diff options
| author | Dan Streetman <ddstreet@ieee.org> | 2022-12-19 14:26:32 +0100 |
|---|---|---|
| committer | Dan Streetman <ddstreet@ieee.org> | 2023-07-05 23:33:55 +0200 |
| commit | efe153bdc2e57c0d0f9bc47a4010fc82743764e7 (patch) | |
| tree | d6f2b095c81c1ac565e4a8a32c7f5a32a02cb0a1 /src/shared/tpm2-util.c | |
| parent | tpm2: add tpm2_load() (diff) | |
| download | systemd-efe153bdc2e57c0d0f9bc47a4010fc82743764e7.tar.xz systemd-efe153bdc2e57c0d0f9bc47a4010fc82743764e7.zip | |
tpm2: add tpm2_load_external()
This allows loading an external object/key (e.g. an openssl public key) into
the TPM.
Diffstat (limited to '')
| -rw-r--r-- | src/shared/tpm2-util.c | 66 |
1 files changed, 45 insertions, 21 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index e56a82d238..53d3f4856a 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -1533,6 +1533,50 @@ static int tpm2_load( return 0; } +static int tpm2_load_external( + Tpm2Context *c, + const Tpm2Handle *session, + const TPM2B_PUBLIC *public, + const TPM2B_SENSITIVE *private, + Tpm2Handle **ret_handle) { + + TSS2_RC rc; + int r; + + assert(c); + assert(ret_handle); + + log_debug("Loading external key into TPM."); + + _cleanup_(tpm2_handle_freep) Tpm2Handle *handle = NULL; + r = tpm2_handle_new(c, &handle); + if (r < 0) + return r; + + rc = sym_Esys_LoadExternal( + c->esys_context, + session ? session->esys_handle : ESYS_TR_NONE, + ESYS_TR_NONE, + ESYS_TR_NONE, + private, + public, +#if HAVE_TSS2_ESYS3 + /* tpm2-tss >= 3.0.0 requires a ESYS_TR_RH_* constant specifying the requested + * hierarchy, older versions need TPM2_RH_* instead. */ + ESYS_TR_RH_OWNER, +#else + TPM2_RH_OWNER, +#endif + &handle->esys_handle); + if (rc != TSS2_RC_SUCCESS) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Failed to load public key into TPM: %s", sym_Tss2_RC_Decode(rc)); + + *ret_handle = TAKE_PTR(handle); + + return 0; +} + static int tpm2_pcr_read( Tpm2Context *c, const TPML_PCR_SELECTION *pcr_selection, @@ -2625,30 +2669,10 @@ static int tpm2_policy_authorize( log_debug("Adding PCR signature policy."); _cleanup_(tpm2_handle_freep) Tpm2Handle *pubkey_handle = NULL; - r = tpm2_handle_new(c, &pubkey_handle); + r = tpm2_load_external(c, NULL, public, NULL, &pubkey_handle); if (r < 0) return r; - /* Load the key into the TPM */ - rc = sym_Esys_LoadExternal( - c->esys_context, - ESYS_TR_NONE, - ESYS_TR_NONE, - ESYS_TR_NONE, - NULL, - public, -#if HAVE_TSS2_ESYS3 - /* tpm2-tss >= 3.0.0 requires a ESYS_TR_RH_* constant specifying the requested - * hierarchy, older versions need TPM2_RH_* instead. */ - ESYS_TR_RH_OWNER, -#else - TPM2_RH_OWNER, -#endif - &pubkey_handle->esys_handle); - if (rc != TSS2_RC_SUCCESS) - return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), - "Failed to load public key into TPM: %s", sym_Tss2_RC_Decode(rc)); - /* Acquire the "name" of what we just loaded */ _cleanup_(Esys_Freep) TPM2B_NAME *pubkey_name = NULL; r = tpm2_get_name(c, pubkey_handle, &pubkey_name); |