|
 |
d7d45b |
From b662e6fd7169f31ef664ecd0b0b45547462e1e31 Mon Sep 17 00:00:00 2001
|
|
|
d7d45b |
From: Stefan Berger <stefanb@linux.ibm.com>
|
|
|
d7d45b |
Date: Tue, 4 Jan 2022 14:45:31 -0500
|
|
|
d7d45b |
Subject: [PATCH] tpm2: When writing state initialize s_ContextSlotMask if not
|
|
|
d7d45b |
set
|
|
|
d7d45b |
|
|
|
d7d45b |
If s_ContextSlotMask was not set since the TPM 2 was not initialized
|
|
|
d7d45b |
by a call to TPM_Manufacture() or the state was not resumed, then
|
|
|
d7d45b |
initialize the s_ContextSlotMask to 0xffff.
|
|
|
d7d45b |
|
|
|
d7d45b |
This situation can occur if a VM with an attached swtpm was started
|
|
|
d7d45b |
and the VM's firmware either doesn't support TPM or didn't get to
|
|
|
d7d45b |
initialize the vTPM.
|
|
|
d7d45b |
|
|
|
d7d45b |
The following commands recreated the issue with a SeaBIOS-only VM that
|
|
|
d7d45b |
had no attached hard disk but an attached TPM 2:
|
|
|
d7d45b |
|
|
|
d7d45b |
virsh start BIOS-only-VM ; virsh save BIOS-only-VM save.bin ; \
|
|
|
d7d45b |
virsh restore save.bin
|
|
|
d7d45b |
|
|
|
d7d45b |
Error: Failed to restore domain from save.bin
|
|
|
d7d45b |
error: internal error: qemu unexpectedly closed the monitor: \
|
|
|
d7d45b |
2022-01-04T19:26:18.835851Z qemu-system-x86_64: tpm-emulator: Setting the stateblob (type 2) failed with a TPM error 0x3 a parameter is bad
|
|
|
d7d45b |
2022-01-04T19:26:18.835899Z qemu-system-x86_64: error while loading state for instance 0x0 of device 'tpm-emulator'
|
|
|
d7d45b |
2022-01-04T19:26:18.835929Z qemu-system-x86_64: load of migration failed: Input/output error
|
|
|
d7d45b |
|
|
|
d7d45b |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035731
|
|
|
d7d45b |
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
|
d7d45b |
---
|
|
|
d7d45b |
src/tpm2/NVMarshal.c | 5 +++++
|
|
|
d7d45b |
1 file changed, 5 insertions(+)
|
|
|
d7d45b |
|
|
|
d7d45b |
diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
|
|
|
d7d45b |
index 996c73c..c7cd1e0 100644
|
|
|
d7d45b |
--- a/src/tpm2/NVMarshal.c
|
|
|
d7d45b |
+++ b/src/tpm2/NVMarshal.c
|
|
|
d7d45b |
@@ -1422,6 +1422,11 @@ STATE_RESET_DATA_Marshal(STATE_RESET_DATA *data, BYTE **buffer, INT32 *size)
|
|
|
d7d45b |
written += UINT16_Marshal(&array_size, buffer, size);
|
|
|
d7d45b |
for (i = 0; i < array_size; i++)
|
|
|
d7d45b |
written += UINT16_Marshal(&data->contextArray[i], buffer, size);
|
|
|
d7d45b |
+
|
|
|
d7d45b |
+ if (s_ContextSlotMask != 0x00ff && s_ContextSlotMask != 0xffff) {
|
|
|
d7d45b |
+ /* TPM wasn't initialized, so s_ContextSlotMask wasn't set */
|
|
|
d7d45b |
+ s_ContextSlotMask = 0xffff;
|
|
|
d7d45b |
+ }
|
|
|
d7d45b |
written += UINT16_Marshal(&s_ContextSlotMask, buffer, size);
|
|
|
d7d45b |
|
|
|
d7d45b |
written += UINT64_Marshal(&data->contextCounter, buffer, size);
|
|
|
d7d45b |
--
|
|
|
d7d45b |
2.36.1
|
|
|
d7d45b |
|