mirror of
https://github.com/systemd/systemd.git
synced 2025-01-11 09:18:07 +03:00
shared: Fix TPM2 unsealing when PCR values change
Recreate the encryption session on each retry. It's invalidated along with the policy session when freed, failing subsequent retries. Unsealing HMAC key. WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x00000128) A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (30 tries left). Missing encryption session Failed to unseal secret using TPM2: Invalid argument Fixes #31881
This commit is contained in:
parent
a2369b8be4
commit
1923e21316
@ -5525,13 +5525,13 @@ int tpm2_unseal(Tpm2Context *c,
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
_cleanup_(tpm2_handle_freep) Tpm2Handle *encryption_session = NULL;
|
|
||||||
r = tpm2_make_encryption_session(c, primary_handle, hmac_key, &encryption_session);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
_cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
|
_cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
|
||||||
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
|
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
|
||||||
|
_cleanup_(tpm2_handle_freep) Tpm2Handle *encryption_session = NULL;
|
||||||
|
r = tpm2_make_encryption_session(c, primary_handle, hmac_key, &encryption_session);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
_cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL;
|
_cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL;
|
||||||
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
|
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
|
||||||
r = tpm2_make_policy_session(
|
r = tpm2_make_policy_session(
|
||||||
|
Loading…
Reference in New Issue
Block a user