Re: [PATCH v3] KEYS: trusted: Debugging as a feature

Next message: Jonathan Cameron: "Re: [PATCH v3 1/4] staging: iio: adc: ad7816: redefine mode constants to start from 0"
Previous message: Jakub Kicinski: "Re: [PATCH net 2/2] NFC: digital: Bounds check Felica response before sensf_res memcpy"
In reply to: Jarkko Sakkinen: "Re: [PATCH v3] KEYS: trusted: Debugging as a feature"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v3] KEYS: trusted: Debugging as a feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Nayna Jain

Date: Sun Apr 12 2026 - 14:49:14 EST

On 4/9/26 12:07 PM, Jarkko Sakinen wrote:

From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>

TPM_DEBUG, and other similar flags, are a non-standard way to specify a
feature in Linux kernel. Introduce CONFIG_TRUSTED_KEYS_DEBUG for trusted
keys, and use it to replace these ad-hoc feature flags.

Given that trusted keys debug dumps can contain sensitive data, harden the
feature as follows:

1. In the Kconfig description postulate that pr_debug() statements must be
used.
2. Use pr_debug() statements in TPM 1.x driver to print the protocol dump.
3. Require trusted.debug=1 on the kernel command line (default: 0) to
activate dumps at runtime, even when CONFIG_TRUSTED_KEYS_DEBUG=y.

Traces, when actually needed, can be easily enabled by providing
trusted.dyndbg='+p' and trusted.debug=1 in the kernel command-line.

Thanks Jarkko. Additional changes looks good to me. I just realized that the kernel command-line parameters document may need to be updated to include these parameters.

Apart from that, feel free to add my

Reviewed-by: Nayna Jain <nayna@xxxxxxxxxxxxx>

Thanks & Regards,

- Nayna