Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FAPI: Fix usage of endorsement handle #2711

Merged
merged 1 commit into from
Nov 30, 2023
Merged

FAPI: Fix usage of endorsement handle #2711

merged 1 commit into from
Nov 30, 2023

Conversation

JuergenReppSIT
Copy link
Member

@JuergenReppSIT JuergenReppSIT commented Nov 21, 2023
edited
Loading

In several cases the wrong handle TPM2_RH_EK was used instead of TPM2_RH_ENDORSEMENT.
This caused a wrong recreation of keys (except the EK) under the endorsement hierarchy.
Addresses: #2709

Signed-off-by: Juergen Repp juergen_repp@web.de

@JuergenReppSIT JuergenReppSIT added this to the 4.0.2 milestone Nov 21, 2023
@JuergenReppSIT JuergenReppSIT added bug backport Issues to be backported to old-stable labels Nov 21, 2023
@JuergenReppSIT JuergenReppSIT force-pushed the fapi-fix-usage-of-endorsement-handle branch 2 times, most recently from e9f1178 to 65f82da Compare November 21, 2023 11:53
@JuergenReppSIT
FAPI: Fix usage of endorsement handle
fb191f4 
In several cases the wrong handle TPM2_RH_EK was used instead of
TPM2_RH_ENDORSEMENT.
This caused a wrong recreation of keys (except the EK) under the
endorsement hierarchy.
Now the correct hierarchy handle is used and a check whether the
recreated public key of the recreated primary corresponds to the
keystore.

Addresses: tpm2-software#2709

Signed-off-by: Juergen Repp <juergen_repp@web.de>
@JuergenReppSIT JuergenReppSIT force-pushed the fapi-fix-usage-of-endorsement-handle branch from 65f82da to fb191f4 Compare November 21, 2023 13:56
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2023

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (ede63dd) 82.60% compared to head (e9f1178) 82.58%.

❗ Current head e9f1178 differs from pull request most recent head fb191f4. Consider uploading reports for the commit fb191f4 to get more accurate results

Files Patch % Lines
src/tss2-fapi/fapi_util.c 80.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2711      +/-   ##
==========================================
- Coverage   82.60%   82.58%   -0.02%     
==========================================
  Files         368      368              
  Lines       43001    43006       +5     
==========================================
- Hits        35519    35517       -2     
- Misses       7482     7489       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

AndreasFuchsTPM
AndreasFuchsTPM reviewed Nov 29, 2023
View reviewed changes
src/tss2-fapi/fapi_util.c
context->ek_persistent = true;
} else {
} else if (strcmp("/SRK",
&pkey_object->rel_path[strlen(pkey_object->rel_path)-4]) == 0) {
context->srk_persistent = true;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the no else possible after these two cases ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it's possible. ek_persistentand srk_persistentare only used in the provisioning cleanup for the EK and SRK and in the cleanup for sessions where the SRK is used as TPM key.

@AndreasFuchsTPM AndreasFuchsTPM merged commit 718c478 into tpm2-software:master Nov 30, 2023
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndreasFuchsTPM AndreasFuchsTPM AndreasFuchsTPM approved these changes

@cplappert cplappert Awaiting requested review from cplappert

Assignees
No one assigned
Labels
backport Issues to be backported to old-stable bug
Projects
None yet
Milestone
4.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@JuergenReppSIT @AndreasFuchsTPM