git.kernel.dk Git - linux-block.git/commit

tpm: Add HMAC session name/handle append

Add tpm2_append_name() for appending to the handle area of the TPM
command. When TPM_BUS_SECURITY is enabled and HMAC sessions are in
use this adds the standard u32 handle to the buffer but additionally
records the name of the object which must be used as part of the HMAC
computation. The name of certain object types (volatile and permanent
handles and NV indexes) is a hash of the public area of the object.
Since this hash is not known ahead of time, it must be requested from
the TPM using TPM2_ReadPublic() (which cannot be HMAC protected, but
if an interposer lies about it, the HMAC check will fail and the
problem will be detected).

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> # crypto API parts
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

author	James Bottomley <James.Bottomley@HansenPartnership.com>
	Mon, 29 Apr 2024 20:28:04 +0000 (16:28 -0400)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Thu, 9 May 2024 19:30:51 +0000 (22:30 +0300)
commit	d0a25bb961e6e5650083a4f15768e3075f7d8db7
tree	115367be5bee4d2bf26383db34314f16efcdacb0	tree \| snapshot
parent	699e3efd6c645c741ea4d6d58282c56b6d108cf7	commit \| diff

drivers/char/tpm/tpm2-sessions.c		diff \| blob \| blame \| history
include/linux/tpm.h		diff \| blob \| blame \| history