mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-16 12:36:59 +07:00
pkey: Indicate old mkvp only if old and current mkvp are different
When the CCA master key is set twice with the same master key, then the old and the current master key are the same and thus the verification patterns are the same, too. The check to report if a secure key is currently wrapped by the old master key erroneously reports old mkvp in this case. Reviewed-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This commit is contained in:
parent
0ff06c44ef
commit
ebb7c695d3
@ -1079,7 +1079,7 @@ int pkey_verifykey(const struct pkey_seckey *seckey,
|
||||
rc = mkvp_cache_fetch(cardnr, domain, mkvp);
|
||||
if (rc)
|
||||
goto out;
|
||||
if (t->mkvp == mkvp[1]) {
|
||||
if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
|
||||
DEBUG_DBG("%s secure key has old mkvp\n", __func__);
|
||||
if (pattributes)
|
||||
*pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
|
||||
|
Loading…
Reference in New Issue
Block a user