dda5384313
When creating (sealing) a new trusted key, migratable
trusted keys have the FIXED_TPM and FIXED_PARENT attributes
set, and non-migratable keys don't. This is backwards, and
also causes creation to fail when creating a migratable key
under a migratable parent. (The TPM thinks you are trying to
seal a non-migratable blob under a migratable parent.)
The following simple patch fixes the logic, and has been
tested for all four combinations of migratable and non-migratable
trusted keys and parent storage keys. With this logic, you will
get a proper failure if you try to create a non-migratable
trusted key under a migratable parent storage key, and all other
combinations work correctly.
Cc: stable@vger.kernel.org # v5.13+
Fixes:
|
||
---|---|---|
.. | ||
encrypted-keys | ||
trusted-keys | ||
big_key.c | ||
compat_dh.c | ||
compat.c | ||
dh.c | ||
gc.c | ||
internal.h | ||
Kconfig | ||
key.c | ||
keyctl_pkey.c | ||
keyctl.c | ||
keyring.c | ||
Makefile | ||
permission.c | ||
persistent.c | ||
proc.c | ||
process_keys.c | ||
request_key_auth.c | ||
request_key.c | ||
sysctl.c | ||
user_defined.c |