Message ID | 155380002962.7924.11109542476291499729.stgit@djiang5-desk3.ch.intel.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | [1/3] ndctl: fix load-keys for user master-key | expand |
On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang <dave.jiang@intel.com> wrote: > > load-keys incorrectly assumes that all keys have TPM handles. TPM handle is > only for trusted-keys. Fix in order to allow user master-key work. s/work/to operate/ ? > > Signed-off-by: Dave Jiang <dave.jiang@intel.com> > --- > ndctl/load-keys.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c > index 8e4998f2..19380152 100644 > --- a/ndctl/load-keys.c > +++ b/ndctl/load-keys.c > @@ -213,10 +213,8 @@ static int load_keys(struct loadkeys *lk_ctx, const char *keypath, > > if (!tpmhandle) { > rc = check_tpm_handle(lk_ctx); > - if (rc < 0) { > - rc = -errno; > - goto erropen; > - } > + if (rc < 0) > + printf("No TPM handle discovered.\n"); Please keep error messages on stderr.
On 3/28/19 12:11 PM, Dan Williams wrote: > On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang <dave.jiang@intel.com> wrote: >> >> load-keys incorrectly assumes that all keys have TPM handles. TPM handle is >> only for trusted-keys. Fix in order to allow user master-key work. > > s/work/to operate/ ? > >> >> Signed-off-by: Dave Jiang <dave.jiang@intel.com> >> --- >> ndctl/load-keys.c | 6 ++---- >> 1 file changed, 2 insertions(+), 4 deletions(-) >> >> diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c >> index 8e4998f2..19380152 100644 >> --- a/ndctl/load-keys.c >> +++ b/ndctl/load-keys.c >> @@ -213,10 +213,8 @@ static int load_keys(struct loadkeys *lk_ctx, const char *keypath, >> >> if (!tpmhandle) { >> rc = check_tpm_handle(lk_ctx); >> - if (rc < 0) { >> - rc = -errno; >> - goto erropen; >> - } >> + if (rc < 0) >> + printf("No TPM handle discovered.\n"); > > Please keep error messages on stderr. Actually this is info. At this point we do not have context as to if a trusted key or user key being loaded, and it could be we are using user master key or it could be TPM handle can't be found.
On Thu, Mar 28, 2019 at 12:17 PM Dave Jiang <dave.jiang@intel.com> wrote: > > > > On 3/28/19 12:11 PM, Dan Williams wrote: > > On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang <dave.jiang@intel.com> wrote: > >> > >> load-keys incorrectly assumes that all keys have TPM handles. TPM handle is > >> only for trusted-keys. Fix in order to allow user master-key work. > > > > s/work/to operate/ ? > > > >> > >> Signed-off-by: Dave Jiang <dave.jiang@intel.com> > >> --- > >> ndctl/load-keys.c | 6 ++---- > >> 1 file changed, 2 insertions(+), 4 deletions(-) > >> > >> diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c > >> index 8e4998f2..19380152 100644 > >> --- a/ndctl/load-keys.c > >> +++ b/ndctl/load-keys.c > >> @@ -213,10 +213,8 @@ static int load_keys(struct loadkeys *lk_ctx, const char *keypath, > >> > >> if (!tpmhandle) { > >> rc = check_tpm_handle(lk_ctx); > >> - if (rc < 0) { > >> - rc = -errno; > >> - goto erropen; > >> - } > >> + if (rc < 0) > >> + printf("No TPM handle discovered.\n"); > > > > Please keep error messages on stderr. > > Actually this is info. At this point we do not have context as to if a > trusted key or user key being loaded, and it could be we are using user > master key or it could be TPM handle can't be found. Ok, but it should still be stderr. ndctl tries to enforce only json on stdout.
diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c index 8e4998f2..19380152 100644 --- a/ndctl/load-keys.c +++ b/ndctl/load-keys.c @@ -213,10 +213,8 @@ static int load_keys(struct loadkeys *lk_ctx, const char *keypath, if (!tpmhandle) { rc = check_tpm_handle(lk_ctx); - if (rc < 0) { - rc = -errno; - goto erropen; - } + if (rc < 0) + printf("No TPM handle discovered.\n"); } rc = load_master_key(lk_ctx, param.key_path);
load-keys incorrectly assumes that all keys have TPM handles. TPM handle is only for trusted-keys. Fix in order to allow user master-key work. Signed-off-by: Dave Jiang <dave.jiang@intel.com> --- ndctl/load-keys.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)