[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 06/13] vtpmmgr: Flush transient keys on shutdown

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 10 May 2021 08:12:36 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx> header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620648763; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=IUuO+4CPENSAnYQ5OZVeksgThItfvhkq3+AKtI7uo5g=; b=DIqidl2VM1t7tsRhFewz5uNtfn5fT+fezdiSLIG8H2NwVJhhnK+q8EopDKoBmeNw5HwFJMcOvUR7KkERJ1kpbUWK1g88tqaWhdewgc4pHR+jLpisyTvubvQ4sWg4nT+PNooz85Eez9Icd3k0a/QuoEjW9hBDpIRUsTdv9gW30Go=
  • Arc-seal: i=1; a=rsa-sha256; t=1620648763; cv=none; d=zohomail.com; s=zohoarc; b=SBsdWi0leMcf0Qga1YOkNHaFwLzDkW7d9HKwGMsg437YT6NjczdH2i4osaj4Lvgb8t5aor/9ZV2gOfPQNgBR0suB4R101yJ8Wl5ZKYpI90ElqTywhh9bA97hguBbzfXz/rJNzIVu53TYA3roeW+isizi3vYrksQqkSrsShUJF/o=
  • Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Quan Xu <quan.xu0@xxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
  • Delivery-date: Mon, 10 May 2021 12:12:49 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 5/6/21 9:59 AM, Jason Andryuk wrote:
> Remove our key so it isn't left in the TPM for someone to come along
> after vtpmmgr shutsdown.
> 
> Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
> Reviewed-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
> ---

Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

>  stubdom/vtpmmgr/init.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
> index decf8e8b4d..56b4be85b3 100644
> --- a/stubdom/vtpmmgr/init.c
> +++ b/stubdom/vtpmmgr/init.c
> @@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void)
>     /* Close tpmback */
>     shutdown_tpmback();
>  
> +    if (hw_is_tpm2()) {
> +        /* Blow away all stale handles left in the tpm*/
> +        if (flush_tpm2() != TPM_SUCCESS) {
> +            vtpmlogerror(VTPM_LOG_TPM,
> +                         "TPM2_FlushResources failed, continuing 
> shutdown..\n");
> +        }
> +    }
> +
>     /* Close tpmfront/tpm_tis */
>     close(vtpm_globals.tpm_fd);
>  
>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.