mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-11-27 01:59:15 +00:00
dda5384313
When creating (sealing) a new trusted key, migratable
trusted keys have the FIXED_TPM and FIXED_PARENT attributes
set, and non-migratable keys don't. This is backwards, and
also causes creation to fail when creating a migratable key
under a migratable parent. (The TPM thinks you are trying to
seal a non-migratable blob under a migratable parent.)
The following simple patch fixes the logic, and has been
tested for all four combinations of migratable and non-migratable
trusted keys and parent storage keys. With this logic, you will
get a proper failure if you try to create a non-migratable
trusted key under a migratable parent storage key, and all other
combinations work correctly.
Cc: stable@vger.kernel.org # v5.13+
Fixes:
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| tpm2key.asn1 | ||
| trusted_caam.c | ||
| trusted_core.c | ||
| trusted_tee.c | ||
| trusted_tpm1.c | ||
| trusted_tpm2.c | ||