Re: [PATCH v3] KEYS: trusted: Debugging as a feature

Next message: Bo Gan: "Re: [RFC PATCH 00/12] Add Linux RISC-V trace support via CoreSight"
Previous message: pr-tracker-bot: "Re: [GIT PULL] arm64 updates for 7.1"
In reply to: Srish Srinivasan: "Re: [PATCH v3] KEYS: trusted: Debugging as a feature"
Next in thread: Nayna Jain: "Re: [PATCH v3] KEYS: trusted: Debugging as a feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jarkko Sakkinen

Date: Tue Apr 14 2026 - 20:05:01 EST

On Fri, Apr 10, 2026 at 11:03:58PM +0530, Srish Srinivasan wrote:
>
> On 4/9/26 9:37 PM, Jarkko Sakinen wrote:
> > From: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
> >
> > TPM_DEBUG, and other similar flags, are a non-standard way to specify a
> > feature in Linux kernel. Introduce CONFIG_TRUSTED_KEYS_DEBUG for trusted
> > keys, and use it to replace these ad-hoc feature flags.
> >
> > Given that trusted keys debug dumps can contain sensitive data, harden the
> > feature as follows:
> >
> > 1. In the Kconfig description postulate that pr_debug() statements must be
> > used.
> > 2. Use pr_debug() statements in TPM 1.x driver to print the protocol dump.
> > 3. Require trusted.debug=1 on the kernel command line (default: 0) to
> > activate dumps at runtime, even when CONFIG_TRUSTED_KEYS_DEBUG=y.
> >
> > Traces, when actually needed, can be easily enabled by providing
> > trusted.dyndbg='+p' and trusted.debug=1 in the kernel command-line.
> >
> > Cc: Srish Srinivasan <ssrish@xxxxxxxxxxxxx>
> > Reported-by: Nayna Jain <nayna@xxxxxxxxxxxxx>
> > Closes: https://lore.kernel.org/all/7f8b8478-5cd8-4d97-bfd0-341fd5cf10f9@xxxxxxxxxxxxx/
> > Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>
>
>
> Tested on PKWM and emulated TPM backends.
>
> Tested-by: Srish Srinivasan <ssrish@xxxxxxxxxxxxx>

Thank you!

BR, Jarkko