Commit e545f0d8 authored by Bernat, Yehezkel's avatar Bernat, Yehezkel Committed by Greg Kroah-Hartman

thunderbolt: Allow clearing the key

If secure authentication of a devices fails, either because the device
already has another key uploaded, or there is some other error sending
challenge to the device, and the user only wants to approve the device
just once (without a new key being uploaded to the device) the current
implementation does not allow this because the key cannot be cleared
once set even if we allow it to be changed.

Make this scenario possible and allow clearing the key by writing
empty string to the key sysfs file.
Signed-off-by: default avatarYehezkel Bernat <yehezkel.bernat@intel.com>
Acked-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0956e411
...@@ -45,6 +45,8 @@ Contact: thunderbolt-software@lists.01.org ...@@ -45,6 +45,8 @@ Contact: thunderbolt-software@lists.01.org
Description: When a devices supports Thunderbolt secure connect it will Description: When a devices supports Thunderbolt secure connect it will
have this attribute. Writing 32 byte hex string changes have this attribute. Writing 32 byte hex string changes
authorization to use the secure connection method instead. authorization to use the secure connection method instead.
Writing an empty string clears the key and regular connection
method can be used again.
What: /sys/bus/thunderbolt/devices/.../device What: /sys/bus/thunderbolt/devices/.../device
Date: Sep 2017 Date: Sep 2017
......
...@@ -807,8 +807,11 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr, ...@@ -807,8 +807,11 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr,
struct tb_switch *sw = tb_to_switch(dev); struct tb_switch *sw = tb_to_switch(dev);
u8 key[TB_SWITCH_KEY_SIZE]; u8 key[TB_SWITCH_KEY_SIZE];
ssize_t ret = count; ssize_t ret = count;
bool clear = false;
if (hex2bin(key, buf, sizeof(key))) if (!strcmp(buf, "\n"))
clear = true;
else if (hex2bin(key, buf, sizeof(key)))
return -EINVAL; return -EINVAL;
if (mutex_lock_interruptible(&switch_lock)) if (mutex_lock_interruptible(&switch_lock))
...@@ -818,10 +821,14 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr, ...@@ -818,10 +821,14 @@ static ssize_t key_store(struct device *dev, struct device_attribute *attr,
ret = -EBUSY; ret = -EBUSY;
} else { } else {
kfree(sw->key); kfree(sw->key);
if (clear) {
sw->key = NULL;
} else {
sw->key = kmemdup(key, sizeof(key), GFP_KERNEL); sw->key = kmemdup(key, sizeof(key), GFP_KERNEL);
if (!sw->key) if (!sw->key)
ret = -ENOMEM; ret = -ENOMEM;
} }
}
mutex_unlock(&switch_lock); mutex_unlock(&switch_lock);
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment