mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 18:23:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #34189 from poettering/cryptenroll-slot-fix

Browse Source 
cryptenroll: don't return slot 0 when we have no policy to search for
This commit is contained in:
Yu Watanabe 2024-08-31 04:26:02 +09:00 committed by GitHub
commit 7571cb42a8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/cryptenroll/cryptenroll-tpm2.c
View File

@ -26,7 +26,7 @@ static int search_policy_hash(
assert(iovec_is_valid(hash));
if (!iovec_is_set(hash))
return 0;
return -ENOENT;
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
@ -443,7 +443,7 @@ int enroll_tpm2(struct crypt_device *cd,
slot_to_wipe = r;
} else {
log_info("This PCR set is already enrolled, executing no operation.");
*ret_slot_to_wipe = slot_to_wipe;
*ret_slot_to_wipe = -1;
return r; /* return existing keyslot, so that wiping won't kill it */
}

2
src/cryptenroll/cryptenroll.c
View File

@ -885,6 +885,8 @@ static int run(int argc, char *argv[]) {
slot = enroll_tpm2(cd, &vk, arg_tpm2_device, arg_tpm2_seal_key_handle, arg_tpm2_device_key, arg_tpm2_hash_pcr_values, arg_tpm2_n_hash_pcr_values, arg_tpm2_public_key, arg_tpm2_load_public_key, arg_tpm2_public_key_pcr_mask, arg_tpm2_signature, arg_tpm2_pin, arg_tpm2_pcrlock, &slot_to_wipe);
if (slot >= 0 && slot_to_wipe >= 0) {
assert(slot != slot_to_wipe);
/* Updating PIN on an existing enrollment */
r = wipe_slots(
cd,

4
src/test/test-tpm2.c
View File

@ -1179,7 +1179,7 @@ static int check_calculate_seal(Tpm2Context *c) {
int r;
if (detect_virtualization() == VIRTUALIZATION_NONE && !slow_tests_enabled()) {
log_notice("Skipping slow calculate seal TPM2 tests. Physical system detected, and slow tests disabled.");
log_notice("Skipping slow calculate seal TPM2 tests. Physical system detected, and slow tests disabled. (To enable, run again with $SYSTEMD_SLOW_TESTS=1.)");
return 0;
}
@ -1257,7 +1257,7 @@ static void check_seal_unseal(Tpm2Context *c) {
assert(c);
if (detect_virtualization() == VIRTUALIZATION_NONE && !slow_tests_enabled()) {
log_notice("Skipping slow seal/unseal TPM2 tests. Physical system detected, and slow tests disabled.");
log_notice("Skipping slow seal/unseal TPM2 tests. Physical system detected, and slow tests disabled. (To enable, run again with $SYSTEMD_SLOW_TESTS=1.)");
return;
}