From 26f9b50247c9ba82ee33e4ae3acb5a107424c3a4 Mon Sep 17 00:00:00 2001
From: Andrew Lytvynov <awly@tailscale.com>
Date: Mon, 17 Nov 2025 14:42:15 -0800
Subject: [PATCH] feature/tpm: disable dictionary attack protection on sealing
 key (#17952)

DA protection is not super helpful because we don't set an authorization
password on the key. But if authorization fails for other reasons (like
TPM being reset), we will eventually cause DA lockout with tailscaled
trying to load the key. DA lockout then leads to (1) issues for other
processes using the TPM and (2) the underlying authorization error being
masked in logs.

Updates #17654

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
---
 feature/tpm/attestation.go | 10 ++++++----
 feature/tpm/tpm.go         |  3 +++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/feature/tpm/attestation.go b/feature/tpm/attestation.go
index 49b80ade1..197a8d6b8 100644
--- a/feature/tpm/attestation.go
+++ b/feature/tpm/attestation.go
@@ -59,10 +59,12 @@ func newAttestationKey() (ak *attestationKey, retErr error) {
 						SensitiveDataOrigin: true,
 						UserWithAuth:        true,
 						AdminWithPolicy:     true,
-						NoDA:                true,
-						FixedTPM:            true,
-						FixedParent:         true,
-						SignEncrypt:         true,
+						// We don't set an authorization policy on this key, so
+						// DA isn't helpful.
+						NoDA:        true,
+						FixedTPM:    true,
+						FixedParent: true,
+						SignEncrypt: true,
 					},
 					Parameters: tpm2.NewTPMUPublicParms(
 						tpm2.TPMAlgECC,
diff --git a/feature/tpm/tpm.go b/feature/tpm/tpm.go
index 7cbdec088..8df269b95 100644
--- a/feature/tpm/tpm.go
+++ b/feature/tpm/tpm.go
@@ -414,6 +414,9 @@ func tpmSeal(logf logger.Logf, data []byte) (*tpmSealedData, error) {
 					FixedTPM:     true,
 					FixedParent:  true,
 					UserWithAuth: true,
+					// We don't set an authorization policy on this key, so DA
+					// isn't helpful.
+					NoDA: true,
 				},
 			}),
 		}