Skip to content

Commit

Permalink
Fix to use the new unset auth session API, that captures the last TPM…
Browse files Browse the repository at this point in the history 
… nonce, so the session auth can be properly set again. Requires wolfTPM PR wolfSSL/wolfTPM#299
  • Loading branch information
@dgarske
dgarske committed Sep 15, 2023
1 parent e3f97f4 commit 0787f73
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
2 changes: 1 addition & 1 deletion lib/wolfTPM
Submodule wolfTPM updated 13 files
+1 −0 .gitignore
+1 −0 examples/boot/secure_rot.c
+3 −1 examples/gpio/gpio_config.c
+3 −1 examples/nvram/counter.c
+10 −2 examples/nvram/include.am
+1 −0 examples/nvram/nvram.h
+307 −0 examples/nvram/policy_nv.c
+5 −1 examples/nvram/read.c
+4 −2 examples/nvram/store.c
+7 −0 examples/run_examples.sh
+2 −0 examples/wrap/wrap_test.c
+32 −13 src/tpm2_wrap.c
+19 −0 wolftpm/tpm2_wrap.h
10 changes: 6 additions & 4 deletions src/tpm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -769,7 +769,7 @@ int wolfBoot_seal_blob(uint8_t* pubkey_hint, uint8_t* policy, uint16_t policySz,
}

wolfTPM2_UnloadHandle(&wolftpm_dev, &policy_session.handle);
wolfTPM2_UnsetAuth(&wolftpm_dev, 1);
wolfTPM2_UnsetAuthSession(&wolftpm_dev, 1, &wolftpm_session);

return rc;
}
Expand Down Expand Up @@ -949,7 +949,7 @@ int wolfBoot_unseal_blob(uint8_t* pubkey_hint,

wolfTPM2_UnloadHandle(&wolftpm_dev, &seal_blob->handle);
wolfTPM2_UnloadHandle(&wolftpm_dev, &policy_session.handle);
wolfTPM2_UnsetAuth(&wolftpm_dev, 1);
wolfTPM2_UnsetAuthSession(&wolftpm_dev, 1, &wolftpm_session);

return rc;
}
Expand Down Expand Up @@ -996,6 +996,7 @@ static int wolfRNG_GetSeedCB(OS_Seed* os, uint8_t* seed, uint32_t sz)
if (rc == 0) {
rc = wolfTPM2_GetRandom(&wolftpm_dev, seed, sz);
}
wolfTPM2_UnsetAuthSession(&wolftpm_dev, 0, &wolftpm_session);
return rc;
}
#endif
Expand Down Expand Up @@ -1141,7 +1142,8 @@ int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
nv.handle.hndl = WOLFBOOT_TPM_KEYSTORE_NV_BASE + key_slot;
#ifdef WOLFBOOT_TPM_KEYSTORE_AUTH
nv.handle.auth.size = (UINT16)strlen(WOLFBOOT_TPM_KEYSTORE_AUTH);
memcpy(nv.handle.auth.buffer, WOLFBOOT_TPM_KEYSTORE_AUTH, nv.handle.auth.size);
memcpy(nv.handle.auth.buffer, WOLFBOOT_TPM_KEYSTORE_AUTH,
nv.handle.auth.size);
#endif
wolfTPM2_SetAuthHandle(&wolftpm_dev, 0, &nv.handle);

Expand Down Expand Up @@ -1170,7 +1172,7 @@ int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
wolfBoot_print_hexstr(pubkey_hint, digestSz, 0);
}
}
wolfTPM2_UnsetAuth(&wolftpm_dev, 1);
wolfTPM2_UnsetAuthSession(&wolftpm_dev, 1, &wolftpm_session);

return rc;
}
Expand Down

0 comments on commit 0787f73

Please sign in to comment.