[gnutls-devel] [PATCH 0/2] Fix TPM key handling

James Bottomley James.Bottomley at HansenPartnership.com
Sat Dec 3 23:31:06 CET 2016

It looks like TPM keys requiring authorization have never worked in
gnutls, partly because of a coding error which is fixed in the first
patch and partly because of an apparent misunderstanding about the way
trousers works, which is fixed in the second.

It's amusing to note that the concerns about the dictionary attack
lockout in the second patch are real: I managed to lock up my own TPM
while debugging the code and, thanks to Nuvoton, I discovered that the
DA lockout survives clearing the TPM, meaning I was left with a TPM
that was locked out but had no owner authority, meaning no viable way
of resetting the DA lockout.  Fortunately, it agreed to let me back in
the next day.



James Bottomley (2):
  tpm: must clear pkey each time we go round the import loop
  tpm: fix handling of keys requiring authorization

 lib/tpm.c | 73 +++++++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 45 insertions(+), 28 deletions(-)


More information about the Gnutls-devel mailing list