Re: [PATCH v2 1/2] keys/trusted_keys: clean up debug message logging in the tpm backend

[Jarkko Sakkinen <jarkko@kernel.org>]

On Mon, Mar 09, 2026 at 06:45:23PM -0400, Nayna Jain wrote:
> 
> On 2/20/26 1:34 PM, Srish Srinivasan wrote:
> > The TPM trusted-keys backend uses a local TPM_DEBUG guard and pr_info()
> > for logging debug information.
> > 
> > Replace pr_info() with pr_debug(), and use KERN_DEBUG for print_hex_dump().
> > Remove TPM_DEBUG.
> > 
> > No functional change intended.
> There is functional change here.  This change allows secret and nonce in the
> function dump_sess() to be logged to kernel logs when dynamic debug is
> enabled. Previously, it was possible only in the debug builds and not the
> production builds at runtime. With this change, it is always there in
> production build. This can result in possible attack.

Good catch, thank you. It's in my master branch still (not in -next).

TPM_DEBUG should be removed in all cases. If you really want to read
a secret, use tracing tools.

This only proves that the print should exist or should be a constant
value, or overwritten same length value.


> Instead of doing this change, I think add a comment to prevent this sort of
> change in the future.
> 
> Thanks & Regards,
> 
>     - Nayna
> 
> > 
> > Signed-off-by: Srish Srinivasan <ssrish@linux.ibm.com>
> > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> > ---
> >   security/keys/trusted-keys/trusted_tpm1.c | 40 +++++++----------------
> >   1 file changed, 12 insertions(+), 28 deletions(-)
> > 
> > diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
> > index c865c97aa1b4..216caef97ffc 100644
> > --- a/security/keys/trusted-keys/trusted_tpm1.c
> > +++ b/security/keys/trusted-keys/trusted_tpm1.c
> > @@ -46,28 +46,25 @@ enum {
> >   	SRK_keytype = 4
> >   };
> > -#define TPM_DEBUG 0
> > -
> > -#if TPM_DEBUG
> >   static inline void dump_options(struct trusted_key_options *o)
> >   {
> > -	pr_info("sealing key type %d\n", o->keytype);
> > -	pr_info("sealing key handle %0X\n", o->keyhandle);
> > -	pr_info("pcrlock %d\n", o->pcrlock);
> > -	pr_info("pcrinfo %d\n", o->pcrinfo_len);
> > -	print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
> > +	pr_debug("sealing key type %d\n", o->keytype);
> > +	pr_debug("sealing key handle %0X\n", o->keyhandle);
> > +	pr_debug("pcrlock %d\n", o->pcrlock);
> > +	pr_debug("pcrinfo %d\n", o->pcrinfo_len);
> > +	print_hex_dump(KERN_DEBUG, "pcrinfo ", DUMP_PREFIX_NONE,
> >   		       16, 1, o->pcrinfo, o->pcrinfo_len, 0);
> >   }
> >   static inline void dump_sess(struct osapsess *s)
> >   {
> > -	print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
> > +	print_hex_dump(KERN_DEBUG, "trusted-key: handle ", DUMP_PREFIX_NONE,
> >   		       16, 1, &s->handle, 4, 0);
> > -	pr_info("secret:\n");
> > -	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
> > +	pr_debug("secret:\n");
> > +	print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE,
> >   		       16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
> > -	pr_info("trusted-key: enonce:\n");
> > -	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
> > +	pr_debug("trusted-key: enonce:\n");
> > +	print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE,
> >   		       16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
> >   }
> > @@ -75,23 +72,10 @@ static inline void dump_tpm_buf(unsigned char *buf)
> >   {
> >   	int len;
> > -	pr_info("\ntpm buffer\n");
> > +	pr_debug("\ntpm buffer\n");
> >   	len = LOAD32(buf, TPM_SIZE_OFFSET);
> > -	print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
> > -}
> > -#else
> > -static inline void dump_options(struct trusted_key_options *o)
> > -{
> > -}
> > -
> > -static inline void dump_sess(struct osapsess *s)
> > -{
> > -}
> > -
> > -static inline void dump_tpm_buf(unsigned char *buf)
> > -{
> > +	print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
> >   }
> > -#endif
> >   static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,
> >   		       unsigned int keylen, ...)

BR, Jarkko