Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
tpm2-esys: Check parent NODA flag and demand password if needed
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
  • Loading branch information
dwmw2 committed Oct 12, 2018
1 parent 79bb454 commit cc82898
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions gnutls_tpm2_esys.c
Expand Up @@ -236,6 +236,18 @@ static int init_tpm2_key(ESYS_CONTEXT **ctx, ESYS_TR *keyHandle,
vpninfo->tpm2->parent, r);
goto error;
}
/* If we don't already have a password, check the NODA flag on the parent
* and demand one if DA protection is enabled (since that strongly implies
* there is a non-empty password). */
if (!vpninfo->tpm2->ownerauth.size) {
TPM2B_PUBLIC *pub = NULL;

r = Esys_ReadPublic(*ctx, parentHandle, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&pub, NULL, NULL);
if (!r && !(pub->publicArea.objectAttributes & TPMA_OBJECT_NODA))
vpninfo->tpm2->need_ownerauth = 1;
free(pub);
}
reauth:
if (vpninfo->tpm2->need_ownerauth) {
char *pass = NULL;
Expand Down

0 comments on commit cc82898

Please sign in to comment.