shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Code

shared: Fix TPM2 unsealing when PCR values change

Browse Source 
Recreate the encryption session on each retry. It's invalidated along
with the policy session when freed, failing subsequent retries.

	Unsealing HMAC key.
	WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error
	ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x00000128)
	A PCR value changed during the TPM2 policy session, restarting HMAC key unsealing (30 tries left).
	Missing encryption session
	Failed to unseal secret using TPM2: Invalid argument

Fixes #31881
This commit is contained in:
Gabríel Arthúr Pétursson 2024-03-20 16:48:36 +00:00 committed by Luca Boccassi
parent a2369b8be4
commit 1923e21316
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/tpm2-util.c
View File

@ -5525,13 +5525,13 @@ int tpm2_unseal(Tpm2Context *c,
if (r < 0)
return r;
_cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
_cleanup_(tpm2_handle_freep) Tpm2Handle *encryption_session = NULL;
r = tpm2_make_encryption_session(c, primary_handle, hmac_key, &encryption_session);
if (r < 0)
return r;
_cleanup_(Esys_Freep) TPM2B_SENSITIVE_DATA* unsealed = NULL;
for (unsigned i = RETRY_UNSEAL_MAX;; i--) {
_cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL;
_cleanup_(Esys_Freep) TPM2B_DIGEST *policy_digest = NULL;
r = tpm2_make_policy_session(