I realized that I have something profound broken in my asymmetric TPM2 key series: TPM2 specific keys should only sign, not verify.
struct public_key
, which is the central structure used for built-in, vendor and machine owner keys, should be able to verify the signature, even when the TPM chip is removed.
As a consequence, I will delete all the verification code from the key type(s) and set the supported_ops
a KEYCTL_SUPPORTS_SIGN
, instead of previous KEYCTL_SUPPORTS_SIGN | KEYCTL_SUPPORTS_VERIFY
.
I’ll also rework tests to have two asymmetric keys: one for signing in the chip and other outside holding only the public key. That should also better verify that the feature is working correctly.