[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 06/13] vtpmmgr: Flush transient keys on shutdown

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Thu, 6 May 2021 09:59:16 -0400
Cc: Jason Andryuk <jandryuk@xxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Quan Xu <quan.xu0@xxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
Delivery-date: Thu, 06 May 2021 14:00:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Remove our key so it isn't left in the TPM for someone to come along
after vtpmmgr shutsdown.

Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
Reviewed-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
---
 stubdom/vtpmmgr/init.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index decf8e8b4d..56b4be85b3 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void)
    /* Close tpmback */
    shutdown_tpmback();
 
+    if (hw_is_tpm2()) {
+        /* Blow away all stale handles left in the tpm*/
+        if (flush_tpm2() != TPM_SUCCESS) {
+            vtpmlogerror(VTPM_LOG_TPM,
+                         "TPM2_FlushResources failed, continuing 
shutdown..\n");
+        }
+    }
+
    /* Close tpmfront/tpm_tis */
    close(vtpm_globals.tpm_fd);
 
-- 
2.30.2

Follow-Ups:
- Re: [PATCH v2 06/13] vtpmmgr: Flush transient keys on shutdown
  - From: Daniel P. Smith

References:
- [PATCH v2 00/13] vtpmmgr: Some fixes - still incomplete
  - From: Jason Andryuk

Prev by Date: [PATCH v2 05/13] vtpmmgr: Move vtpmmgr_shutdown
Next by Date: [PATCH v2 07/13] vtpmmgr: Flush all transient keys
Previous by thread: Re: [PATCH v2 05/13] vtpmmgr: Move vtpmmgr_shutdown
Next by thread: Re: [PATCH v2 06/13] vtpmmgr: Flush transient keys on shutdown
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.