On Mon, Mar 09, 2026 at 06:45:23PM -0400, Nayna Jain wrote: > > On 2/20/26 1:34 PM, Srish Srinivasan wrote: > > The TPM trusted-keys backend uses a local TPM_DEBUG guard and pr_info() > > for logging debug information. > > > > Replace pr_info() with pr_debug(), and use KERN_DEBUG for print_hex_dump(). > > Remove TPM_DEBUG. > > > > No functional change intended. > There is functional change here. This change allows secret and nonce in the > function dump_sess() to be logged to kernel logs when dynamic debug is > enabled. Previously, it was possible only in the debug builds and not the > production builds at runtime. With this change, it is always there in > production build. This can result in possible attack.
Good catch, thank you. It's in my master branch still (not in -next). TPM_DEBUG should be removed in all cases. If you really want to read a secret, use tracing tools. This only proves that the print should exist or should be a constant value, or overwritten same length value. > Instead of doing this change, I think add a comment to prevent this sort of > change in the future. > > Thanks & Regards, > > - Nayna > > > > > Signed-off-by: Srish Srinivasan <[email protected]> > > Reviewed-by: Stefan Berger <[email protected]> > > --- > > security/keys/trusted-keys/trusted_tpm1.c | 40 +++++++---------------- > > 1 file changed, 12 insertions(+), 28 deletions(-) > > > > diff --git a/security/keys/trusted-keys/trusted_tpm1.c > > b/security/keys/trusted-keys/trusted_tpm1.c > > index c865c97aa1b4..216caef97ffc 100644 > > --- a/security/keys/trusted-keys/trusted_tpm1.c > > +++ b/security/keys/trusted-keys/trusted_tpm1.c > > @@ -46,28 +46,25 @@ enum { > > SRK_keytype = 4 > > }; > > -#define TPM_DEBUG 0 > > - > > -#if TPM_DEBUG > > static inline void dump_options(struct trusted_key_options *o) > > { > > - pr_info("sealing key type %d\n", o->keytype); > > - pr_info("sealing key handle %0X\n", o->keyhandle); > > - pr_info("pcrlock %d\n", o->pcrlock); > > - pr_info("pcrinfo %d\n", o->pcrinfo_len); > > - print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, > > + pr_debug("sealing key type %d\n", o->keytype); > > + pr_debug("sealing key handle %0X\n", o->keyhandle); > > + pr_debug("pcrlock %d\n", o->pcrlock); > > + pr_debug("pcrinfo %d\n", o->pcrinfo_len); > > + print_hex_dump(KERN_DEBUG, "pcrinfo ", DUMP_PREFIX_NONE, > > 16, 1, o->pcrinfo, o->pcrinfo_len, 0); > > } > > static inline void dump_sess(struct osapsess *s) > > { > > - print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, > > + print_hex_dump(KERN_DEBUG, "trusted-key: handle ", DUMP_PREFIX_NONE, > > 16, 1, &s->handle, 4, 0); > > - pr_info("secret:\n"); > > - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, > > + pr_debug("secret:\n"); > > + print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, > > 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); > > - pr_info("trusted-key: enonce:\n"); > > - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, > > + pr_debug("trusted-key: enonce:\n"); > > + print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, > > 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); > > } > > @@ -75,23 +72,10 @@ static inline void dump_tpm_buf(unsigned char *buf) > > { > > int len; > > - pr_info("\ntpm buffer\n"); > > + pr_debug("\ntpm buffer\n"); > > len = LOAD32(buf, TPM_SIZE_OFFSET); > > - print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); > > -} > > -#else > > -static inline void dump_options(struct trusted_key_options *o) > > -{ > > -} > > - > > -static inline void dump_sess(struct osapsess *s) > > -{ > > -} > > - > > -static inline void dump_tpm_buf(unsigned char *buf) > > -{ > > + print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); > > } > > -#endif > > static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, > > unsigned int keylen, ...) BR, Jarkko
