mirror of
https://github.com/siderolabs/talos.git
synced 2025-09-29 09:41:12 +02:00
ac140324eb
When extending PCR or trying to seed entropy pool from TPM if the found device is a TPM1.2 device, skip it, since Talos only supports TPM2.0 Fixes: #10847 Signed-off-by: Noel Georgi <git@frezbo.dev>
66 lines
1.4 KiB
Go
66 lines
1.4 KiB
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package qemu
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/hashicorp/go-multierror"
|
|
|
|
"github.com/siderolabs/talos/pkg/provision"
|
|
"github.com/siderolabs/talos/pkg/provision/providers/vm"
|
|
)
|
|
|
|
func (p *provisioner) createVirtualTPMState(state *vm.State, nodeName string, tpm2Enabled bool) (tpmConfig, error) {
|
|
tpmStateDir := state.GetRelativePath(fmt.Sprintf("%s-tpm", nodeName))
|
|
|
|
if err := os.MkdirAll(tpmStateDir, 0o755); err != nil {
|
|
return tpmConfig{}, err
|
|
}
|
|
|
|
return tpmConfig{
|
|
NodeName: nodeName,
|
|
StateDir: tpmStateDir,
|
|
|
|
TPM2: tpm2Enabled,
|
|
}, nil
|
|
}
|
|
|
|
func (p *provisioner) destroyVirtualTPMs(cluster provision.ClusterInfo) error {
|
|
errCh := make(chan error)
|
|
|
|
nodes := append([]provision.NodeInfo{}, cluster.Nodes...)
|
|
|
|
for _, node := range nodes {
|
|
if node.TPMStateDir == "" {
|
|
continue
|
|
}
|
|
|
|
tpm2PidPath := filepath.Join(node.TPMStateDir, "swtpm.pid")
|
|
|
|
go func() {
|
|
errCh <- p.destroyVirtualTPM(tpm2PidPath)
|
|
}()
|
|
}
|
|
|
|
var multiErr *multierror.Error
|
|
|
|
for _, node := range nodes {
|
|
if node.TPMStateDir == "" {
|
|
continue
|
|
}
|
|
|
|
multiErr = multierror.Append(multiErr, <-errCh)
|
|
}
|
|
|
|
return multiErr.ErrorOrNil()
|
|
}
|
|
|
|
func (p *provisioner) destroyVirtualTPM(pid string) error {
|
|
return vm.StopProcessByPidfile(pid)
|
|
}
|