New issue
Advanced search Search tips

Issue 885346 link

Starred by 3 users
Status: Duplicate
Owner:
poromov@chromium.org
Closed: Sep 19
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

TPM errors and failures across multiple platforms in kiosk mode

Reported by josh@arreya.com, Sep 18 
UserAgent: Mozilla/5.0 (X11; CrOS x86_64 10718.88.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.118 Safari/537.36

Steps to reproduce the problem:
1. 
2. 
3. 

What is the expected behavior?

What went wrong?
We are seeing logs with lots of TPM errors and failures, mostly TPM error 0x1 TPM failure 0x803. Error has occurred on multiple different platforms: mickey, kitty, panther. So far the error seems benign and not affecting our kiosk application, however logs do indicate kiosk launch failure.

We haven't noticed the errors outside of kiosk mode.

Interesting log entries:

2018-09-18T11:27:06.137328-04:00 ERR cryptohomed[807]: message repeated 5 times: [ TPM error 0x1  [Reason: ALERT!!:TPM error 0x1]    [Reason: info:TPM error codes] (Authentication failed): GetEndorsementPublicKey: Failed to get key.]
2018-09-18T11:27:10.985457-04:00 ERR cryptohomed[807]: TPM error 0x803   [Reason: ALERT!!:TPM failure 0x803]   [Reason: info:TPM error codes] (TPM is defending against dictionary attacks and is in some time-out period): GetEndorsementPublicKey: Failed to get key.

[719:719:0918/112724.240220:ERROR:auth_status_consumer.h(95)] NOTREACHED() hit.  [Reason: info:NOTREACHED()] 
[719:719:0918/112724.240293:ERROR:device_event_log_impl.cc(159)] [11:27:24.240] Login: cryptohome_authenticator.cc:725 Login failed: 
[719:719:0918/112724.240371:ERROR:login_performer.cc(63)] Login failure, reason=0, error.state=0
[719:719:0918/112724.240414:ERROR:kiosk_profile_loader.cc(202)] NOTREACHED() hit.  [Reason: info:NOTREACHED()] 
[719:719:0918/112724.240458:ERROR:auth_status_consumer.h(95)] NOTREACHED() hit.  [Reason: info:NOTREACHED()] 
[719:719:0918/112724.240445:ERROR:kiosk_profile_loader.cc(188)] Kiosk auth failure: error=
[719:719:0918/112724.240674:ERROR:kiosk_profile_loader.cc(50)] NOTREACHED() hit.  [Reason: info:NOTREACHED()] 
[719:719:0918/112724.240732:ERROR:app_launch_controller.cc(526)] Kiosk launch failed, error=4

Did this work before? N/A 

Chrome version: 68.0.3440.118  Channel: n/a
OS Version: 
Flash Version:
mickey_tpm_domain1.zip
360 KB Download
mickey_tpm_domain2.zip
122 KB Download
kitty_tpm_domain3.zip
508 KB Download
panther_tpm.zip
496 KB Download

Comment 1 by atwilson@chromium.org, Sep 19

Owner: poromov@chromium.org
TPM errors are due to crbug.com/867724.

I don't *think* it should impact kiosk mode functionality, but +poromov to look at the code to see why those NOTREACHED() are being hit.

Comment 2 by atwilson@chromium.org, Sep 19

Mergedinto: 867724
Status: Duplicate (was: Unconfirmed)
Actually, this is a dupe of 867724 - we are preparing comms to our customers around how to address this.

Short version is there was a bug that put the TPM into lockdown mode, making kiosk data inaccessible. This bug has been fixed, but devices that are in lockdown may need some action (like leaving them idle for 24 hours) to restore them to normal function. 

Apologies for this problem - understood that it's fairly catastrophic and we're urgently working to get clear guidance out to admins and users. Please follow along on the main bug (crbug.com/867724).

Comment 3 by josh@arreya.com, Sep 19 

Thank you for the prompt response, apologies for the duplicate report, we didn't see crbug.com/867724 since it's a private issue.

Comment 4 by josh@arreya.com, Sep 19 

atwilson@ Since we don't have visibility on that issue, is there a version number/timeframe we can look for where the issue started occurring?
Project Member

Comment 5 by bugdroid1@chromium.org, Sep 20 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/420e9a8276edbfa1b0a3434b26c589b4b4665a80

commit 420e9a8276edbfa1b0a3434b26c589b4b4665a80
Author: Sergey Poromov <poromov@chromium.org>
Date: Thu Sep 20 16:37:31 2018

Fix using |delayed_login_failure_| after free.

AuthFailure was remembered in OnAuthFailure() by a pointer and was
freed after that leading to strange failure reason on next read.
It was introduced 5 years ago in https://crrev.com/22900017

[719:719:0918/112724.240220:ERROR:auth_status_consumer.h(95)] NOTREACHED() hit.  [Reason: info:NOTREACHED()]
[719:719:0918/112724.240293:ERROR:device_event_log_impl.cc(159)] [11:27:24.240] Login: cryptohome_authenticator.cc:725 Login failed:
[719:719:0918/112724.240371:ERROR:login_performer.cc(63)] Login failure, reason=0, error.state=0
[719:719:0918/112724.240414:ERROR:kiosk_profile_loader.cc(202)] NOTREACHED() hit.  [Reason: info:NOTREACHED()]
[719:719:0918/112724.240458:ERROR:auth_status_consumer.h(95)] NOTREACHED() hit.  [Reason: info:NOTREACHED()]
[719:719:0918/112724.240445:ERROR:kiosk_profile_loader.cc(188)] Kiosk auth failure: error=
[719:719:0918/112724.240674:ERROR:kiosk_profile_loader.cc(50)] NOTREACHED() hit.  [Reason: info:NOTREACHED()]
[719:719:0918/112724.240732:ERROR:app_launch_controller.cc(526)] Kiosk launch failed, error=4

Bug:  885346 
Change-Id: I46ca3b3630aa42e25a25d9cfecb3a16e3c361b9f
Reviewed-on: https://chromium-review.googlesource.com/1236265
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Sergey Poromov <poromov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#592830}
[modify] https://crrev.com/420e9a8276edbfa1b0a3434b26c589b4b4665a80/chromeos/login/auth/cryptohome_authenticator.cc
[modify] https://crrev.com/420e9a8276edbfa1b0a3434b26c589b4b4665a80/chromeos/login/auth/cryptohome_authenticator.h

Sign in to add a comment