starfive-tech/linux.git/security/keys, branch visionfive_v1_5.13

trusted-keys: match tpm_get_ops on all return paths

2021-05-12T19:36:37+00:00

The `tpm_get_ops` call at the beginning of the function is not paired with a `tpm_put_ops` on this return path. Cc: stable@vger.kernel.org Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Reported-by: Dan Carpenter Signed-off-by: Ben Boeckel Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

KEYS: trusted: Fix memory leak on object td

2021-05-12T19:36:36+00:00

Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build warning: security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential memory leak [unix.Malloc] Cc: stable@vger.kernel.org Fixes: 5df16caada3f ("KEYS: trusted: Fix incorrect handling of tpm_get_random()") Signed-off-by: Colin Ian King Reviewed-by: Nick Desaulniers Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

Merge tag 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/tpmdd

2021-04-26T15:31:03+00:00

Pull tpm fixes from James Bottomley: "Fix a regression in the TPM trusted keys caused by the generic rework to add ARM TEE based trusted keys. Without this fix, the TPM trusted key subsystem fails to add or load any keys" * tag 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/tpmdd: KEYS: trusted: fix TPM trusted keys for generic framework

Merge tag 'tpmdd-next-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd

2021-04-26T15:27:59+00:00

Pull tpm updates from Jarkko Sakkinen: "New features: - ARM TEE backend for kernel trusted keys to complete the existing TPM backend - ASN.1 format for TPM2 trusted keys to make them interact with the user space stack, such as OpenConnect VPN Other than that, a bunch of bug fixes" * tag 'tpmdd-next-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: KEYS: trusted: Fix missing null return from kzalloc call char: tpm: fix error return code in tpm_cr50_i2c_tis_recv() MAINTAINERS: Add entry for TEE based Trusted Keys doc: trusted-encrypted: updates with TEE as a new trust source KEYS: trusted: Introduce TEE based Trusted Keys KEYS: trusted: Add generic trusted keys framework security: keys: trusted: Make sealed key properly interoperable security: keys: trusted: use ASN.1 TPM2 key format for the blobs security: keys: trusted: fix TPM2 authorizations oid_registry: Add TCG defined OIDS for TPM keys lib: Add ASN.1 encoder tpm: vtpm_proxy: Avoid reading host log when using a virtual device tpm: acpi: Check eventlog signature before using it tpm: efi: Use local variable for calculating final log size

KEYS: trusted: fix TPM trusted keys for generic framework

2021-04-21T23:30:06+00:00

The generic framework patch broke the current TPM trusted keys because it doesn't correctly remove the values consumed by the generic parser before passing them on to the implementation specific parser. Fix this by having the generic parser return the string minus the consumed tokens. Additionally, there may be no tokens left for the implementation specific parser, so make it handle the NULL case correctly and finally fix a TPM 1.2 specific check for no keyhandle. Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework") Tested-by: Sumit Garg Signed-off-by: James Bottomley

KEYS: trusted: Fix TPM reservation for seal/unseal

2021-04-21T23:28:20+00:00

The original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal operations") was correct on the mailing list: https://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/ But somehow got rebased so that the tpm_try_get_ops() in tpm2_seal_trusted() got lost. This causes an imbalanced put of the TPM ops and causes oopses on TIS based hardware. This fix puts back the lost tpm_try_get_ops() Fixes: 8c657a0590de ("KEYS: trusted: Reserve TPM for seal and unseal operations") Reported-by: Mimi Zohar Acked-by: Mimi Zohar Signed-off-by: James Bottomley

KEYS: trusted: Fix missing null return from kzalloc call

2021-04-14T13:30:31+00:00

The kzalloc call can return null with the GFP_KERNEL flag so add a null check and exit via a new error exit label. Use the same exit error label for another error path too. Addresses-Coverity: ("Dereference null return value") Fixes: 830027e2cb55 ("KEYS: trusted: Add generic trusted keys framework") Signed-off-by: Colin Ian King Reviewed-by: Sumit Garg Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

KEYS: trusted: Introduce TEE based Trusted Keys

2021-04-14T13:30:30+00:00

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Refer to Documentation/staging/tee.rst for detailed information about TEE. Signed-off-by: Sumit Garg Tested-by: Jarkko Sakkinen Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

KEYS: trusted: Add generic trusted keys framework

2021-04-14T13:30:30+00:00

Current trusted keys framework is tightly coupled to use TPM device as an underlying implementation which makes it difficult for implementations like Trusted Execution Environment (TEE) etc. to provide trusted keys support in case platform doesn't posses a TPM device. Add a generic trusted keys framework where underlying implementations can be easily plugged in. Create struct trusted_key_ops to achieve this, which contains necessary functions of a backend. Also, define a module parameter in order to select a particular trust source in case a platform support multiple trust sources. In case its not specified then implementation itetrates through trust sources list starting with TPM and assign the first trust source as a backend which has initiazed successfully during iteration. Note that current implementation only supports a single trust source at runtime which is either selectable at compile time or during boot via aforementioned module parameter. Suggested-by: Jarkko Sakkinen Signed-off-by: Sumit Garg Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

security: keys: trusted: Make sealed key properly interoperable

2021-04-14T13:30:30+00:00

The current implementation appends a migratable flag to the end of a key, meaning the format isn't exactly interoperable because the using party needs to know to strip this extra byte. However, all other consumers of TPM sealed blobs expect the unseal to return exactly the key. Since TPM2 keys have a key property flag that corresponds to migratable, use that flag instead and make the actual key the only sealed quantity. This is secure because the key properties are bound to a hash in the private part, so if they're altered the key won't load. Backwards compatibility is implemented by detecting whether we're loading a new format key or not and correctly setting migratable from the last byte of old format keys. Signed-off-by: James Bottomley Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen