tpm2-util: make tpm2_undefine_policy_nv_index() generic

We can use this to remove any kind of nvindex, hence give it a generic
name.

Also instead of passing "NONE" as session if none is specified, pass
PASSWORD instead, so that the function actually becomes useful if no
session is specified (the only user so far, pcrlock always provides a
session, hence this is no change in behaviour).

diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c
index 276f6a61d703c4af8bb49c82490f0ab38ad86b48..8be8c9ac3d1c8a26a60753177e7287ff34e10ca6 100644 (file)
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -4952,7 +4952,7 @@ static int undefine_policy_nv_index(
         if (r < 0)
                 return r;
 
-        r = tpm2_undefine_policy_nv_index(
+        r = tpm2_undefine_nv_index(
                         tc,
                         encryption_session,
                         nv_index,

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 38c1d73dc713cb2cfb4c744b25939414e42efe70..0a5f9d46736646b2526149811303386fe3146c0d 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -5889,7 +5889,7 @@ int tpm2_write_policy_nv_index(
         return 0;
 }
 
-int tpm2_undefine_policy_nv_index(
+int tpm2_undefine_nv_index(
                 Tpm2Context *c,
                 const Tpm2Handle *session,
                 TPM2_HANDLE nv_index,
@@ -5904,14 +5904,14 @@ int tpm2_undefine_policy_nv_index(
                         c->esys_context,
                         /* authHandle= */ ESYS_TR_RH_OWNER,
                         /* nvIndex= */ nv_handle->esys_handle,
-                        /* shandle1= */ session ? session->esys_handle : ESYS_TR_NONE,
+                        /* shandle1= */ session ? session->esys_handle : ESYS_TR_PASSWORD,
                         /* shandle2= */ ESYS_TR_NONE,
                         /* shandle3= */ ESYS_TR_NONE);
         if (rc != TSS2_RC_SUCCESS)
                 return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
                                        "Failed to undefine NV index: %s", sym_Tss2_RC_Decode(rc));
 
-        log_debug("Undefined NV index 0x%x", nv_index);
+        log_debug("Successfully undefined NV index 0x%x.", nv_index);
         return 0;
 }
 

diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index 0fc3b5505005040ea4dcd01c0d7133114214ad99..67b035b442f4b65bc030afa59192308f15fd0b8c 100644 (file)
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -296,7 +296,7 @@ int tpm2_tpm2b_public_to_fingerprint(const TPM2B_PUBLIC *public, void **ret_fing
 
 int tpm2_define_policy_nv_index(Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE requested_nv_index, const TPM2B_DIGEST *write_policy, TPM2_HANDLE *ret_nv_index, Tpm2Handle **ret_nv_handle, TPM2B_NV_PUBLIC *ret_nv_public);
 int tpm2_write_policy_nv_index(Tpm2Context *c, const Tpm2Handle *policy_session, TPM2_HANDLE nv_index, const Tpm2Handle *nv_handle, const TPM2B_DIGEST *policy_digest);
-int tpm2_undefine_policy_nv_index(Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE nv_index, const Tpm2Handle *nv_handle);
+int tpm2_undefine_nv_index(Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE nv_index, const Tpm2Handle *nv_handle);
 
 int tpm2_seal_data(Tpm2Context *c, const struct iovec *data, const Tpm2Handle *primary_handle, const Tpm2Handle *encryption_session, const TPM2B_DIGEST *policy, struct iovec *ret_public, struct iovec *ret_private);
 int tpm2_unseal_data(Tpm2Context *c, const struct iovec *public, const struct iovec *private, const Tpm2Handle *primary_handle, const Tpm2Handle *policy_session, const Tpm2Handle *encryption_session, struct iovec *ret_data);