Commit 9d8e7007 authored by Linus Torvalds's avatar Linus Torvalds
Browse files
Pull tpm updates from Jarkko Sakkinen:
 "In order to split the work a bit we've aligned with David Howells more
  or less that I take more hardware/firmware aligned keyring patches,
  and he takes care more of the framework aligned patches.

  For TPM the patches worth of highlighting are the fixes for
  refcounting provided by Lino Sanfilippo and James Bottomley.

  Eric B. has done a bunch obvious (but important) fixes but there's one
  a bit controversial: removal of asym_tpm. It was added in 2018 when
  TPM1 was already declared as insecure and world had moved on to TPM2.
  I don't know how this has passed all the filters but I did not have a
  chance to see the patches when they were out. I simply cannot commit
  to maintaining this because it was from all angles just wrong to take
  it in the first place to the mainline kernel. Nobody should use this
  module really for anything.

  Finally, there is a new keyring '.machine' to hold MOK keys ('Machine
  Owner Keys'). In the mok side MokListTrustedRT UEFI variable can be
  set, from which kernel knows that MOK keys are kernel trusted keys and
  they are populated to the machine keyring. This keyring linked to the
  secondary trusted keyring, which means that can be used like any
  kernel trusted keys. This keyring of course can be used to hold other
  MOK'ish keys in other platforms in future"

* tag 'tpmdd-next-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (24 commits)
  tpm: use try_get_ops() in tpm-space.c
  KEYS: asymmetric: properly validate hash_algo and encoding
  KEYS: asymmetric: enforce that sig algo matches key algo
  KEYS: remove support for asym_tpm keys
  tpm: fix reference counting for struct tpm_chip
  integrity: Only use machine keyring when uefi_check_trust_mok_keys is true
  integrity: Trust MOK keys if MokListTrustedRT found
  efi/mokvar: move up init order
  KEYS: Introduce link restriction for machine keys
  KEYS: store reference to machine keyring
  integrity: add new keyring handler for mok keys
  integrity: Introduce a Linux keyring called machine
  integrity: Fix warning about missing prototypes
  KEYS: trusted: Avoid calling null function trusted_key_exit
  KEYS: trusted: Fix trusted key backends when building as module
  tpm: xen-tpmfront: Use struct_size() helper
  KEYS: x509: remove dead code that set ->unsupported_sig
  KEYS: x509: remove never-set ->unsupported_key flag
  KEYS: x509: remove unused fields
  KEYS: x509: clearly distinguish between key and signature algorithms
  ...
parents f443e374 fb5abce6
Loading
Loading
Loading
Loading
+43 −1
Original line number Diff line number Diff line
@@ -22,6 +22,9 @@ static struct key *builtin_trusted_keys;
#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
static struct key *secondary_trusted_keys;
#endif
#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
static struct key *machine_trusted_keys;
#endif
#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
static struct key *platform_trusted_keys;
#endif
@@ -86,11 +89,50 @@ static __init struct key_restriction *get_builtin_and_secondary_restriction(void
	if (!restriction)
		panic("Can't allocate secondary trusted keyring restriction\n");

	if (IS_ENABLED(CONFIG_INTEGRITY_MACHINE_KEYRING))
		restriction->check = restrict_link_by_builtin_secondary_and_machine;
	else
		restriction->check = restrict_link_by_builtin_and_secondary_trusted;

	return restriction;
}
#endif
#ifdef CONFIG_INTEGRITY_MACHINE_KEYRING
void __init set_machine_trusted_keys(struct key *keyring)
{
	machine_trusted_keys = keyring;

	if (key_link(secondary_trusted_keys, machine_trusted_keys) < 0)
		panic("Can't link (machine) trusted keyrings\n");
}

/**
 * restrict_link_by_builtin_secondary_and_machine - Restrict keyring addition.
 * @dest_keyring: Keyring being linked to.
 * @type: The type of key being added.
 * @payload: The payload of the new key.
 * @restrict_key: A ring of keys that can be used to vouch for the new cert.
 *
 * Restrict the addition of keys into a keyring based on the key-to-be-added
 * being vouched for by a key in either the built-in, the secondary, or
 * the machine keyrings.
 */
int restrict_link_by_builtin_secondary_and_machine(
	struct key *dest_keyring,
	const struct key_type *type,
	const union key_payload *payload,
	struct key *restrict_key)
{
	if (machine_trusted_keys && type == &key_type_keyring &&
	    dest_keyring == secondary_trusted_keys &&
	    payload == &machine_trusted_keys->payload)
		/* Allow the machine keyring to be added to the secondary */
		return 0;

	return restrict_link_by_builtin_and_secondary_trusted(dest_keyring, type,
							      payload, restrict_key);
}
#endif

