tpm2-tss
tpm2-tss copied to clipboard
tpm2-software
Inconsistency caused by Esys_TR_FromTPMPublic
Several ESYS objects with the same TPM handle with the function Esys_TR_FromTPMPublic. Some ESYS functions e.g. Esys_NV_Write update the internal meta for the object referenced by the passed ESYS handle. The consequence is that there might be objects with NW_WRITTEN set and NV_WRITTEN not set. This caused an error in the TPM tools described in https://github.com/tpm2-software/tpm2-tools/issues/2846. So all objects with the same TPM handle should be updated to avoid inconsistencies. Also for changing the auth values such an update might be needed.
@JuergenReppSIT is this fixed and can be closed? I see a lot of commit descriptions as "addresses" is that just a partial fix or does it fix the whole thing?
I have to questions:
- Is the fix in tss 3.0, 3.1 and 3.2? or just 3.2? I am using Debian 11 that includes tss 3.0.3, and looking for the fix in that branch.
- Does the fix make the tools fix obsolete? Or do we need a combination of tools and tss fix?
I have to questions:
- Is the fix in tss 3.0, 3.1 and 3.2? or just 3.2? I am using Debian 11 that includes tss 3.0.3, and looking for the fix in that branch.
- merged: master: 6c88eea 3.2.x: 9239184
They are currently not released. Master is slated to be the upcoming 4.0 release and 3.2.x should be 3.2.1 release offhand.
- Does the fix make the tools fix obsolete? Or do we need a combination of tools and tss fix?
We could probably check the ESAPI version when building and compile out the patch, github.com/tpm2-software/tpm2-tools/pull/2847, but considering that that the tools CI runs against master and it works, I see no issues other than performance caused by always doing this.
I can mark this as closed after investigating this, but will open a bug on tpm2-tools to compile that out. See tpm2-tools bug https://github.com/tpm2-software/tpm2-tools/issues/3156 so we don't forget about it.
@williamcroberts Thank you for the investigation and closing the issue.