Issue 701151 link

Starred by 2 users

Issue metadata

Status:	Assigned
Owner:	igorcov@chromium.org
Cc:	apronin@chromium.org
Components:	Enterprise>Enrollment OS>Systems>Security
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug

Investigate possibility of failure to verify install attributes

Project Member Reported by tnagel@chromium.org, Mar 13 2017

Issue description

apronin has pointed out that devices get into an undefined state when the TPM gets cleared but the disk is not cleared.  We should investigate whether that's happening in the wild.  Do we have UMA?  If not, it might make sense to instrument InstallAttributes::SetIsInvalid() (or one of its callers) to see how often install attributes fail to be verified.

https://cs.corp.google.com/chromeos_public/src/platform2/cryptohome/install_attributes.cc?sq=p:chromeos_public&dr=CSs&l=70

Comment 1 by apronin@chromium.org, Mar 13 2017

Just to be clear, it happened in practice for pre-production devices. But in that case it was planned: the tpm nvram was deliberately cleared as a part of the update process. Shouldn't happen in the wild (unless there are bugs in tpm firmware or some electric glitches, of course). Still, if it does happen, that'd be good to know.

Comment 2 by apronin@chromium.org, Oct 12

Components: OS>Systems>Security

Comment 3 by louiscollard@chromium.org, Dec 10

Do we still want this?

►

Issue 701151 link

Issue metadata

Investigate possibility of failure to verify install attributes

Issue description

Comment 1 by apronin@chromium.org, Mar 13 2017

Comment 1 Deleted

Comment 2 by apronin@chromium.org, Oct 12

Comment 2 Deleted

Comment 3 by louiscollard@chromium.org, Dec 10

Comment 3 Deleted

Sign in to add a comment