| Message ID | 20190326121158.13499-1-jarkko.sakkinen@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] KEYS: trusted: allow trusted.ko to initialize w/o a TPM | expand |
On Tue, Mar 26, 2019 at 5:13 AM Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> wrote: > > Allow trusted.ko to initialize w/o a TPM. This commit adds checks to the > key type callbacks and exported functions to fail when a TPM is not > available. > > Cc: James Morris <jmorris@namei.org> > Reported-by: Dan Williams <dan.j.williams@intel.com> > Tested-by: Dan Williams <dan.j.williams@intel.com> > Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...") > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > v3: > - remove unnecessary check for chip in init_trusted() v3 also tests ok here.
On Wed, Mar 27, 2019 at 10:15:50AM -0700, Dan Williams wrote: > On Tue, Mar 26, 2019 at 5:13 AM Jarkko Sakkinen > <jarkko.sakkinen@linux.intel.com> wrote: > > > > Allow trusted.ko to initialize w/o a TPM. This commit adds checks to the > > key type callbacks and exported functions to fail when a TPM is not > > available. > > > > Cc: James Morris <jmorris@namei.org> > > Reported-by: Dan Williams <dan.j.williams@intel.com> > > Tested-by: Dan Williams <dan.j.williams@intel.com> > > Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...") > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > --- > > v3: > > - remove unnecessary check for chip in init_trusted() > > v3 also tests ok here. Thank you. /Jarkko
diff --git a/security/keys/trusted.c b/security/keys/trusted.c index ecec672d3a77..efdbf17f3915 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -135,6 +135,9 @@ int TSS_authhmac(unsigned char *digest, const unsigned char *key, int ret; va_list argp; + if (!chip) + return -ENODEV; + sdesc = init_sdesc(hashalg); if (IS_ERR(sdesc)) { pr_info("trusted_key: can't alloc %s\n", hash_alg); @@ -196,6 +199,9 @@ int TSS_checkhmac1(unsigned char *buffer, va_list argp; int ret; + if (!chip) + return -ENODEV; + bufsize = LOAD32(buffer, TPM_SIZE_OFFSET); tag = LOAD16(buffer, 0); ordinal = command; @@ -363,6 +369,9 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen) { int rc; + if (!chip) + return -ENODEV; + dump_tpm_buf(cmd); rc = tpm_send(chip, cmd, buflen); dump_tpm_buf(cmd); @@ -429,6 +438,9 @@ int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce) { int ret; + if (!chip) + return -ENODEV; + INIT_BUF(tb); store16(tb, TPM_TAG_RQU_COMMAND); store32(tb, TPM_OIAP_SIZE); @@ -1245,9 +1257,13 @@ static int __init init_trusted(void) { int ret; + /* encrypted_keys.ko depends on successful load of this module even if + * TPM is not used. + */ chip = tpm_default_chip(); if (!chip) - return -ENOENT; + return 0; + ret = init_digests(); if (ret < 0) goto err_put; @@ -1269,10 +1285,12 @@ static int __init init_trusted(void) static void __exit cleanup_trusted(void) { - put_device(&chip->dev); - kfree(digests); - trusted_shash_release(); - unregister_key_type(&key_type_trusted); + if (chip) { + put_device(&chip->dev); + kfree(digests); + trusted_shash_release(); + unregister_key_type(&key_type_trusted); + } } late_initcall(init_trusted);