cryptenroll: do not pass an empty pcrlock policy

Otherwise, tpm2_uneal() -> tpm2_build_sealing_policy() -> tpm2_deserialize() will trigger assertion. Prompted by #33017.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-05-25 21:42:16 +0200
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-05-25 21:42:19 +0200
commit: 16f51e2909be4714496a1bf5173489c9a7e43efb (patch)
tree: b2b413b6435d6da09cc80bb800222b62a2199187 /src
parent: cryptsetup: use TPM2_FLAGS_USE_PCRLOCK at one more place (diff)
download: systemd-16f51e2909be4714496a1bf5173489c9a7e43efb.tar.xz
systemd-16f51e2909be4714496a1bf5173489c9a7e43efb.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c
index 4e5d02a97e..10bd8d7723 100644
--- a/src/cryptenroll/cryptenroll-tpm2.c
+++ b/src/cryptenroll/cryptenroll-tpm2.c
@@ -342,6 +342,8 @@ int enroll_tpm2(struct crypt_device *cd,
                 r = tpm2_pcrlock_policy_load(pcrlock_path, &pcrlock_policy);
                 if (r < 0)
                         return r;
+                if (r == 0)
+                        return log_error_errno(SYNTHETIC_ERRNO(ENOENT), "Couldn't find pcrlock policy %s.", pcrlock_path);
 
                 any_pcr_value_specified = true;
                 flags |= TPM2_FLAGS_USE_PCRLOCK;
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-05-25 21:42:16 +0200
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-05-25 21:42:19 +0200
commit	16f51e2909be4714496a1bf5173489c9a7e43efb (patch)
tree	b2b413b6435d6da09cc80bb800222b62a2199187 /src
parent	cryptsetup: use TPM2_FLAGS_USE_PCRLOCK at one more place (diff)
download	systemd-16f51e2909be4714496a1bf5173489c9a7e43efb.tar.xz systemd-16f51e2909be4714496a1bf5173489c9a7e43efb.zip