mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security
History
David Safford 361a0daa25 KEYS: trusted: tpm2: Fix migratable logic 
commit dda5384313 upstream.

When creating (sealing) a new trusted key, migratable
trusted keys have the FIXED_TPM and FIXED_PARENT attributes
set, and non-migratable keys don't. This is backwards, and
also causes creation to fail when creating a migratable key
under a migratable parent. (The TPM thinks you are trying to
seal a non-migratable blob under a migratable parent.)

The following simple patch fixes the logic, and has been
tested for all four combinations of migratable and non-migratable
trusted keys and parent storage keys. With this logic, you will
get a proper failure if you try to create a non-migratable
trusted key under a migratable parent storage key, and all other
combinations work correctly.

Cc: stable@vger.kernel.org # v5.13+
Fixes: e5fb5d2c5a ("security: keys: trusted: Make sealed key properly interoperable")
Signed-off-by: David Safford <david.safford@gmail.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-06-14 18:45:17 +02:00
..
apparmor tracehook: Remove tracehook.h 2022-03-10 16:51:51 -06:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity ima: remove the IMA_TEMPLATE Kconfig option 2022-06-09 10:30:49 +02:00
keys KEYS: trusted: tpm2: Fix migratable logic 2022-06-14 18:45:17 +02:00
landlock landlock: Fix same-layer rule unions 2022-06-09 10:30:48 +02:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: fix bad cleanup on error in hashtab_duplicate() 2022-05-17 18:34:35 -04:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-02-28 15:45:32 -08:00
tomoyo drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
Kconfig hardening updates for v5.18-rc1-fix1 2022-03-31 11:43:01 -07:00
Kconfig.hardening gcc-plugins/stackleak: Provide verbose mode 2022-02-06 10:49:57 -08:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c fs: support mapped mounts of mapped filesystems 2021-12-05 10:28:57 +01:00
device_cgroup.c bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean 2022-01-19 12:51:30 -08:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c lsm_audit: avoid overloading the "key" audit field 2021-09-19 22:47:04 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lockdown: also lock down previous kgdb use 2022-05-30 09:24:03 +02:00