New issue
Advanced search Search tips

Issue 916304 link

Starred by 2 users
Status: Assigned
Owner:
menghuan@chromium.org
Cc:
louiscollard@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

cryptohome: GetPubKey fails for cryptohome key with TPM_AUTHFAIL

Project Member Reported by apronin@google.com, Dec 18 
[Spawned from comments on https://crrev.com/c/1373593]

This CQ run failed on links-paladin:

https://cros-goldeneye.corp.google.com/chromeos/healthmonitoring/buildDetails?buildbucketId=8926781719899460080

This is the GetPubKey command that fails for cryptohome key:
2018-12-18T19:44:41.479063+00:00 INFO kernel: [ 1805.022978] tpm_tis tpm_tis: command 0x21 (size 14) returned code 0x1

leading to 

2018-12-18T19:44:41.478407+00:00 ERR cryptohomed[1361]: TPM error 0x1 (Authentication failed): Error calling Tspi_Key_GetPubKey
2018-12-18T19:44:41.478567+00:00 ERR cryptohomed[1361]: TPM error 0x1 (Authentication failed): Retrying will not help.
2018-12-18T19:44:41.478615+00:00 ERR cryptohomed[1361]: Unable to get the cryptohome public key from the TPM.
2018-12-18T19:44:41.478710+00:00 ERR cryptohomed[1361]: TPM public key hash mismatch.
2018-12-18T19:44:41.478810+00:00 ERR cryptohomed[1361]: Failed to decrypt any keysets for 7a6f9dbd6f99e970770f420f7749a3e5c89959f2: mount error 2, crypto error 8

The last commands before that are
...
2018-12-18T19:44:40.357045+00:00 INFO kernel: [ 1803.901944] tpm_tis tpm_tis: command 0xa (size 10) returned code 0x0
2018-12-18T19:44:40.405062+00:00 INFO kernel: [ 1803.949875] tpm_tis tpm_tis: command 0x65 (size 42) returned code 0x0
2018-12-18T19:44:41.377067+00:00 INFO kernel: [ 1804.921162] tpm_tis tpm_tis: command 0x41 (size 618) returned code 0x0
2018-12-18T19:44:41.407069+00:00 INFO kernel: [ 1804.951045] tpm_tis tpm_tis: command 0xba (size 18) returned code 0x22
2018-12-18T19:44:41.449076+00:00 INFO kernel: [ 1804.993015] tpm_tis tpm_tis: command 0x65 (size 18) returned code 0x0

And the most interesting is LoadKey2 (0x41), which is seemingly done as a part of creating a new master key for the newly created user in chapsd:
2018-12-18T19:44:41.412821+00:00 INFO chapsd[1304]: Master key is ready for token at /home/root/c3364beb059d8d447d04132d2e15eb784c29e85e/chaps

The CL this bug is spawned from doesn't seem to be related.
I suspect that there's some race that (sometimes) leads to loading a different key in place of cryptohome key w/o cryptohomed noticing. And that issue is already in master.
It is worth investigating if that was a bad CL in this CQ run or a bug already on master.

Comment 1 by benhenry@google.com, Jan 11

Status: Assigned (was: Untriaged)
This issue has an owner, a component and a priority, but is still listed as untriaged or unconfirmed. By definition, this bug is triaged. Changing status to "assigned". Please reach out to me if you disagree with how I've done this.

Sign in to add a comment