Re: [PATCH 1/3] ndctl: fix load-keys for user master-key
On 3/28/19 12:11 PM, Dan Williams wrote:
On Thu, Mar 28, 2019 at 12:07 PM Dave Jiang
<dave.jiang(a)intel.com> wrote:
>
> load-keys incorrectly assumes that all keys have TPM handles. TPM handle is
> only for trusted-keys. Fix in order to allow user master-key work.
s/work/to operate/ ?
>
> Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
> ---
> ndctl/load-keys.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/ndctl/load-keys.c b/ndctl/load-keys.c
> index 8e4998f2..19380152 100644
> --- a/ndctl/load-keys.c
> +++ b/ndctl/load-keys.c
> @@ -213,10 +213,8 @@ static int load_keys(struct loadkeys *lk_ctx, const char
*keypath,
>
> if (!tpmhandle) {
> rc = check_tpm_handle(lk_ctx);
> - if (rc < 0) {
> - rc = -errno;
> - goto erropen;
> - }
> + if (rc < 0)
> + printf("No TPM handle discovered.\n");
Please keep error messages on stderr.
Actually this is info. At this point we do not have context as to if a
trusted key or user key being loaded, and it could be we are using user
master key or it could be TPM handle can't be found.