Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM
On 3/21/2019 2:54 PM, Jarkko Sakkinen wrote:
On Mon, Mar 18, 2019 at 04:45:13PM -0700, Dan Williams wrote:
> Rather than fail initialization of the trusted.ko module, arrange for
> the module to load, but rely on trusted_instantiate() to fail
> trusted-key operations.
>
> Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip
structure...")
> Cc: Roberto Sassu <roberto.sassu(a)huawei.com>
> Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com>
> Cc: James Bottomley <jejb(a)linux.ibm.com>
> Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com>
> Cc: Mimi Zohar <zohar(a)linux.ibm.com>
> Cc: David Howells <dhowells(a)redhat.com>
> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
It should check for chip in each function that uses TPM now that
the code does not rely on default chip. Otherwise, the semantics
are kind of inconsistent.
If no other TPM function can be used before a successful key
instantiate, checking for a chip only in trusted_instantiate() seems
sufficient. Then, the same chip will be used by all TPM functions until
module unloading, since we incremented the reference count.
I would suggest to move the tpm_default_chip() and init_digests() calls
to trusted_instantiate() to restore the old behavior of init_trusted().
trusted_instantiate() should look like:
---
if (!chip) {
chip = tpm_default_chip();
if (!chip)
return -ENODEV;
}
if (!digests) {
ret = init_digests();
if (ret < 0)
return ret;
}
---
Roberto
/Jarkko
--
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI