Skip to content

Commit

Permalink
KEYS: trusted: Fix migratable=1 failing
Browse files Browse the repository at this point in the history 
commit 8da7520 upstream.

Consider the following transcript:

$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @U
add_key: Invalid argument

The documentation has the following description:

  migratable=   0|1 indicating permission to reseal to new PCR values,
                default 1 (resealing allowed)

The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.

[*] Documentation/security/keys/trusted-encrypted.rst

Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c7 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
@jarkkojs @gregkh
jarkkojs authored and gregkh committed Mar 4, 2021
1 parent 9d83cc1 commit 54c527c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion security/keys/trusted-keys/trusted_tpm1.c
View file
Expand Up @@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
case Opt_migratable:
if (*args[0].from == '0')
pay->migratable = 0;
else
else if (*args[0].from != '1')
return -EINVAL;
break;
case Opt_pcrlock:
Expand Down

0 comments on commit 54c527c

Please sign in to comment.