TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
TWx Linux Repository
1,343,428 Commits 26 Branches 5,274 Tags 6.1 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
1dbf74e00a
Go to file
Jonathan McDowell 1dbf74e00a tpm: End any active auth session before shutdown 
Lazy flushing of TPM auth sessions can interact badly with IMA + kexec,
resulting in loaded session handles being leaked across the kexec and
not cleaned up. Fix by ensuring any active auth session is ended before
the TPM is told about the shutdown, matching what is done when
suspending.

Before:

root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~# kexec --load --kexec-file-syscall …
root@debian-qemu-efi:~# systemctl kexec
…
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
- 0x2000000
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#
(repeat kexec steps)
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
- 0x2000000
- 0x2000001
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#

After:

root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~# kexec --load --kexec-file-syscall …
root@debian-qemu-efi:~# systemctl kexec
…
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#

Signed-off-by: Jonathan McDowell <noodles@meta.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2025-03-27 15:34:05 +02:00
arch Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
block for-6.15/block-20250322 2025-03-26 18:08:55 -07:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto for-6.15/block-20250322 2025-03-26 18:08:55 -07:00
Documentation Documentation: tpm: Add documentation for the CRB FF-A interface 2025-03-27 15:34:05 +02:00
drivers tpm: End any active auth session before shutdown 2025-03-27 15:34:05 +02:00
fs Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
include ACPICA: Add start method for ARM FF-A 2025-03-27 15:34:05 +02:00
init [ Merge note: this pull request depends on you having merged 2025-03-24 22:06:11 -07:00
io_uring Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
ipc treewide: const qualify ctl_tables where applicable 2025-01-28 13:48:37 +01:00
kernel Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
lib Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
LICENSES LICENSES: add 0BSD license text 2024-09-01 20:43:24 -07:00
mm Summary 2025-03-26 21:02:05 -07:00
net Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
rust lsm/stable-6.15 PR 20250323 2025-03-25 15:44:19 -07:00
samples hardening updates for v6.15-rc1 2025-03-24 15:18:08 -07:00
scripts Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
security Summary 2025-03-26 21:02:05 -07:00
sound hid-for-linus-2025032601 2025-03-26 10:05:43 -07:00
tools Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
usr kbuild: hdrcheck: fix cross build with clang 2025-03-05 04:06:45 +09:00
virt ARM: 2025-03-25 14:22:07 -07:00
.clang-format clang-format: Update with v6.11-rc1's for_each macro list 2024-08-02 13:20:31 +02:00
.clippy.toml rust: give Clippy the minimum supported Rust version 2025-01-10 00:17:25 +01:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore MAINTAINERS: Retire Ralf Baechle 2024-11-12 15:48:59 +01:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore rust: use host dylib naming convention to support macOS 2025-01-10 01:01:24 +01:00
.mailmap lsm/stable-6.15 PR 20250323 2025-03-25 15:44:19 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: update bridge entry 2025-03-21 18:24:07 +01:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
Makefile [ Merge note: this pull request depends on you having merged 2025-03-24 22:06:11 -07:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.