On 5/6/21 9:59 AM, Jason Andryuk wrote:
> Remove our key so it isn't left in the TPM for someone to come along
> after vtpmmgr shutsdown.
>
> Signed-off-by: Jason Andryuk <jandr...@gmail.com>
> Reviewed-by: Samuel Thibault <samuel.thiba...@ens-lyon.org>
> ---
Reviewed-by: Daniel P. Smith <dpsm...@apertussolutions.com>
> stubdom/vtpmmgr/init.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
> index decf8e8b4d..56b4be85b3 100644
> --- a/stubdom/vtpmmgr/init.c
> +++ b/stubdom/vtpmmgr/init.c
> @@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void)
> /* Close tpmback */
> shutdown_tpmback();
>
> + if (hw_is_tpm2()) {
> + /* Blow away all stale handles left in the tpm*/
> + if (flush_tpm2() != TPM_SUCCESS) {
> + vtpmlogerror(VTPM_LOG_TPM,
> + "TPM2_FlushResources failed, continuing
> shutdown..\n");
> + }
> + }
> +
> /* Close tpmfront/tpm_tis */
> close(vtpm_globals.tpm_fd);
>
>
