On 5/6/21 9:59 AM, Jason Andryuk wrote: > Remove our key so it isn't left in the TPM for someone to come along > after vtpmmgr shutsdown. > > Signed-off-by: Jason Andryuk <jandr...@gmail.com> > Reviewed-by: Samuel Thibault <samuel.thiba...@ens-lyon.org> > ---
Reviewed-by: Daniel P. Smith <dpsm...@apertussolutions.com> > stubdom/vtpmmgr/init.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c > index decf8e8b4d..56b4be85b3 100644 > --- a/stubdom/vtpmmgr/init.c > +++ b/stubdom/vtpmmgr/init.c > @@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void) > /* Close tpmback */ > shutdown_tpmback(); > > + if (hw_is_tpm2()) { > + /* Blow away all stale handles left in the tpm*/ > + if (flush_tpm2() != TPM_SUCCESS) { > + vtpmlogerror(VTPM_LOG_TPM, > + "TPM2_FlushResources failed, continuing > shutdown..\n"); > + } > + } > + > /* Close tpmfront/tpm_tis */ > close(vtpm_globals.tpm_fd); > >