Re: [PATCH v2 1/2] keys/trusted_keys: clean up debug message logging in the tpm backend

Next message: Shrikanth Hegde: "[PATCH] sched/fair: Fix stale comments around nohz.nr_cpus"
Previous message: Jarkko Sakkinen: "Re: [PATCH v9 01/11] KEYS: trusted: Use get_random-fallback for TPM"
In reply to: Srish Srinivasan: "Re: [PATCH v2 1/2] keys/trusted_keys: clean up debug message logging in the tpm backend"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v2 1/2] keys/trusted_keys: clean up debug message logging in the tpm backend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jarkko Sakkinen

Date: Mon Mar 23 2026 - 01:28:40 EST

On Tue, Mar 17, 2026 at 08:44:03AM +0530, Srish Srinivasan wrote:
>
> On 3/10/26 4:15 AM, Nayna Jain wrote:
> >
> > On 2/20/26 1:34 PM, Srish Srinivasan wrote:
> > > The TPM trusted-keys backend uses a local TPM_DEBUG guard and pr_info()
> > > for logging debug information.
> > >
> > > Replace pr_info() with pr_debug(), and use KERN_DEBUG for
> > > print_hex_dump().
> > > Remove TPM_DEBUG.
> > >
> > > No functional change intended.
> > There is functional change here. This change allows secret and nonce in
> > the function dump_sess() to be logged to kernel logs when dynamic debug
> > is enabled. Previously, it was possible only in the debug builds and not
> > the production builds at runtime. With this change, it is always there
> > in production build. This can result in possible attack.
>
>
> Hi Jarkko,
> Could you please let us know your thoughts on this one?
>
> And Nayna,
> thanks for bringing this up.

Nayna is absolutely right so I dropped it.

Solution is debatable.

>
> thanks,
> Srish.

BR, Jarkko