Commit 219ac97a authored by Linus Torvalds's avatar Linus Torvalds
Browse files
Pull tpm updates from Jarkko Sakkinen:
 "In additon to bug fixes, these are noteworthy changes:

   - In TPM I2C drivers, migrate from probe() to probe_new() (a new
     driver model in I2C).

   - TPM CRB: Pluton support

   - Add duplicate hash detection to the blacklist keyring in order to
     give more meaningful klog output than e.g. [1]"

Link: https://askubuntu.com/questions/1436856/ubuntu-22-10-blacklist-problem-blacklisting-hash-13-message-on-boot [1]

* tag 'tpm-v6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
  tpm: add vendor flag to command code validation
  tpm: Add reserved memory event log
  tpm: Use managed allocation for bios event log
  tpm: tis_i2c: Convert to i2c's .probe_new()
  tpm: tpm_i2c_nuvoton: Convert to i2c's .probe_new()
  tpm: tpm_i2c_infineon: Convert to i2c's .probe_new()
  tpm: tpm_i2c_atmel: Convert to i2c's .probe_new()
  tpm: st33zp24: Convert to i2c's .probe_new()
  KEYS: asymmetric: Fix ECDSA use via keyctl uapi
  certs: don't try to update blacklist keys
  KEYS: Add new function key_create()
  certs: make blacklisted hash available in klog
  tpm_crb: Add support for CRB devices based on Pluton
  crypto: certs: fix FIPS selftest dependency
parents 69adb0bc 85b93bbd
Loading
Loading
Loading
Loading
+12 −9
Original line number Diff line number Diff line
@@ -183,7 +183,7 @@ static int mark_raw_hash_blacklisted(const char *hash)
{
	key_ref_t key;

	key = key_create_or_update(make_key_ref(blacklist_keyring, true),
	key = key_create(make_key_ref(blacklist_keyring, true),
			 "blacklist",
			 hash,
			 NULL,
@@ -192,7 +192,10 @@ static int mark_raw_hash_blacklisted(const char *hash)
			 KEY_ALLOC_NOT_IN_QUOTA |
			 KEY_ALLOC_BUILT_IN);
	if (IS_ERR(key)) {
		pr_err("Problem blacklisting hash (%ld)\n", PTR_ERR(key));
		if (PTR_ERR(key) == -EEXIST)
			pr_warn("Duplicate blacklisted hash %s\n", hash);
		else
			pr_err("Problem blacklisting hash %s: %pe\n", hash, key);
		return PTR_ERR(key);
	}
	return 0;
+1 −1
Original line number Diff line number Diff line
@@ -83,6 +83,6 @@ config FIPS_SIGNATURE_SELFTEST
	  for FIPS.
	depends on KEYS
	depends on ASYMMETRIC_KEY_TYPE
	depends on PKCS7_MESSAGE_PARSER
	depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER

endif # ASYMMETRIC_KEY_TYPE
+1 −0
Original line number Diff line number Diff line
@@ -485,3 +485,4 @@ int pkcs7_supply_detached_data(struct pkcs7_message *pkcs7,
	pkcs7->data_len = datalen;
	return 0;
}
EXPORT_SYMBOL_GPL(pkcs7_supply_detached_data);
+22 −2
Original line number Diff line number Diff line
@@ -186,8 +186,28 @@ static int software_key_query(const struct kernel_pkey_params *params,

	len = crypto_akcipher_maxsize(tfm);
	info->key_size = len * 8;

	if (strncmp(pkey->pkey_algo, "ecdsa", 5) == 0) {
		/*
		 * ECDSA key sizes are much smaller than RSA, and thus could
		 * operate on (hashed) inputs that are larger than key size.
		 * For example SHA384-hashed input used with secp256r1
		 * based keys.  Set max_data_size to be at least as large as
		 * the largest supported hash size (SHA512)
		 */
		info->max_data_size = 64;

		/*
		 * Verify takes ECDSA-Sig (described in RFC 5480) as input,
		 * which is actually 2 'key_size'-bit integers encoded in
		 * ASN.1.  Account for the ASN.1 encoding overhead here.
		 */
		info->max_sig_size = 2 * (len + 3) + 2;
	} else {
		info->max_data_size = len;
		info->max_sig_size = len;
	}

	info->max_enc_size = len;
	info->max_dec_size = len;
	info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
+3 −2
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@
 * Access to the event log extended by the TCG BIOS of PC platform
 */

#include <linux/device.h>
#include <linux/seq_file.h>
#include <linux/fs.h>
#include <linux/security.h>
@@ -135,7 +136,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
	}

	/* malloc EventLog space */
	log->bios_event_log = kmalloc(len, GFP_KERNEL);
	log->bios_event_log = devm_kmalloc(&chip->dev, len, GFP_KERNEL);
	if (!log->bios_event_log)
		return -ENOMEM;

@@ -160,7 +161,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
	return format;

err:
	kfree(log->bios_event_log);
	devm_kfree(&chip->dev, log->bios_event_log);
	log->bios_event_log = NULL;
	return ret;
}
Loading