/*
 * Create the trusted keyrings
+0 −21
Original line number Diff line number Diff line
@@ -22,18 +22,6 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
	  appropriate hash algorithms (such as SHA-1) must be available.
	  ENOPKG will be reported if the requisite algorithm is unavailable.

config ASYMMETRIC_TPM_KEY_SUBTYPE
	tristate "Asymmetric TPM backed private key subtype"
	depends on TCG_TPM
	depends on TRUSTED_KEYS
	select CRYPTO_HMAC
	select CRYPTO_SHA1
	select CRYPTO_HASH_INFO
	help
	  This option provides support for TPM backed private key type handling.
	  Operations such as sign, verify, encrypt, decrypt are performed by
	  the TPM after the private key is loaded.

config X509_CERTIFICATE_PARSER
	tristate "X.509 certificate parser"
	depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -54,15 +42,6 @@ config PKCS8_PRIVATE_KEY_PARSER
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config TPM_KEY_PARSER
	tristate "TPM private key parser"
	depends on ASYMMETRIC_TPM_KEY_SUBTYPE
	select ASN1
	help
	  This option provides support for parsing TPM format blobs for
	  private key data and provides the ability to instantiate a crypto key
	  from that data.

config PKCS7_MESSAGE_PARSER
	tristate "PKCS#7 message parser"
	depends on X509_CERTIFICATE_PARSER
+0 −12
Original line number Diff line number Diff line
@@ -11,7 +11,6 @@ asymmetric_keys-y := \
	signature.o

obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o

#
# X.509 Certificate handling
@@ -75,14 +74,3 @@ verify_signed_pefile-y := \

$(obj)/mscode_parser.o: $(obj)/mscode.asn1.h $(obj)/mscode.asn1.h
$(obj)/mscode.asn1.o: $(obj)/mscode.asn1.c $(obj)/mscode.asn1.h

#
# TPM private key parsing
#
obj-$(CONFIG_TPM_KEY_PARSER) += tpm_key_parser.o
tpm_key_parser-y := \
	tpm.asn1.o \
	tpm_parser.o

$(obj)/tpm_parser.o: $(obj)/tpm.asn1.h
$(obj)/tpm.asn1.o: $(obj)/tpm.asn1.c $(obj)/tpm.asn1.h

crypto/asymmetric_keys/asym_tpm.c

deleted100644 → 0
+0 −957

File deleted.

Preview size limit exceeded, changes collapsed.

+2 −11
Original line number Diff line number Diff line
@@ -174,12 +174,6 @@ static int pkcs7_find_key(struct pkcs7_message *pkcs7,
		pr_devel("Sig %u: Found cert serial match X.509[%u]\n",
			 sinfo->index, certix);

		if (strcmp(x509->pub->pkey_algo, sinfo->sig->pkey_algo) != 0) {
			pr_warn("Sig %u: X.509 algo and PKCS#7 sig algo don't match\n",
				sinfo->index);
			continue;
		}

		sinfo->signer = x509;
		return 0;
	}
@@ -226,9 +220,6 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
			return 0;
		}

		if (x509->unsupported_key)
			goto unsupported_crypto_in_x509;

		pr_debug("- issuer %s\n", x509->issuer);
		sig = x509->sig;
		if (sig->auth_ids[0])
@@ -245,7 +236,7 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
			 * authority.
			 */
			if (x509->unsupported_sig)
				goto unsupported_crypto_in_x509;
				goto unsupported_sig_in_x509;
			x509->signer = x509;
			pr_debug("- self-signed\n");
			return 0;
@@ -309,7 +300,7 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7,
		might_sleep();
	}

unsupported_crypto_in_x509:
unsupported_sig_in_x509:
	/* Just prune the certificate chain at this point if we lack some
	 * crypto module to go further.  Note, however, we don't want to set
	 * sinfo->unsupported_crypto as the signed info block may still be
Loading