Re: [PATCH v2 1/2] keys/trusted_keys: clean up debug message logging in the tpm backend

[Srish Srinivasan]

On 3/10/26 4:15 AM, Nayna Jain wrote:
> On 2/20/26 1:34 PM, Srish Srinivasan wrote:
> > The TPM trusted-keys backend uses a local TPM_DEBUG guard and pr_info()
> > for logging debug information.
> >
> > Replace pr_info() with pr_debug(), and use KERN_DEBUG for 
> > print_hex_dump().
> > Remove TPM_DEBUG.
> >
> > No functional change intended.
> There is functional change here.  This change allows secret and nonce 
> in the function dump_sess() to be logged to kernel logs when dynamic 
> debug is enabled. Previously, it was possible only in the debug builds 
> and not the production builds at runtime. With this change, it is 
> always there in production build. This can result in possible attack.


Hi Jarkko,
Could you please let us know your thoughts on this one?

And Nayna,
thanks for bringing this up.

thanks,
Srish.


> Instead of doing this change, I think add a comment to prevent this 
> sort of change in the future.
>
> Thanks & Regards,
>
>     - Nayna
>
> > Signed-off-by: Srish Srinivasan <ssrish@xxxxxxxxxxxxx>
> > Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> > ---
> >   security/keys/trusted-keys/trusted_tpm1.c | 40 +++++++----------------
> >   1 file changed, 12 insertions(+), 28 deletions(-)
> >
> > diff --git a/security/keys/trusted-keys/trusted_tpm1.c 
> > b/security/keys/trusted-keys/trusted_tpm1.c
> > index c865c97aa1b4..216caef97ffc 100644
> > --- a/security/keys/trusted-keys/trusted_tpm1.c
> > +++ b/security/keys/trusted-keys/trusted_tpm1.c
> > @@ -46,28 +46,25 @@ enum {
> >       SRK_keytype = 4
> >   };
> >   -#define TPM_DEBUG 0
> > -
> > -#if TPM_DEBUG
> >   static inline void dump_options(struct trusted_key_options *o)
> >   {
> > -    pr_info("sealing key type %d\n", o->keytype);
> > -    pr_info("sealing key handle %0X\n", o->keyhandle);
> > -    pr_info("pcrlock %d\n", o->pcrlock);
> > -    pr_info("pcrinfo %d\n", o->pcrinfo_len);
> > -    print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
> > +    pr_debug("sealing key type %d\n", o->keytype);
> > +    pr_debug("sealing key handle %0X\n", o->keyhandle);
> > +    pr_debug("pcrlock %d\n", o->pcrlock);
> > +    pr_debug("pcrinfo %d\n", o->pcrinfo_len);
> > +    print_hex_dump(KERN_DEBUG, "pcrinfo ", DUMP_PREFIX_NONE,
> >                  16, 1, o->pcrinfo, o->pcrinfo_len, 0);
> >   }
> >     static inline void dump_sess(struct osapsess *s)
> >   {
> > -    print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
> > +    print_hex_dump(KERN_DEBUG, "trusted-key: handle ", 
> > DUMP_PREFIX_NONE,
> >                  16, 1, &s->handle, 4, 0);
> > -    pr_info("secret:\n");
> > -    print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
> > +    pr_debug("secret:\n");
> > +    print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE,
> >                  16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
> > -    pr_info("trusted-key: enonce:\n");
> > -    print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
> > +    pr_debug("trusted-key: enonce:\n");
> > +    print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE,
> >                  16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
> >   }
> >   @@ -75,23 +72,10 @@ static inline void dump_tpm_buf(unsigned char 
> > *buf)
> >   {
> >       int len;
> >   -    pr_info("\ntpm buffer\n");
> > +    pr_debug("\ntpm buffer\n");
> >       len = LOAD32(buf, TPM_SIZE_OFFSET);
> > -    print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 
> > 0);
> > -}
> > -#else
> > -static inline void dump_options(struct trusted_key_options *o)
> > -{
> > -}
> > -
> > -static inline void dump_sess(struct osapsess *s)
> > -{
> > -}
> > -
> > -static inline void dump_tpm_buf(unsigned char *buf)
> > -{
> > +    print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_NONE, 16, 1, buf, 
> > len, 0);
> >   }
> > -#endif
> >     static int TSS_rawhmac(unsigned char *digest, const unsigned char 
> > *key,
> >                  unsigned int keylen, ...)