TPM2_Unseal requires TPM2_ST_SESSIONS, and tpm2_unseal_cmd() always does set up either password or HMAC session.
Remove the branch in tpm2_unseal_cmd() conditionally setting TPM2_ST_NO_SESSIONS. It is faulty but luckily it is never exercised at run-time, and thus does not cause regressions. Signed-off-by: Jarkko Sakkinen <[email protected]> --- security/keys/trusted-keys/trusted_tpm2.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index d3a5c5f2b926..3666e3e48eab 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -451,10 +451,8 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, struct trusted_key_options *options, u32 blob_handle) { - struct tpm_header *head; struct tpm_buf buf; u16 data_len; - int offset; u8 *data; int rc; @@ -495,14 +493,8 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, tpm_buf_append_u16(&buf, options->blobauth_len); tpm_buf_append(&buf, options->blobauth, options->blobauth_len); - if (tpm2_chip_auth(chip)) { + if (tpm2_chip_auth(chip)) tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0); - } else { - offset = buf.handles * 4 + TPM_HEADER_SIZE; - head = (struct tpm_header *)buf.data; - if (tpm_buf_length(&buf) == offset) - head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); - } } rc = tpm_buf_fill_hmac_session(chip, &buf); -- 2.39.5
