sespiros
commented
2 years ago Latest secboot version in snapd:
github.com/snapcore/secboot v0.0.0-20211018143212-802bb19ca263In the case of a TPM_RC_INTEGRITY error, the first if case will be followed, as isLoadInvalidParamError catches all errors for all parameters, and unsealing will proceed using a transient SRK normally:
https://github.com/snapcore/secboot/blob/802bb19ca26320bf397791463a96ce2550b8b8e1/tpm2/unseal.go#L80-L86
https://github.com/snapcore/secboot/blob/802bb19ca26320bf397791463a96ce2550b8b8e1/tpm2/utils.go#L48-L52
chrisccoulson
The TPM unsealing code will fall back to trying with a transient primary key if the initial unsealing attempt with the persistent primary key fails in some cases - if the TPM2_Load command fails with a handle error, indicating that the supplied parent handle is not a valid storage key.
But it fails immediately if TPM2_Load returns a TPM_RC_INTEGRITY error for the inPrivate parameter, which may indicate that although the parent handle corresponds to a valid storage key, it may not be the correct parent key. This might happen if other software that uses the TPM evicts the primary key we create during install and then creates a new one with a non-standard template.
The unsealing code should probably adopt a belt and braces approach to error handling here and fall back to trying with a transient primary key if the TPM2_Load command fails for any reason, rather than implementing handling that is specific to each error type. I would also extend the existing error handling to work like this: