Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 45477b3f authored Dec 12, 2019 by James Bottomley Committed by Jarkko Sakkinen Dec 17, 2019

security: keys: trusted: fix lost handle flush



The original code, before it was moved into security/keys/trusted-keys
had a flush after the blob unseal.  Without that flush, the volatile
handles increase in the TPM until it becomes unusable and the system
either has to be rebooted or the TPM volatile area manually flushed.
Fix by adding back the lost flush, which we now have to export because
of the relocation of the trusted key code may cause the consumer to be
modular.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Fixes: 2e19e101 ("KEYS: trusted: Move TPM2 trusted keys code")
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

parent 21df4a8b

drivers/char/tpm/tpm.h

+0 −1

Original line number	Diff line number	Diff line
		@@ -218,7 +218,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
		int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
		struct tpm_digest *digests);
		int tpm2_get_random(struct tpm_chip chip, u8 dest, size_t max);
		void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
		ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
		u32 value, const char desc);

drivers/char/tpm/tpm2-cmd.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -362,6 +362,7 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 handle)
		tpm_transmit_cmd(chip, &buf, 0, "flushing context");
		tpm_buf_destroy(&buf);
		}
		EXPORT_SYMBOL_GPL(tpm2_flush_context);

		struct tpm2_get_cap_out {
		u8 more_data;

include/linux/tpm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -403,6 +403,7 @@ extern int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
		extern int tpm_send(struct tpm_chip chip, void cmd, size_t buflen);
		extern int tpm_get_random(struct tpm_chip chip, u8 data, size_t max);
		extern struct tpm_chip *tpm_default_chip(void);
		void tpm2_flush_context(struct tpm_chip *chip, u32 handle);
		#else
		static inline int tpm_is_tpm2(struct tpm_chip *chip)
		{

security/keys/trusted-keys/trusted_tpm2.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -309,6 +309,7 @@ int tpm2_unseal_trusted(struct tpm_chip *chip,
		return rc;

		rc = tpm2_unseal_cmd(chip, payload, options, blob_handle);
		tpm2_flush_context(chip, blob_handle);

		return rc;
		}

CRA Git | Maintained and supported by SUSTech CRA and CCSE