Merge pull request #33019 from yuwata/tpm2-unseal

tpm2: several fixlets
2024-09-06 08:46:19 +00:00 · 2024-05-26 09:27:31 +08:00 · 2024-05-26 09:27:31 +08:00 · bf7d672f5d
parent 485f5148b3 41d45bd96c
commit bf7d672f5d
2 changed files with 4 additions and 2 deletions
--- a/src/cryptenroll/cryptenroll-tpm2.c
+++ b/src/cryptenroll/cryptenroll-tpm2.c
@ -329,7 +329,7 @@ int enroll_tpm2(struct crypt_device *cd,

                                r = tpm2_load_pcr_signature(signature_path, &signature_json);
                                if (r < 0)
-                                        return log_debug_errno(r, "Failed to read TPM PCR signature: %m");
+                                        return log_error_errno(r, "Failed to read TPM PCR signature: %m");
                        }
                }
        } else
@ -342,6 +342,8 @@ int enroll_tpm2(struct crypt_device *cd,
                r = tpm2_pcrlock_policy_load(pcrlock_path, &pcrlock_policy);
                if (r < 0)
                        return r;
+                if (r == 0)
+                        return log_error_errno(SYNTHETIC_ERRNO(ENOENT), "Couldn't find pcrlock policy %s.", pcrlock_path);

                any_pcr_value_specified = true;
                flags |= TPM2_FLAGS_USE_PCRLOCK;
--- a/src/shared/cryptsetup-tpm2.c
+++ b/src/shared/cryptsetup-tpm2.c
@ -199,7 +199,7 @@ int acquire_tpm2_key(
                                pubkey_pcr_mask,
                                signature_json,
                                b64_salted_pin,
-                                pcrlock_path ? &pcrlock_policy : NULL,
+                                FLAGS_SET(flags, TPM2_FLAGS_USE_PCRLOCK) ? &pcrlock_policy : NULL,
                                primary_alg,
                                &blob,
                                policy_hash,