cryptohome: don't re-create the key in case of transient failures |
||||||||
Issue descriptionTpmInit::LoadOrCreateCryptohomeKey() is supposed to re-create the key only in case of non-transient failures when accessing the current key. However, it currently does so whenever TpmInit::LoadCryptohomeKey() returns false, which it also does for transient failures (such as communication failures, lockouts, etc).
,
Mar 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/5af5a923e26c4099fde71aae71fff8a1af49a9f3 commit 5af5a923e26c4099fde71aae71fff8a1af49a9f3 Author: Andrey Pronin <apronin@chromium.org> Date: Tue Mar 14 02:58:50 2017 cryptohome: fix transient error logic for tpm2 Use the same IsTransient() logic to determine if the retry action corresponds to a transient tpm error for TPM 2.0 case, as was used for TPM 1.2. IsTransient() is used to determine if a transient error occurred when loading the cryptohome key, so that loading just needs to be retried at a later time, instead of re-creating the key. Map tpm device write/read errors to CommFailure retry action, which is considered to be transient. BUG= chromium:699240 TEST=Unit tests (new added) Change-Id: I03ae89dec9a69a371edc2e0df700ec50f50c23fd Reviewed-on: https://chromium-review.googlesource.com/452729 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org> [modify] https://crrev.com/5af5a923e26c4099fde71aae71fff8a1af49a9f3/cryptohome/tpm2_test.cc [modify] https://crrev.com/5af5a923e26c4099fde71aae71fff8a1af49a9f3/cryptohome/tpm2_impl.cc
,
Mar 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/11d7e9e21859ad4802e24545004d90d4ac8c6ca6 commit 11d7e9e21859ad4802e24545004d90d4ac8c6ca6 Author: Andrey Pronin <apronin@chromium.org> Date: Tue Mar 14 02:58:50 2017 cryptohome: don't re-create the key on transient tpm errors If a transient error (e.g. tpm communication failure) occurs when loading the cryptohome key, cryptohomed now doesn't re-create the key. It just leaves the key unloaded, and it is attempted to load again next time Crypto::EnsureTpm is called. Without that, a single communication issue could trigger making homes for existing users unmountable, and losing local user data. Restores the behavior unintentionally modified by CL:261466. BUG= chromium:699240 TEST=1) Unit tests (new added). 2) Imitate transient comm error, verify that logging in succeeds once the error is gone, and local files in Downloads are left intact. Change-Id: I1657c5e546ada10ea81ca5de131695b8cb0df99a Reviewed-on: https://chromium-review.googlesource.com/452761 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-by: Ben Chan <benchan@chromium.org> [modify] https://crrev.com/11d7e9e21859ad4802e24545004d90d4ac8c6ca6/cryptohome/tpm_init.h [modify] https://crrev.com/11d7e9e21859ad4802e24545004d90d4ac8c6ca6/cryptohome/tpm_init_unittest.cc [modify] https://crrev.com/11d7e9e21859ad4802e24545004d90d4ac8c6ca6/cryptohome/tpm_init.cc
,
Mar 20 2017
,
Mar 20 2017
,
Mar 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/67d8b325813901fa91424a3d3181bb9156d939d7 commit 67d8b325813901fa91424a3d3181bb9156d939d7 Author: Andrey Pronin <apronin@chromium.org> Date: Mon Mar 20 18:01:05 2017 cryptohome: don't re-create the key on transient tpm errors If a transient error (e.g. tpm communication failure) occurs when loading the cryptohome key, cryptohomed now doesn't re-create the key. It just leaves the key unloaded, and it is attempted to load again next time Crypto::EnsureTpm is called. Without that, a single communication issue could trigger making homes for existing users unmountable, and losing local user data. Restores the behavior unintentionally modified by CL:261466. BUG= chromium:699240 TEST=1) Unit tests (new added). 2) Imitate transient comm error, verify that logging in succeeds once the error is gone, and local files in Downloads are left intact. Change-Id: I1657c5e546ada10ea81ca5de131695b8cb0df99a Reviewed-on: https://chromium-review.googlesource.com/452761 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-by: Ben Chan <benchan@chromium.org> (cherry picked from commit 11d7e9e21859ad4802e24545004d90d4ac8c6ca6) Reviewed-on: https://chromium-review.googlesource.com/456635 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/67d8b325813901fa91424a3d3181bb9156d939d7/cryptohome/tpm_init.h [modify] https://crrev.com/67d8b325813901fa91424a3d3181bb9156d939d7/cryptohome/tpm_init_unittest.cc [modify] https://crrev.com/67d8b325813901fa91424a3d3181bb9156d939d7/cryptohome/tpm_init.cc
,
Mar 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/67d8b325813901fa91424a3d3181bb9156d939d7 commit 67d8b325813901fa91424a3d3181bb9156d939d7 Author: Andrey Pronin <apronin@chromium.org> Date: Mon Mar 20 18:01:05 2017 cryptohome: don't re-create the key on transient tpm errors If a transient error (e.g. tpm communication failure) occurs when loading the cryptohome key, cryptohomed now doesn't re-create the key. It just leaves the key unloaded, and it is attempted to load again next time Crypto::EnsureTpm is called. Without that, a single communication issue could trigger making homes for existing users unmountable, and losing local user data. Restores the behavior unintentionally modified by CL:261466. BUG= chromium:699240 TEST=1) Unit tests (new added). 2) Imitate transient comm error, verify that logging in succeeds once the error is gone, and local files in Downloads are left intact. Change-Id: I1657c5e546ada10ea81ca5de131695b8cb0df99a Reviewed-on: https://chromium-review.googlesource.com/452761 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org> Reviewed-by: Ben Chan <benchan@chromium.org> (cherry picked from commit 11d7e9e21859ad4802e24545004d90d4ac8c6ca6) Reviewed-on: https://chromium-review.googlesource.com/456635 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/67d8b325813901fa91424a3d3181bb9156d939d7/cryptohome/tpm_init.h [modify] https://crrev.com/67d8b325813901fa91424a3d3181bb9156d939d7/cryptohome/tpm_init_unittest.cc [modify] https://crrev.com/67d8b325813901fa91424a3d3181bb9156d939d7/cryptohome/tpm_init.cc
,
Mar 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/6f2f9974fcf4d08964519f4280cc1dd671c30757 commit 6f2f9974fcf4d08964519f4280cc1dd671c30757 Author: Andrey Pronin <apronin@chromium.org> Date: Mon Mar 20 18:01:07 2017 cryptohome: fix transient error logic for tpm2 Use the same IsTransient() logic to determine if the retry action corresponds to a transient tpm error for TPM 2.0 case, as was used for TPM 1.2. IsTransient() is used to determine if a transient error occurred when loading the cryptohome key, so that loading just needs to be retried at a later time, instead of re-creating the key. Map tpm device write/read errors to CommFailure retry action, which is considered to be transient. BUG= chromium:699240 TEST=Unit tests (new added) Change-Id: I03ae89dec9a69a371edc2e0df700ec50f50c23fd Reviewed-on: https://chromium-review.googlesource.com/452729 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org> (cherry picked from commit 5af5a923e26c4099fde71aae71fff8a1af49a9f3) Reviewed-on: https://chromium-review.googlesource.com/457416 Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/6f2f9974fcf4d08964519f4280cc1dd671c30757/cryptohome/tpm2_test.cc [modify] https://crrev.com/6f2f9974fcf4d08964519f4280cc1dd671c30757/cryptohome/tpm2_impl.cc
,
Mar 23 2017
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by apronin@chromium.org
, Mar 8 2017