Public bug reported:
Description: pkey: Indicate old mkvp only if old and curr. mkvp are
different
Symptom: zkey validate shows wrong information about master key
registers
Problem: When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus
the verification patterns are the same, too. The check to report
if a secure key is currently wrapped by the old master key
erroneously reports old mkvp in this case.
Solution: Fix this by checking current and old mkvp and report OLD only if
current and old mkvp are different.
Reproduction: Change the CCA master key but set the exact same master
key that is already used. Then do a 'zkey validate' command on a secure
key
Component: kernel 5.1 rc1
Upstream-ID: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
This fix will be provided with kernel >=5.1 , will be integrate in 19.10 by
default.
But should also be applied to 18.04 and 19.04
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-178127 severity-high
targetmilestone-inin1910
** Tags added: architecture-s39064 bugnameltc-178127 severity-high
targetmilestone-inin1910
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1832625
Title:
[UBUNTU] pkey: Indicate old mkvp only if old and curr. mkvp are
different
Status in linux package in Ubuntu:
New
Bug description:
Description: pkey: Indicate old mkvp only if old and curr. mkvp are
different
Symptom: zkey validate shows wrong information about master key
registers
Problem: When the CCA master key is set twice with the same master key,
then the old and the current master key are the same and thus
the verification patterns are the same, too. The check to
report
if a secure key is currently wrapped by the old master key
erroneously reports old mkvp in this case.
Solution: Fix this by checking current and old mkvp and report OLD only
if
current and old mkvp are different.
Reproduction: Change the CCA master key but set the exact same master
key that is already used. Then do a 'zkey validate' command on a
secure key
Component: kernel 5.1 rc1
Upstream-ID: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
This fix will be provided with kernel >=5.1 , will be integrate in 19.10 by
default.
But should also be applied to 18.04 and 19.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832625/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
