From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 6 Apr 2021 09:46:19 +0000 (+0200)
Subject: tpm2-util: properly load tpm2 libraries befre unsealing
X-Git-Tag: v249-rc1~470
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1b30720c1b22df75e147cc201f240db23881672d;p=thirdparty%2Fsystemd.git

tpm2-util: properly load tpm2 libraries befre unsealing

We forgot a call to dlopen_tpm2() in the unseal codepaths. As long as
automatic TPM2 device discovery was used that didn't matter, since in
that codepaths we'd have another call dlopen_tpm2(). But with an
explicitly configured TPM2 device things should work too, hence add the
missing call.

Fixes: #19206
---

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 8a0f45c2db7..4d17f3c96a2 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -686,6 +686,10 @@ int tpm2_unseal(
 
         assert(pcr_mask < (UINT32_C(1) << TPM2_PCRS_MAX)); /* Support 24 PCR banks */
 
+        r = dlopen_tpm2();
+        if (r < 0)
+                return log_error_errno(r, "TPM2 support is not installed.");
+
         /* So here's what we do here: We connect to the TPM2 chip. As we do when sealing we generate a
          * "primary" key on the TPM2 chip, with the same parameters as well as a PCR-bound policy
          * session. Given we pass the same parameters, this will result in the same "primary" key, and same