Merge tag 'tpmdd-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd (b9ff7745) · Commits · git / linux-net

security/integrity/Kconfig

+0 −2

Original line number	Diff line number	Diff line
		@@ -68,8 +68,6 @@ config INTEGRITY_MACHINE_KEYRING
		depends on INTEGRITY_ASYMMETRIC_KEYS
		depends on SYSTEM_BLACKLIST_KEYRING
		depends on LOAD_UEFI_KEYS \|\| LOAD_PPC_KEYS
		select INTEGRITY_CA_MACHINE_KEYRING if LOAD_PPC_KEYS
		select INTEGRITY_CA_MACHINE_KEYRING_MAX if LOAD_PPC_KEYS
		help
		If set, provide a keyring to which Machine Owner Keys (MOK) may
		be added. This keyring shall contain just MOK keys. Unlike keys

security/keys/internal.h

+0 −7

Original line number	Diff line number	Diff line
		@@ -109,13 +109,6 @@ extern void __key_link_end(struct key *keyring,
		extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
		const struct keyring_index_key *index_key);

		extern struct key keyring_search_instkey(struct key keyring,
		key_serial_t target_id);

		extern int iterate_over_keyring(const struct key *keyring,
		int (func)(const struct key key, void *data),
		void *data);

		struct keyring_search_context {
		struct keyring_index_key index_key;
		const struct cred *cred;

security/keys/trusted-keys/trusted_core.c

+10 −10

Original line number	Diff line number	Diff line
		@@ -358,17 +358,17 @@ static int __init init_trusted(void)
		if (!get_random)
		get_random = kernel_get_random;

		static_call_update(trusted_key_seal,
		trusted_key_sources[i].ops->seal);
		static_call_update(trusted_key_unseal,
		trusted_key_sources[i].ops->unseal);
		static_call_update(trusted_key_get_random,
		get_random);
		ret = trusted_key_sources[i].ops->init();
		if (!ret) {
		static_call_update(trusted_key_seal, trusted_key_sources[i].ops->seal);
		static_call_update(trusted_key_unseal, trusted_key_sources[i].ops->unseal);
		static_call_update(trusted_key_get_random, get_random);

		trusted_key_exit = trusted_key_sources[i].ops->exit;
		migratable = trusted_key_sources[i].ops->migratable;
		}

		ret = trusted_key_sources[i].ops->init();
		if (!ret)
		if (!ret \|\| ret != -ENODEV)
		break;
		}

security/keys/trusted-keys/trusted_tee.c

+20 −44

Original line number	Diff line number	Diff line
		@@ -65,24 +65,16 @@ static int trusted_tee_seal(struct trusted_key_payload p, char datablob)
		int ret;
		struct tee_ioctl_invoke_arg inv_arg;
		struct tee_param param[4];
		struct tee_shm reg_shm_in = NULL, reg_shm_out = NULL;
		struct tee_shm *reg_shm = NULL;

		memset(&inv_arg, 0, sizeof(inv_arg));
		memset(&param, 0, sizeof(param));

		reg_shm_in = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
		p->key_len);
		if (IS_ERR(reg_shm_in)) {
		dev_err(pvt_data.dev, "key shm register failed\n");
		return PTR_ERR(reg_shm_in);
		}

		reg_shm_out = tee_shm_register_kernel_buf(pvt_data.ctx, p->blob,
		sizeof(p->blob));
		if (IS_ERR(reg_shm_out)) {
		dev_err(pvt_data.dev, "blob shm register failed\n");
		ret = PTR_ERR(reg_shm_out);
		goto out;
		reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
		sizeof(p->key) + sizeof(p->blob));
		if (IS_ERR(reg_shm)) {
		dev_err(pvt_data.dev, "shm register failed\n");
		return PTR_ERR(reg_shm);
		}

		inv_arg.func = TA_CMD_SEAL;
		@@ -90,13 +82,13 @@ static int trusted_tee_seal(struct trusted_key_payload p, char datablob)
		inv_arg.num_params = 4;

		param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
		param[0].u.memref.shm = reg_shm_in;
		param[0].u.memref.shm = reg_shm;
		param[0].u.memref.size = p->key_len;
		param[0].u.memref.shm_offs = 0;
		param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
		param[1].u.memref.shm = reg_shm_out;
		param[1].u.memref.shm = reg_shm;
		param[1].u.memref.size = sizeof(p->blob);
		param[1].u.memref.shm_offs = 0;
		param[1].u.memref.shm_offs = sizeof(p->key);

		ret = tee_client_invoke_func(pvt_data.ctx, &inv_arg, param);
		if ((ret < 0) \|\| (inv_arg.ret != 0)) {
		@@ -107,11 +99,7 @@ static int trusted_tee_seal(struct trusted_key_payload p, char datablob)
		p->blob_len = param[1].u.memref.size;
		}

		out:
		if (reg_shm_out)
		tee_shm_free(reg_shm_out);
		if (reg_shm_in)
		tee_shm_free(reg_shm_in);
		tee_shm_free(reg_shm);

		return ret;
		}
		@@ -124,24 +112,16 @@ static int trusted_tee_unseal(struct trusted_key_payload p, char datablob)
		int ret;
		struct tee_ioctl_invoke_arg inv_arg;
		struct tee_param param[4];
		struct tee_shm reg_shm_in = NULL, reg_shm_out = NULL;
		struct tee_shm *reg_shm = NULL;

		memset(&inv_arg, 0, sizeof(inv_arg));
		memset(&param, 0, sizeof(param));

		reg_shm_in = tee_shm_register_kernel_buf(pvt_data.ctx, p->blob,
		p->blob_len);
		if (IS_ERR(reg_shm_in)) {
		dev_err(pvt_data.dev, "blob shm register failed\n");
		return PTR_ERR(reg_shm_in);
		}

		reg_shm_out = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
		sizeof(p->key));
		if (IS_ERR(reg_shm_out)) {
		dev_err(pvt_data.dev, "key shm register failed\n");
		ret = PTR_ERR(reg_shm_out);
		goto out;
		reg_shm = tee_shm_register_kernel_buf(pvt_data.ctx, p->key,
		sizeof(p->key) + sizeof(p->blob));
		if (IS_ERR(reg_shm)) {
		dev_err(pvt_data.dev, "shm register failed\n");
		return PTR_ERR(reg_shm);
		}

		inv_arg.func = TA_CMD_UNSEAL;
		@@ -149,11 +129,11 @@ static int trusted_tee_unseal(struct trusted_key_payload p, char datablob)
		inv_arg.num_params = 4;

		param[0].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_INPUT;
		param[0].u.memref.shm = reg_shm_in;
		param[0].u.memref.shm = reg_shm;
		param[0].u.memref.size = p->blob_len;
		param[0].u.memref.shm_offs = 0;
		param[0].u.memref.shm_offs = sizeof(p->key);
		param[1].attr = TEE_IOCTL_PARAM_ATTR_TYPE_MEMREF_OUTPUT;
		param[1].u.memref.shm = reg_shm_out;
		param[1].u.memref.shm = reg_shm;
		param[1].u.memref.size = sizeof(p->key);
		param[1].u.memref.shm_offs = 0;

		@@ -166,11 +146,7 @@ static int trusted_tee_unseal(struct trusted_key_payload p, char datablob)
		p->key_len = param[1].u.memref.size;
		}

		out:
		if (reg_shm_out)
		tee_shm_free(reg_shm_out);
		if (reg_shm_in)
		tee_shm_free(reg_shm_in);
		tee_shm_free(reg_shm);

		return ret;
		}