Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor commits for tpm2 #29426

Merged
merged 5 commits into from Oct 3, 2023
Merged

Minor commits for tpm2 #29426

merged 5 commits into from Oct 3, 2023

Conversation

ddstreet
Copy link
Contributor

@ddstreet ddstreet commented Oct 3, 2023

These are some minor changes for tpm2, split out from #28519 and on top of #29425.

@ddstreet ddstreet mentioned this pull request Oct 3, 2023
Merged
@bluca bluca added needs-rebase and removed please-review PR is ready for (re-)review by a maintainer labels Oct 3, 2023
@ddstreet
tpm2: allow tpm2_make_encryption_session() without bind key
73592a7 
Allow providing no bind key, and use ESYS_TR_NONE instead.
@ddstreet
tpm2: update tpm2 test for supported commands
171d5b6 
The test expects TPM2_CC_FIRST - 1 and TPM2_CC_LAST + 1 to be unsupported, but
those are not necessarily invalid commands. Instead test known-invalid
commands. Also add some more valid commands.
@ddstreet
tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), c…
7014006 
…ap max value

Simplify the function with GREEDY_REALLOC_APPEND(). Also limit the size_t-sized
max value to UINT32_MAX since that's the maximum of the range this searches,
and the max parameter for tpm2_get_capability() is uint32_t.
@ddstreet
tpm2: change tpm2_unseal() to accept Tpm2Context instead of device st…
db7fdf1 
…ring

This matches the change to tpm2_seal(), which now accepts a Tpm2Context instead
of a device string.

This also allows using the same TPM context for sealing and unsealing, which
will be required by (future) test code when sealing/unsealing using a transient
key.
@ddstreet
tpm2: cache TPM's supported ECC curves
639dca0 
This brings the tpm2_supports_ecc_curve() api in line with the other
tpm2_supports_*() functions, of returning a boolean.
@github-actions github-actions bot added please-review PR is ready for (re-)review by a maintainer and removed needs-rebase labels Oct 3, 2023
@DaanDeMeyer DaanDeMeyer added good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed and removed please-review PR is ready for (re-)review by a maintainer labels Oct 3, 2023
@bluca bluca merged commit fdae874 into systemd:main Oct 3, 2023
47 of 48 checks passed
@github-actions github-actions bot removed the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Oct 3, 2023
@ddstreet ddstreet deleted the tpm2_minor_changes branch October 3, 2023 21:52
poettering
poettering reviewed Oct 4, 2023
View reviewed changes
src/shared/tpm2-util.c
@@ -402,6 +402,8 @@ static int tpm2_get_capability_handles(
assert(ret_handles);
assert(ret_n_handles);

max = MIN(max, UINT32_MAX);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wouldn't it make more sense to leave "max" as is is, but simply reduce the range passed to tpm2_get_capability(). i.e. allow ridiculous sizes to be returned if people ask for it, but never pass them to the tpm2 apis?

i.e. drop this line here, but instead change the 4th param of tpm2_get_capability() below to do MIN(max, UINT32_MAX)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poettering poettering poettering left review comments

@bluca bluca bluca approved these changes

@DaanDeMeyer DaanDeMeyer DaanDeMeyer approved these changes

Assignees
No one assigned
Labels
tests tpm2 util-lib
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ddstreet @bluca @poettering @DaanDeMeyer