This series of patches resolves an issue with a TPM 2's dictionary attack lockout logic being triggered upon well-timed VM resets. Normally, the OS TPM driver sends a TPM2_Shutdown to the TPM 2 upon reboot and before a VM is reset. However, the OS driver cannot do this when the user resets a VM. In this case QEMU must send the command because otherwise several well- timed VM resets will trigger the TPM 2's dictionary attack (DA) logic and it will then refuse to do certain key-related operations until the DA logic has timed out.
Regards, Stefan Stefan Berger (2): backends/tpm: Record the last command sent to the TPM backends/tpm: Send TPM2_Shutdown upon VM reset backends/tpm/tpm_emulator.c | 44 +++++++++++++++++++++++++++++++++++++ backends/tpm/tpm_int.h | 3 +++ backends/tpm/tpm_util.c | 9 ++++++++ backends/tpm/trace-events | 1 + include/sysemu/tpm_util.h | 3 +++ 5 files changed, 60 insertions(+) -- 2.35.3
