Re: [PATCH] KEYS: trusted: Fix overwrite of keyhandle parameter

From: Jarkko Sakkinen
Date: Mon Dec 08 2025 - 13:56:32 EST

Next message: David Laight: "Re: [PATCH] mm: avoid use of BIT() macro for initialising VMA flags"
Previous message: Vlastimil Babka: "Re: slub: add barn_get_full_sheaf() and refine empty-main sheaf replacement"
In reply to: Jarkko Sakkinen: "[PATCH] KEYS: trusted: Fix overwrite of keyhandle parameter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 08, 2025 at 04:54:35PM +0200, Jarkko Sakkinen wrote:
> tpm2_key_decode() overrides the explicit keyhandle parameter, which can
> lead to problems, if the loaded parent handle does not match the handle
> stored to the key file. This can easily happen as handle by definition
> is an ambiguous attribute.
>
> Cc: stable@xxxxxxxxxxxxxxx # v5.13+
> Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>

What this means in practice is that sometimes you need either to:

1. Binary patch the key file.
2. Decompose/compose a key file

BR, Jarkko

Next message: David Laight: "Re: [PATCH] mm: avoid use of BIT() macro for initialising VMA flags"
Previous message: Vlastimil Babka: "Re: slub: add barn_get_full_sheaf() and refine empty-main sheaf replacement"
In reply to: Jarkko Sakkinen: "[PATCH] KEYS: trusted: Fix overwrite of keyhandle parameter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]