diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-21 17:15:44 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-21 17:15:44 -0800 |
| commit | a2b095e0efa7229a1a88602283ba1a8a32004851 (patch) | |
| tree | 333006d05ce305821ed1abfc20daa4471330f408 /crypto | |
| parent | 177626c6d5ab1f73d41c94bf9fb0071149779bff (diff) | |
| parent | 8c657a0590de585b1115847c17b34a58025f2f4b (diff) | |
Merge tag 'tpmdd-next-v5.12-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd
Pull tpm updates from Jarkko Sakkinen:
"New features:
- Cr50 I2C TPM driver
- sysfs exports of PCR registers in TPM 2.0 chips
Bug fixes:
- bug fixes for tpm_tis driver, which had a racy wait for hardware
state change to be ready to send a command to the TPM chip. The bug
has existed already since 2006, but has only made itself known in
recent past. This is the same as the "last time" :-)
- Otherwise there's bunch of fixes for not as alarming regressions. I
think the list is about the same as last time, except I added fixes
for some disjoint bugs in trusted keys that I found some time ago"
* tag 'tpmdd-next-v5.12-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd:
KEYS: trusted: Reserve TPM for seal and unseal operations
KEYS: trusted: Fix migratable=1 failing
KEYS: trusted: Fix incorrect handling of tpm_get_random()
tpm/ppi: Constify static struct attribute_group
ABI: add sysfs description for tpm exports of PCR registers
tpm: add sysfs exports for all banks of PCR registers
keys: Update comment for restrict_link_by_key_or_keyring_chain
tpm: Remove tpm_dev_wq_lock
char: tpm: add i2c driver for cr50
tpm: Fix fall-through warnings for Clang
tpm_tis: Clean up locality release
tpm_tis: Fix check_locality for correct locality acquisition
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asymmetric_keys/restrict.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 77ebebada29c..84cefe3b3585 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -244,9 +244,10 @@ int restrict_link_by_key_or_keyring(struct key *dest_keyring, * @payload: The payload of the new key. * @trusted: A key or ring of keys that can be used to vouch for the new cert. * - * Check the new certificate only against the key or keys passed in the data - * parameter. If one of those is the signing key and validates the new - * certificate, then mark the new certificate as being ok to link. + * Check the new certificate against the key or keys passed in the data + * parameter and against the keys already linked to the destination keyring. If + * one of those is the signing key and validates the new certificate, then mark + * the new certificate as being ok to link. * * Returns 0 if the new certificate was accepted, -ENOKEY if we * couldn't find a matching parent certificate in the trusted list, |