Andrew Lytvynov 26f9b50247

feature/tpm: disable dictionary attack protection on sealing key (#17952) ...

DA protection is not super helpful because we don't set an authorization
password on the key. But if authorization fails for other reasons (like
TPM being reset), we will eventually cause DA lockout with tailscaled
trying to load the key. DA lockout then leads to (1) issues for other
processes using the TPM and (2) the underlying authorization error being
masked in logs.

Updates #17654

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>

2025-11-17 14:42:15 -08:00

..

attestation_test.go

feature/tpm: protect all TPM handle operations with a mutex (#17708)

2025-10-30 10:32:30 -07:00

attestation.go

feature/tpm: disable dictionary attack protection on sealing key (#17952)

2025-11-17 14:42:15 -08:00

tpm_linux.go

feature/tpm: try opening /dev/tpmrm0 before /tmp/tpm0 on Linux (#16600)

2025-07-18 10:17:40 -07:00

tpm_other.go

feature/tpm: implement ipn.StateStore using TPM sealing (#16030)

2025-06-18 14:17:12 -07:00

tpm_test.go

feature/tpm: use withSRK to probe TPM availability (#17627)

2025-10-23 16:48:58 -07:00

tpm_windows.go

feature/tpm: implement ipn.StateStore using TPM sealing (#16030)

2025-06-18 14:17:12 -07:00

tpm.go

feature/tpm: disable dictionary attack protection on sealing key (#17952)

2025-11-17 14:42:15 -08:00