|
| From: | Stefan Berger |
| Subject: | Re: [PATCH 0/2] backend/tpm: Resolve issue with TPM 2 DA lockout |
| Date: | Fri, 27 May 2022 15:31:26 -0400 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0 |
On 5/27/22 15:24, Marc-André Lureau wrote:
I don't know what real hardware can actually do when the machine is reset, presumably via some reset line, or the power is removed. Probably it has no way to react to this.Hi On Fri, May 27, 2022 at 7:36 PM Stefan Berger <stefanb@linux.ibm.com> wrote:This series of patches resolves an issue with a TPM 2's dictionary attack lockout logic being triggered upon well-timed VM resets. Normally, the OS TPM driver sends a TPM2_Shutdown to the TPM 2 upon reboot and before a VM is reset. However, the OS driver cannot do this when the user resets a VM. In this case QEMU must send the command because otherwise several well- timed VM resets will trigger the TPM 2's dictionary attack (DA) logic and it will then refuse to do certain key-related operations until the DA logic has timed out.How does real hardware deal with that situation? Shouldn't this "shutdown"/reset logic be implemented on swtpm side instead, when CMD_INIT is received? (when the VM is restarted)
Typically the OS driver has to send the command and since it cannot do this I would defer it to the TPM emulator reset handler code, so the next layer down.
Regards, Stefan Stefan Berger (2): backends/tpm: Record the last command sent to the TPM backends/tpm: Send TPM2_Shutdown upon VM reset backends/tpm/tpm_emulator.c | 44 +++++++++++++++++++++++++++++++++++++ backends/tpm/tpm_int.h | 3 +++ backends/tpm/tpm_util.c | 9 ++++++++ backends/tpm/trace-events | 1 + include/sysemu/tpm_util.h | 3 +++ 5 files changed, 60 insertions(+) -- 2.35.3
| [Prev in Thread] | Current Thread | [Next in Thread] |