New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 849603 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
apronin@chromium.org
shchen@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug


Participants' hotlists:
Cros-Hwsec-Ready


Sign in to add a comment

Recovery should handle hosed TPM gracefully

Project Member Reported by mnissler@chromium.org, Jun 5 2018 
To repro, run recovery image on a device with a failed TPM (to simulate, disable the TPM driver in the kernel so /dev/tpm0 doesn't exist).

The device hangs on a blank screen. The expected behavior would be to at least show an error and dump logs to the stateful partition on the recovery medium.

Comment 1 by apronin@chromium.org, Jun 6 2018

Cc: shchen@chromium.org
Note that the behavior changed as a result of https://crrev.com/c/437592. So, pre-M58 recovery images behave differently and leave logs in this case.

Now we attempt to lock the tpm first thing during recovery boot (for good reasons), before even frecon and the logs are set up. Thus, if it fails, we get no logs/console messages.

TPM lockouts (that temporarily lead to lock_tpm failures) do happen in practice occasionally, so having some output in such cases is useful for diagnostics.

Comment 2 by apronin@chromium.org, Oct 12

Components: OS>Systems>Security

Comment 3 by apronin@chromium.org, Nov 2

Labels: Cros-Hwsec-Ready

Sign in to add a comment