It was noticed that cryptsetup luksDump outputs
tpm2-primary-alg: ecc
regardless of the actual primary key type. Namely, in the situation when
RSA SRK is passed to 'systemd-cryptenroll', the output is incorrect and
misleading. Turns out 'tpm2-primary-alg' is not currently used for
unsealing as 'tpm2_srk' object has it in its properties but the
misleading information problem stays.
Fix the issue with a two-fold fix:
- Put the SRK primary alg type to the JSON token so 'cryptsetup
luksDump' has a chance to actually print the right information without
the need to inspect SRK.
- Avoid printing 'tpm2-primary-alg' when it is unset in the JSON as the
default 'ECC' may not match the reality.
No real functional change for the sealing/unsealing expected.
projects / thirdparty / systemd.git / commitdiff
