[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 6/9] vtpmmgr: Flush transient keys on shutdown

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Tue, 4 May 2021 08:48:39 -0400
Cc: Jason Andryuk <jandryuk@xxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Quan Xu <quan.xu0@xxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
Delivery-date: Tue, 04 May 2021 12:49:39 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Remove our key so it isn't left in the TPM for someone to come along
after vtpmmgr shutsdown.

Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx>
---
 stubdom/vtpmmgr/init.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index 569b0dd1dc..d9fefa9be6 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void)
    /* Close tpmback */
    shutdown_tpmback();
 
+    if (hw_is_tpm2()) {
+        /* Blow away all stale handles left in the tpm*/
+        if (flush_tpm2() != TPM_SUCCESS) {
+            vtpmlogerror(VTPM_LOG_TPM,
+                         "TPM2_FlushResources failed, continuing 
shutdown..\n");
+        }
+    }
+
    /* Close tpmfront/tpm_tis */
    close(vtpm_globals.tpm_fd);
 
-- 
2.30.2

Follow-Ups:
- Re: [PATCH 6/9] vtpmmgr: Flush transient keys on shutdown
  - From: Samuel Thibault

References:
- [PATCH 0/9] vtpmmgr: Some fixes - still incomplete
  - From: Jason Andryuk

Prev by Date: [PATCH 5/9] vtpmmgr: Move vtpmmgr_shutdown
Next by Date: [PATCH 7/9] vtpmmgr: Flush all transient keys
Previous by thread: Re: [PATCH 5/9] vtpmmgr: Move vtpmmgr_shutdown
Next by thread: Re: [PATCH 6/9] vtpmmgr: Flush transient keys on shutdown
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.