_err Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 03/11] KEYS: trusted: remove redundant instance of tpm2_hash_map Jarkko Sakkinen
2025-11-27 17:45 ` Jonathan McDowell
2025-11-27 19:03 ` Jarkko Sakkinen [this message]
2025-11-27 13:54 ` [PATCH v7 04/11] KEYS: trusted: Fix memory leak in tpm2_load() Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 05/11] KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2 Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 06/11] tpm2-sessions: Remove 'attributes' from tpm_buf_append_auth Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 07/11] tpm2-sessions: Unmask tpm_buf_append_hmac_session() Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 08/11] KEYS: trusted: Open code tpm2_buf_append() Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 09/11] tpm-buf: unify TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 10/11] tpm-buf: Remove chip parameter from tpm_buf_append_handle Jarkko Sakkinen
2025-11-27 13:54 ` [PATCH v7 11/11] tpm-buf: Enable managed and stack allocations Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSigiwtumAKrJB5j@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=noodles@earth.li \
--cc=paul@paul-moore.com \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=serge@hallyn.com \
--cc=sgarzare@redhat.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.