From patchwork Sat Feb 13 13:47:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarkko Sakkinen X-Patchwork-Id: 8299971 Return-Path: X-Original-To: patchwork-tpmdd-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 34E299F38B for ; Sat, 13 Feb 2016 13:47:49 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 6978B2044B for ; Sat, 13 Feb 2016 13:47:48 +0000 (UTC) Received: from lists.sourceforge.net (lists.sourceforge.net [216.34.181.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6325A20444 for ; Sat, 13 Feb 2016 13:47:47 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1aUaY5-0006Ns-VK; Sat, 13 Feb 2016 13:47:45 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1aUaY4-0006Nm-7u for tpmdd-devel@lists.sourceforge.net; Sat, 13 Feb 2016 13:47:44 +0000 X-ACL-Warn: Received: from mga03.intel.com ([134.134.136.65]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1aUaY2-00030u-Ay for tpmdd-devel@lists.sourceforge.net; Sat, 13 Feb 2016 13:47:44 +0000 Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP; 13 Feb 2016 05:47:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.22,440,1449561600"; d="scan'208";a="651758167" Received: from mlynch2-mobl3.ger.corp.intel.com (HELO localhost) ([10.252.19.31]) by FMSMGA003.fm.intel.com with ESMTP; 13 Feb 2016 05:47:26 -0800 From: Jarkko Sakkinen To: Peter Huewe , Marcel Selhorst , David Howells Date: Sat, 13 Feb 2016 15:47:04 +0200 Message-Id: <1455371228-20431-2-git-send-email-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1455371228-20431-1-git-send-email-jarkko.sakkinen@linux.intel.com> References: <1455371228-20431-1-git-send-email-jarkko.sakkinen@linux.intel.com> X-Spam-Score: -0.1 (/) X-Headers-End: 1aUaY2-00030u-Ay Cc: "moderated list:TPM DEVICE DRIVER" , jmorris@namei.org, open list Subject: [tpmdd-devel] [PATCH v2 1/4] tpm: fix: keep auth session intact after unseal operation X-BeenThere: tpmdd-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: Tpm Device Driver maintainance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: tpmdd-devel-bounces@lists.sourceforge.net X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, HK_RANDOM_ENVFROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The behavior of policy based unseal operation is not consistent: * When there is an error in TPM2_Unseal operation, the session object stays in the TPM transient memory. * When the unseal is succesful, the TPM automatically removes the session object. This patch sets the continueSession attribute to keep the session intact after a successful unseal operation thus making the behavior consistent. Signed-off-by: Jarkko Sakkinen Fixes: 5beb0c435b ("keys, trusted: seal with a TPM2 authorization policy") --- drivers/char/tpm/tpm2-cmd.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 66e04b4..b28e4da 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -20,7 +20,11 @@ #include enum tpm2_object_attributes { - TPM2_ATTR_USER_WITH_AUTH = BIT(6), + TPM2_OA_USER_WITH_AUTH = BIT(6), +}; + +enum tpm2_session_attributes { + TPM2_SA_CONTINUE_SESSION = BIT(0), }; struct tpm2_startup_in { @@ -489,7 +493,7 @@ int tpm2_seal_trusted(struct tpm_chip *chip, tpm_buf_append(&buf, options->policydigest, options->policydigest_len); } else { - tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH); + tpm_buf_append_u32(&buf, TPM2_OA_USER_WITH_AUTH); tpm_buf_append_u16(&buf, 0); } @@ -627,7 +631,7 @@ static int tpm2_unseal(struct tpm_chip *chip, options->policyhandle ? options->policyhandle : TPM2_RS_PW, NULL /* nonce */, 0, - 0 /* session_attributes */, + TPM2_SA_CONTINUE_SESSION, options->blobauth /* hmac */, TPM_DIGEST_SIZE);