review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Jarkko Sakkinen <jarkko@kernel.org>
	Thu, 28 Jan 2021 23:56:21 +0000 (01:56 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 4 Mar 2021 10:38:29 +0000 (11:38 +0100)
commit	67118bb78d72aab5b831f054a74ae856339a1974
tree	22b88615e2075a57b77b39dc69309c05682ff605	tree \| snapshot
parent	54c527c18e7fc4c00ee2c97d10c24ccdb07393aa	commit \| diff

KEYS: trusted: Reserve TPM for seal and unseal operations

commit 8c657a0590de585b1115847c17b34a58025f2f4b upstream.

When TPM 2.0 trusted keys code was moved to the trusted keys subsystem,
the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(),
which are used to take temporarily the ownership of the TPM chip. The
ownership is only taken inside tpm_send(), but this is not sufficient,
as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT
need to be done as a one single atom.

Take the TPM chip ownership before sending anything with
tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send
TPM commands instead of tpm_send(), reverting back to the old behaviour.

Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code")
Reported-by: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: stable@vger.kernel.org
Cc: David Howells <dhowells@redhat.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Sumit Garg <sumit.garg@linaro.org>
Acked-by Sumit Garg <sumit.garg@linaro.org>
Tested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/char/tpm/tpm.h		diff \| blob \| history
include/linux/tpm.h		diff \| blob \| history
security/keys/trusted-keys/trusted_tpm2.c		diff \| blob \| history