Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM

On 3/21/2019 2:54 PM, Jarkko Sakkinen wrote: > On Mon, Mar 18, 2019 at 04:45:13PM -0700, Dan Williams wrote: >> Rather than fail initialization of the trusted.ko module, arrange for >> the module to load, but rely on trusted_instantiate() to fail >> trusted-key operations. >> >> Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...") >> Cc: Roberto Sassu <roberto.sassu(a)huawei.com&gt; >> Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com&gt; >> Cc: James Bottomley <jejb(a)linux.ibm.com&gt; >> Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com&gt; >> Cc: Mimi Zohar <zohar(a)linux.ibm.com&gt; >> Cc: David Howells <dhowells(a)redhat.com&gt; >> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com&gt; > > It should check for chip in each function that uses TPM now that > the code does not rely on default chip. Otherwise, the semantics > are kind of inconsistent. If no other TPM function can be used before a successful key instantiate, checking for a chip only in trusted_instantiate() seems sufficient. Then, the same chip will be used by all TPM functions until module unloading, since we incremented the reference count. I would suggest to move the tpm_default_chip() and init_digests() calls to trusted_instantiate() to restore the old behavior of init_trusted(). trusted_instantiate() should look like: --- if (!chip) { chip = tpm_default_chip(); if (!chip) return -ENODEV; } if (!digests) { ret = init_digests(); if (ret < 0) return ret; }