[PATCH] KEYS: trusted: Fix overwrite of keyhandle parameter
Jarkko Sakkinen
jarkko at kernel.org
Mon Dec 8 18:56:08 UTC 2025
On Mon, Dec 08, 2025 at 04:54:35PM +0200, Jarkko Sakkinen wrote:
> tpm2_key_decode() overrides the explicit keyhandle parameter, which can
> lead to problems, if the loaded parent handle does not match the handle
> stored to the key file. This can easily happen as handle by definition
> is an ambiguous attribute.
>
> Cc: stable at vger.kernel.org # v5.13+
> Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
> Signed-off-by: Jarkko Sakkinen <jarkko at kernel.org>
What this means in practice is that sometimes you need either to:
1. Binary patch the key file.
2. Decompose/compose a key file
BR, Jarkko
More information about the Linux-security-module-archive
mailing list