From: Dan Streetman Date: Fri, 13 Oct 2023 20:07:37 +0000 (-0400) Subject: tpm: update comment on transient handle GetCapability bug in kernel tpm resource... X-Git-Tag: v255-rc1~251 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0f1cb04f9ad7bf49d815787b3d194a36fa960f9f;p=thirdparty%2Fsystemd.git tpm: update comment on transient handle GetCapability bug in kernel tpm resource manager Add clarification and link to kernel bug. --- diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 8189e9d8c0d..bb7928bbd70 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -792,11 +792,10 @@ int tpm2_index_to_handle( "Invalid handle 0x%08" PRIx32 " (in unknown range).", index); } - /* For transient handles, the kernel tpm "resource manager" (i.e. /dev/tpmrm0) never acknowleges that - * any transient handles exist, even if they actually do. So a failure to find the requested handle - * index, if it's a transient handle, may not actually mean it's not present in the tpm; thus, only - * check GetCapability() if the handle isn't transient. */ - if (TPM2_HANDLE_TYPE(index) != TPM2_HT_TRANSIENT) { // FIXME: once kernel tpmrm is fixed to acknowledge transient handles, check transient handles too + /* For transient handles, the kernel tpm "resource manager" (i.e. /dev/tpmrm0) performs mapping + * which breaks GetCapability requests, so only check GetCapability if it's not a transient handle. + * https://bugzilla.kernel.org/show_bug.cgi?id=218009 */ + if (TPM2_HANDLE_TYPE(index) != TPM2_HT_TRANSIENT) { // FIXME: once kernel bug is fixed, check transient handles too r = tpm2_get_capability_handle(c, index); if (r < 0) return r;