]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
creds: tolerate TPM2 seal failure in auto mode
authorLuca Boccassi <luca.boccassi@gmail.com>
Wed, 8 Jul 2026 14:40:59 +0000 (15:40 +0100)
committerLuca Boccassi <luca.boccassi@gmail.com>
Sat, 11 Jul 2026 16:09:13 +0000 (17:09 +0100)
Automatic key modes tolerate a failed TPM2 sealing attempt and
fall back to a host or null key. Do not consume TPM2 blob output in
that case, tpm2_seal() leaves it empty on failure, so the fallback
path should continue without TPM2 metadata.

Follow-up for 9e4379945b74ee7920fe375be0bcb04d8ef53873

src/shared/creds-util.c

index 58207d4d002b5bcf8ba0394cd53d9808bfe2f6a9..09bbf6bca89ba9f00306d2161b2089ab65f3f915 100644 (file)
@@ -1032,17 +1032,17 @@ int encrypt_credential_and_warn(
                                 return log_error_errno(r, "Failed to seal to TPM2: %m");
 
                         log_notice_errno(r, "TPM2 sealing didn't work, continuing without TPM2: %m");
-                }
-
-                if (!iovec_memdup(&IOVEC_MAKE(tpm2_policy.buffer, tpm2_policy.size), &tpm2_policy_hash))
-                        return log_oom();
+                } else {
+                        if (!iovec_memdup(&IOVEC_MAKE(tpm2_policy.buffer, tpm2_policy.size), &tpm2_policy_hash))
+                                return log_oom();
 
-                assert(n_blobs == 1);
-                tpm2_blob = TAKE_STRUCT(blobs[0]);
+                        assert(n_blobs == 1);
+                        tpm2_blob = TAKE_STRUCT(blobs[0]);
 
-                assert(tpm2_blob.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
-                assert(tpm2_policy_hash.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
-                assert(tpm2_srk.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
+                        assert(tpm2_blob.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
+                        assert(tpm2_policy_hash.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
+                        assert(tpm2_srk.iov_len <= CREDENTIAL_FIELD_SIZE_MAX);
+                }
         }
 #endif