10:45 a.m.
Rather than fail initialization of the trusted.ko module, arrange for
the module to load, but rely on trusted_instantiate() to fail
trusted-key operations.
Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...")
Cc: Roberto Sassu <roberto.sassu(a)huawei.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com>
Cc: James Bottomley <jejb(a)linux.ibm.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com>
Cc: Mimi Zohar <zohar(a)linux.ibm.com>
Cc: David Howells <dhowells(a)redhat.com>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
---
security/keys/trusted.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index bcc9c6ead7fd..d959597a688e 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -45,6 +45,13 @@ struct sdesc {
static struct crypto_shash *hashalg;
static struct crypto_shash *hmacalg;
+static struct device *chip_dev(struct tpm_chip *chip)
+{
+ if (chip)
+ return &chip->dev;
+ return NULL;
+}
+
static struct sdesc *init_sdesc(struct crypto_shash *alg)
{
struct sdesc *sdesc;
@@ -1224,6 +1231,14 @@ static int __init init_digests(void)
int ret;
int i;
+ /*
+ * Hardware tpm operations are disabled, but allow the software
+ * module to initialize, and depend on trusted_instantiate() to
+ * fail any attempts to access the missing hardware.
+ */
+ if (!chip)
+ return 0;
+
ret = tpm_get_random(chip, digest, TPM_MAX_DIGEST_SIZE);
if (ret < 0)
return ret;
@@ -1246,8 +1261,6 @@ static int __init init_trusted(void)
int ret;
chip = tpm_default_chip();
- if (!chip)
- return -ENOENT;
ret = init_digests();
if (ret < 0)
goto err_put;
@@ -1263,13 +1276,13 @@ static int __init init_trusted(void)
err_free:
kfree(digests);
err_put:
- put_device(&chip->dev);
+ put_device(chip_dev(chip));
return ret;
}
static void __exit cleanup_trusted(void)
{
- put_device(&chip->dev);
+ put_device(chip_dev(chip));
kfree(digests);
trusted_shash_release();
unregister_key_type(&key_type_trusted);