diff options
| author | Kees Cook <keescook@chromium.org> | 2012-11-27 10:01:12 -0800 |
|---|---|---|
| committer | Gerrit <chrome-bot@google.com> | 2012-11-27 14:53:22 -0800 |
| commit | ca44b077a889ea7ddb6d5de712ac6dd0d6a3d67e (patch) | |
| tree | 1ff99c55351e2cb4a4d8df73d004fa970228968a | |
| parent | 8a42c2718fce6f34baaa52146f039a2acd1477be (diff) | |
| download | vboot-ca44b077a889ea7ddb6d5de712ac6dd0d6a3d67e.tar.gz | |
mount-encrypted: add error reporting to RNG failures
In the case of the TPM getting into a permanent failure mode
(e.g. crosbug.com/p/15785), the entropy system was not trying harder to
get entropy (i.e. falling back to system RNG), and was just using
whatever happened to be on the stack.
This adds the system RNG to the fallback list:
- try TPM RNG
- try system RNG
- use uninitialized stack contents
The reason for the last one being used is so we can make sure we're
getting a system up. It is extremely unlikely for both the TPM and
the system RNGs to be broken and if they are, it's likely a relatively
permanent failure condition. If we abort in this state, we'll cause an
infinite repair loop which is a very bad user experience. Instead, get
the system up using terrible entropy so the conditions can be examined.
BUG=chrome-os-partner:15960
TEST=daisy build with instrumented kernel tpm driver to always fail
BRANCH=none
Change-Id: I92c454925a78bb0d94262cdb3914c1b72010450e
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38751
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
| -rw-r--r-- | utility/mount-encrypted.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c index 1b45a7f6..94f54d8a 100644 --- a/utility/mount-encrypted.c +++ b/utility/mount-encrypted.c @@ -453,10 +453,14 @@ static int get_random_bytes_tpm(unsigned char *buffer, int wanted) /* Returns 1 on success, 0 on failure. */ static int get_random_bytes(unsigned char *buffer, int wanted) { - if (has_tpm) - return get_random_bytes_tpm(buffer, wanted); - else - return RAND_bytes(buffer, wanted); + if (has_tpm && get_random_bytes_tpm(buffer, wanted)) + return 1; + + if (RAND_bytes(buffer, wanted)) + return 1; + SSL_ERROR("RAND_bytes"); + + return 0; } static char *choose_encryption_key(void) @@ -464,7 +468,8 @@ static char *choose_encryption_key(void) unsigned char rand_bytes[DIGEST_LENGTH]; unsigned char digest[DIGEST_LENGTH]; - get_random_bytes(rand_bytes, sizeof(rand_bytes)); + if (!get_random_bytes(rand_bytes, sizeof(rand_bytes))) + ERROR("No entropy source found -- using uninitialized stack"); SHA256(rand_bytes, DIGEST_LENGTH, digest); debug_dump_hex("encryption key", digest, DIGEST_LENGTH); |