[PATCH v2 1/2] keys/trusted_keys: clean up debug message logging in the tpm backend
Jarkko Sakkinen
jarkko at kernel.org
Mon Mar 23 05:28:21 UTC 2026
On Tue, Mar 17, 2026 at 08:44:03AM +0530, Srish Srinivasan wrote:
>
> On 3/10/26 4:15 AM, Nayna Jain wrote:
> >
> > On 2/20/26 1:34 PM, Srish Srinivasan wrote:
> > > The TPM trusted-keys backend uses a local TPM_DEBUG guard and pr_info()
> > > for logging debug information.
> > >
> > > Replace pr_info() with pr_debug(), and use KERN_DEBUG for
> > > print_hex_dump().
> > > Remove TPM_DEBUG.
> > >
> > > No functional change intended.
> > There is functional change here. This change allows secret and nonce in
> > the function dump_sess() to be logged to kernel logs when dynamic debug
> > is enabled. Previously, it was possible only in the debug builds and not
> > the production builds at runtime. With this change, it is always there
> > in production build. This can result in possible attack.
>
>
> Hi Jarkko,
> Could you please let us know your thoughts on this one?
>
> And Nayna,
> thanks for bringing this up.
Nayna is absolutely right so I dropped it.
Solution is debatable.
>
> thanks,
> Srish.
BR, Jarkko
More information about the Linux-security-module-archive
mailing list