diff options
author | Kees Cook <keescook@chromium.org> | 2012-12-10 12:34:23 -0800 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-12-18 14:51:29 -0800 |
commit | 90f78d22612f6255b174f21b0016d29c3805c721 (patch) | |
tree | 4a3c01866f8d065000504f27097e27f7a7ee0ee9 | |
parent | 699ebf398f84bb0a6138856c38db1d693e581f85 (diff) | |
download | vboot-90f78d22612f6255b174f21b0016d29c3805c721.tar.gz |
mount-encrypted: finalize if keyfile missingtoolchain-3428.65.B
If a system key is available (could read TPM NVRAM), but the "finalization
needed" file exists, it means that we are in the situation where either
cryptohome was interrupted, or the TPM was temporarily unavailable at an
earlier boot. In this case, it is up to mount-encrypted to perform the
finalization. Before, we were making the very bad assumption that the
keyfile was valid if a system key was found, meaning we would delete the
"finalization needed" file, leaving us with no way to find the encryption
key leading to an OOBE on the next boot.
BUG=chrome-os-partner:15960
TEST=daisy build, manual testing
BRANCH=None
Change-Id: Ifb6d74d8a38100e00d9a4597c25a71a6c33f806c
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/39883
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
-rw-r--r-- | utility/mount-encrypted.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c index d453b6b0..a97db0c3 100644 --- a/utility/mount-encrypted.c +++ b/utility/mount-encrypted.c @@ -749,6 +749,7 @@ static int setup_encrypted(int mode) int sparsefd; struct statvfs stateful_statbuf; uint64_t blocks_min, blocks_max; + int valid_keyfile = 0; /* Use the "system key" to decrypt the "encryption key" stored in * the stateful partition. @@ -766,6 +767,7 @@ static int setup_encrypted(int mode) * so migration is finished. */ migrate_allowed = 0; + valid_keyfile = 1; } else { uint8_t useless_key[DIGEST_LENGTH]; sha256((char *)kStaticKeyFinalizationNeeded, useless_key); @@ -976,11 +978,16 @@ static int setup_encrypted(int mode) needs_finalization(encryption_key); } else { /* If we're not rebuilding and we have a sane system - * key, then we must have finalized. Force any required - * clean up. + * key, then we must either need finalization (if we + * failed to finalize in Cryptohome), or we have already + * finalized, but maybe failed to clean up. */ - if (has_system_key) - finalized(); + if (has_system_key) { + if (!valid_keyfile) + finalize(system_key, encryption_key); + else + finalized(); + } } free(lodev); |