Re: [GIT PULL] TPM DEVICE DRIVER changes for v5.14

From: Stefan Berger
Date: Mon Jun 28 2021 - 14:33:23 EST



On 6/28/21 1:34 PM, Linus Torvalds wrote:
On Wed, Jun 23, 2021 at 6:56 AM Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote:
Contains bug fixes for TPM, and support for signing modules using elliptic
curve keys, which I promised to pick up to my tree.
I pulled this, but then I looked at the key type changes, and that
made me so scared that I unpulled it again.

In particular, that code will do

shell rm -f $(CONFIG_MODULE_SIG_KEY)

from the Makefile if some config options have changed.

I suppose it is from this part here.

+# Support user changing key type
+ifdef CONFIG_MODULE_SIG_KEY_TYPE_ECDSA
+keytype_openssl = -newkey ec -pkeyopt ec_paramgen_curve:secp384r1
+ifeq ($(openssl_available),yes)
+$(if $(findstring id-ecPublicKey,$(X509TEXT)),,$(shell rm -f $(CONFIG_MODULE_SIG_KEY)))
+endif
+endif # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA
+
+ifdef CONFIG_MODULE_SIG_KEY_TYPE_RSA
+ifeq ($(openssl_available),yes)
 $(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f $(CONFIG_MODULE_SIG_KEY)))
 endif
+endif # CONFIG_MODULE_SIG_KEY_TYPE_RSA


If the user changed the build option from an ECDSA module signing key to an RSA signing key or vice versa then this code deletes the current signing key and subsequent code in the Makefile will create an RSA or ECDSA signing key following the user's choice. I suppose this is expected behavior that when a user chooses an RSA signing key it will use an RSA signing key. Maybe we should make a backup copy of the previous key, if that helps.



That just seems too broken for words. Maybe I misunderstand this, but
this really seems like an easy mistake might cause the kernel build to
actively start removing some random user key files that the user
pointed at previously.

The removal is triggered by the user changing the type of key from what is in the keyfile.

  Stefan




Linus