KEYS: trusted: Fix migratable=1 failing

Consider the following transcript: $ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @U add_key: Invalid argument The documentation has the following description: migratable= 0|1 indicating permission to reseal to new PCR values, default 1 (resealing allowed) The consequence is that "migratable=1" should succeed. Fix this by allowing this condition to pass instead of return -EINVAL. [*] Documentation/security/keys/trusted-encrypted.rst Cc: [email protected] Cc: "James E.J. Bottomley" <[email protected]> Cc: Mimi Zohar <[email protected]> Cc: David Howells <[email protected]> Fixes: d00a1c7 ("keys: add new trusted key-type") Signed-off-by: Jarkko Sakkinen <[email protected]>
ashr · Feb 16, 2021 · 8da7520 · 8da7520
1 parent 5df16ca
commit 8da7520
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
@@ -801,7 +801,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
 		case Opt_migratable:
 			if (*args[0].from == '0')
 				pay->migratable = 0;
-			else
+			else if (*args[0].from != '1')
 				return -EINVAL;
 			break;
 		case Opt_pcrlock: