Skip to content

Commit

Permalink
tpm: fix missing migratable flag in sealing functionality for TPM2
Browse files Browse the repository at this point in the history 
The 'migratable' flag was not added to the key payload. This patch
fixes the problem.

Fixes: 0fe5480 ("keys, trusted: seal/unseal with TPM 2.0 chips")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <PeterHuewe@gmx.de>
  • Loading branch information
Jarkko Sakkinen committed Nov 9, 2015
1 parent b1a4144 commit 2e31125
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions drivers/char/tpm/tpm2-cmd.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,12 +443,13 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
TPM_DIGEST_SIZE);

/* sensitive */
tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len);
tpm_buf_append_u16(&buf, 4 + TPM_DIGEST_SIZE + payload->key_len + 1);

tpm_buf_append_u16(&buf, TPM_DIGEST_SIZE);
tpm_buf_append(&buf, options->blobauth, TPM_DIGEST_SIZE);
tpm_buf_append_u16(&buf, payload->key_len);
tpm_buf_append_u16(&buf, payload->key_len + 1);
tpm_buf_append(&buf, payload->key, payload->key_len);
tpm_buf_append_u8(&buf, payload->migratable);

/* public */
tpm_buf_append_u16(&buf, 14);
Expand Down Expand Up @@ -573,6 +574,8 @@ static int tpm2_unseal(struct tpm_chip *chip,
u32 blob_handle)
{
struct tpm_buf buf;
u16 data_len;
u8 *data;
int rc;

rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_UNSEAL);
Expand All @@ -591,11 +594,13 @@ static int tpm2_unseal(struct tpm_chip *chip,
rc = -EPERM;

if (!rc) {
payload->key_len = be16_to_cpup(
data_len = be16_to_cpup(
(__be16 *) &buf.data[TPM_HEADER_SIZE + 4]);
data = &buf.data[TPM_HEADER_SIZE + 6];

memcpy(payload->key, &buf.data[TPM_HEADER_SIZE + 6],
payload->key_len);
memcpy(payload->key, data, data_len - 1);
payload->key_len = data_len - 1;
payload->migratable = data[data_len - 1];
}

tpm_buf_destroy(&buf);
Expand Down

0 comments on commit 2e31125

Please sign in to comment.