On Thu, 2019-12-12 at 12:49 -0800, Tadeusz Struk wrote: > On 12/12/19 11:51 AM, James Bottomley wrote: > > TPM2_Clear reprovisions the SPS ... that would make all currently > > exported TPM keys go invalid. I know these tests should be > > connected to a vTPM, so doing this should be safe, but if this > > accidentally got executed on your laptop all TPM relying functions > > would be disrupted, which doesn't seem to be the best thing to hard > > wire into a test. > > That is true, but it will need to be executed as root, and root > should know what she/he is doing ;) Not in the modern kernel resource manager world: anyone who is in the tpm group can access the tpmrm device and we haven't added a dangerous command filter like we promised we would, so unless they have actually set lockout or platform authorization, they'll find they can execute it > > What about doing a TPM2_DictionaryAttackLockReset instead, which is > > the least invasive route to fixing the problem ... provided you > > know what the lockout authorization is. > > I can change tpm2_clear to tpm2_dictionarylockout -c if we want to > make it foolproof. In this case we can assume that the lockout auth > is empty. Well, if it isn't TPM2_Clear would refuse to execute as well since that requires either lockout auth or platform + physical presence. James
