Re: [PATCH 5.10 258/530] security: keys: trusted: fix TPM2 authorizations
From: Pavel Machek
Date: Sat May 15 2021 - 04:21:38 EST
Hi!
> [ Upstream commit de66514d934d70ce73c302ce0644b54970fc7196 ]
>
> In TPM 1.2 an authorization was a 20 byte number. The spec actually
> recommended you to hash variable length passwords and use the sha1
> hash as the authorization. Because the spec doesn't require this
> hashing, the current authorization for trusted keys is a 40 digit hex
> number. For TPM 2.0 the spec allows the passing in of variable length
> passwords and passphrases directly, so we should allow that in trusted
> keys for ease of use. Update the 'blobauth' parameter to take this
> into account, so we can now use plain text passwords for the keys.
I guess break should now be deleted. If tools don't warn about this,
they should.
> + if (tpm2 && opt->blobauth_len <= sizeof(opt->blobauth)) {
> + memcpy(opt->blobauth, args[0].from,
> + opt->blobauth_len);
> + break;
> + }
> +
> + return -EINVAL;
> +
> break;
> +
Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Attachment:
signature.asc
Description: Digital signature