path: root/security
diff options
authorJarkko Sakkinen <>2021-01-29 01:56:20 +0200
committerJarkko Sakkinen <>2021-02-16 10:40:28 +0200
commit8da7520c80468c48f981f0b81fc1be6599e3b0ad (patch)
treeb34e9ab46859d2e365de179e5df853f2a826f575 /security
parent5df16caada3fba3b21cb09b85cdedf99507f4ec1 (diff)
KEYS: trusted: Fix migratable=1 failing
Consider the following transcript: $ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u add_key: Invalid argument The documentation has the following description: migratable= 0|1 indicating permission to reseal to new PCR values, default 1 (resealing allowed) The consequence is that "migratable=1" should succeed. Fix this by allowing this condition to pass instead of return -EINVAL. [*] Documentation/security/keys/trusted-encrypted.rst Cc: Cc: "James E.J. Bottomley" <> Cc: Mimi Zohar <> Cc: David Howells <> Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Signed-off-by: Jarkko Sakkinen <>
Diffstat (limited to 'security')
1 files changed, 1 insertions, 1 deletions
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index 204826b734ac..493eb91ed017 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
case Opt_migratable:
if (*args[0].from == '0')
pay->migratable = 0;
- else
+ else if (*args[0].from != '1')
return -EINVAL;
case Opt_pcrlock: