On Fri, Apr 10, 2026 at 11:03:58PM +0530, Srish Srinivasan wrote: > > On 4/9/26 9:37 PM, Jarkko Sakinen wrote: > > From: Jarkko Sakkinen <[email protected]> > > > > TPM_DEBUG, and other similar flags, are a non-standard way to specify a > > feature in Linux kernel. Introduce CONFIG_TRUSTED_KEYS_DEBUG for trusted > > keys, and use it to replace these ad-hoc feature flags. > > > > Given that trusted keys debug dumps can contain sensitive data, harden the > > feature as follows: > > > > 1. In the Kconfig description postulate that pr_debug() statements must be > > used. > > 2. Use pr_debug() statements in TPM 1.x driver to print the protocol dump. > > 3. Require trusted.debug=1 on the kernel command line (default: 0) to > > activate dumps at runtime, even when CONFIG_TRUSTED_KEYS_DEBUG=y. > > > > Traces, when actually needed, can be easily enabled by providing > > trusted.dyndbg='+p' and trusted.debug=1 in the kernel command-line. > > > > Cc: Srish Srinivasan <[email protected]> > > Reported-by: Nayna Jain <[email protected]> > > Closes: > > https://lore.kernel.org/all/[email protected]/ > > Signed-off-by: Jarkko Sakkinen <[email protected]> > > > Tested on PKWM and emulated TPM backends. > > Tested-by: Srish Srinivasan <[email protected]>
Thank you! BR, Jarkko
