mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-07 18:31:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

feature/tpm: use withSRK to probe TPM availability (#17627)

Browse Source 
On some platforms e.g. ChromeOS the owner hierarchy might not always be
available to us. To avoid stale sealing exceptions later we probe to
confirm it's working rather than rely solely on family indicator status.

Updates #17622

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
This commit is contained in:
Patrick O'Doherty 2025-10-23 16:48:58 -07:00 committed by GitHub
parent 36ad24b20f
commit 672b1f0e76
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
feature/tpm/tpm.go
View File

@ -59,7 +59,22 @@ func tpmSupported() bool {
if hi == nil {
return false
}
return hi.FamilyIndicator == "2.0"
if hi.FamilyIndicator != "2.0" {
return false
}
tpm, err := open()
if err != nil {
return false
}
defer tpm.Close()
if err := withSRK(logger.Discard, tpm, func(srk tpm2.AuthHandle) error {
return nil
}); err != nil {
return false
}
return true
}
var verboseTPM = envknob.RegisterBool("TS_DEBUG_TPM")

12
feature/tpm/tpm_test.go
View File

@ -146,6 +146,18 @@ func BenchmarkInfo(b *testing.B) {
b.StopTimer()
}
func BenchmarkTPMSupported(b *testing.B) {
b.StopTimer()
skipWithoutTPM(b)
b.StartTimer()
for i := 0; i < b.N; i++ {
if !tpmSupported() {
b.Fatalf("tpmSupported returned false")
}
}
b.StopTimer()
}
func BenchmarkStore(b *testing.B) {
skipWithoutTPM(b)
b.StopTimer()