From: Lennart Poettering Date: Mon, 3 Jun 2024 15:56:35 +0000 (+0200) Subject: tpm2-util: make tpm2_undefine_policy_nv_index() generic X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=260b9e848923a1c0cf8f06a327ca6f864c02df52;p=thirdparty%2Fsystemd.git tpm2-util: make tpm2_undefine_policy_nv_index() generic We can use this to remove any kind of nvindex, hence give it a generic name. Also instead of passing "NONE" as session if none is specified, pass PASSWORD instead, so that the function actually becomes useful if no session is specified (the only user so far, pcrlock always provides a session, hence this is no change in behaviour). --- diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c index 276f6a61d70..8be8c9ac3d1 100644 --- a/src/pcrlock/pcrlock.c +++ b/src/pcrlock/pcrlock.c @@ -4952,7 +4952,7 @@ static int undefine_policy_nv_index( if (r < 0) return r; - r = tpm2_undefine_policy_nv_index( + r = tpm2_undefine_nv_index( tc, encryption_session, nv_index, diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 38c1d73dc71..0a5f9d46736 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -5889,7 +5889,7 @@ int tpm2_write_policy_nv_index( return 0; } -int tpm2_undefine_policy_nv_index( +int tpm2_undefine_nv_index( Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE nv_index, @@ -5904,14 +5904,14 @@ int tpm2_undefine_policy_nv_index( c->esys_context, /* authHandle= */ ESYS_TR_RH_OWNER, /* nvIndex= */ nv_handle->esys_handle, - /* shandle1= */ session ? session->esys_handle : ESYS_TR_NONE, + /* shandle1= */ session ? session->esys_handle : ESYS_TR_PASSWORD, /* shandle2= */ ESYS_TR_NONE, /* shandle3= */ ESYS_TR_NONE); if (rc != TSS2_RC_SUCCESS) return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to undefine NV index: %s", sym_Tss2_RC_Decode(rc)); - log_debug("Undefined NV index 0x%x", nv_index); + log_debug("Successfully undefined NV index 0x%x.", nv_index); return 0; } diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index 0fc3b550500..67b035b442f 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -296,7 +296,7 @@ int tpm2_tpm2b_public_to_fingerprint(const TPM2B_PUBLIC *public, void **ret_fing int tpm2_define_policy_nv_index(Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE requested_nv_index, const TPM2B_DIGEST *write_policy, TPM2_HANDLE *ret_nv_index, Tpm2Handle **ret_nv_handle, TPM2B_NV_PUBLIC *ret_nv_public); int tpm2_write_policy_nv_index(Tpm2Context *c, const Tpm2Handle *policy_session, TPM2_HANDLE nv_index, const Tpm2Handle *nv_handle, const TPM2B_DIGEST *policy_digest); -int tpm2_undefine_policy_nv_index(Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE nv_index, const Tpm2Handle *nv_handle); +int tpm2_undefine_nv_index(Tpm2Context *c, const Tpm2Handle *session, TPM2_HANDLE nv_index, const Tpm2Handle *nv_handle); int tpm2_seal_data(Tpm2Context *c, const struct iovec *data, const Tpm2Handle *primary_handle, const Tpm2Handle *encryption_session, const TPM2B_DIGEST *policy, struct iovec *ret_public, struct iovec *ret_private); int tpm2_unseal_data(Tpm2Context *c, const struct iovec *public, const struct iovec *private, const Tpm2Handle *primary_handle, const Tpm2Handle *policy_session, const Tpm2Handle *encryption_session, struct iovec *ret_data);