tpm2-util: load external key into NULL hierarchy if private key is provided

If we load an external key into the TPM we must do so in the NULL hierarchy. An external key after all is one that is not wrapped by any hierarchy's seed. See TPM2 spec, Part 3, Section 12.3.1
author: Lennart Poettering <lennart@poettering.net> 2024-04-16 15:01:41 +0200
committer: Lennart Poettering <lennart@poettering.net> 2024-04-18 18:12:23 +0200
commit: 371b59441459e3bc33ceca4da619fec310dd7b37 (patch)
tree: 00291ca339293e4e0c036ce00bd2c9d948a8e7db /src/shared/tpm2-util.c
parent: tpm2-util: rename tpm2_get_pin_auth() → tpm2_auth_value_from_pin() (diff)
download: systemd-371b59441459e3bc33ceca4da619fec310dd7b37.tar.xz
systemd-371b59441459e3bc33ceca4da619fec310dd7b37.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index e012dd2c5c..51c01b6c9c 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -2242,9 +2242,9 @@ static int tpm2_load_external(
 #if HAVE_TSS2_ESYS3
                         /* tpm2-tss >= 3.0.0 requires a ESYS_TR_RH_* constant specifying the requested
                          * hierarchy, older versions need TPM2_RH_* instead. */
-                        ESYS_TR_RH_OWNER,
+                        private ? ESYS_TR_RH_NULL : ESYS_TR_RH_OWNER,
 #else
-                        TPM2_RH_OWNER,
+                        private ? TPM2_RH_NULL : TPM2_RH_OWNER,
 #endif
                         &handle->esys_handle);
         if (rc != TSS2_RC_SUCCESS)
author	Lennart Poettering <lennart@poettering.net>	2024-04-16 15:01:41 +0200
committer	Lennart Poettering <lennart@poettering.net>	2024-04-18 18:12:23 +0200
commit	371b59441459e3bc33ceca4da619fec310dd7b37 (patch)
tree	00291ca339293e4e0c036ce00bd2c9d948a8e7db /src/shared/tpm2-util.c
parent	tpm2-util: rename tpm2_get_pin_auth() → tpm2_auth_value_from_pin() (diff)
download	systemd-371b59441459e3bc33ceca4da619fec310dd7b37.tar.xz systemd-371b59441459e3bc33ceca4da619fec310dd7b37.zip