Conversation

Jarkko Sakkinen

I realized that I have something profound broken in my asymmetric TPM2 key series: TPM2 specific keys should only sign, not verify.

struct public_key, which is the central structure used for built-in, vendor and machine owner keys, should be able to verify the signature, even when the TPM chip is removed.

As a consequence, I will delete all the verification code from the key type(s) and set the supported_ops a KEYCTL_SUPPORTS_SIGN, instead of previous KEYCTL_SUPPORTS_SIGN | KEYCTL_SUPPORTS_VERIFY.

I’ll also rework tests to have two asymmetric keys: one for signing in the chip and other outside holding only the public key. That should also better verify that the feature is working correctly.

0
0
0