fix: generate the provision key before loading the sign key#27
Merged
Conversation
On a TPM with the spec-minimum ~3 transient object slots (swtpm, Infineon SLB9670), fleet provisioning failed at the CSR-flow key generation with TPM_RC_OBJECT_MEMORY (0x902): tpm2-pkcs11 keeps a key loaded (cached) after use and only flushes it on C_DestroyObject, which never happens for a token key. Instrumentation (strace of the TPM command stream + a tpm2-pytss harness) showed the keygen's PKCS#11 connection can hold at most one cached child key alongside the sobject before TPM2_CreateLoaded runs out of slots. Because the authorizer signature (sign the clientId with the sign key) runs first on the same SunPKCS11 connection, the sign key is still cached when the provision key is generated, so CreateLoaded has no room. The kernel resource manager virtualises transient objects per connection, so the claim key on the separate aws-crt Pkcs11Lib connection is not involved. Fix: generate the provision key up front, while the connection is clean, before the sign key is loaded. No library change and no flush plumbing — the one object-creating operation runs when nothing else is cached.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fleet provisioning fails at the CSR-flow key generation on TPMs with the spec-minimum ~3 transient object slots (swtpm, Infineon SLB9670):
Root cause (measured, not guessed)
tpm2-pkcs11 keeps a key loaded (cached) after an operation and only flushes it on
C_DestroyObject— which never happens for a token key. Anstraceof the TPM command stream showsLoad; Signfor the sign key with no followingFlushContext, thenCreateLoadedfails.A
tpm2-pytssharness pinned it down exactly:CreateLoadedover (4 > 3);Pkcs11Libconnection is not the problem — it's the sign key, cached on the same SunPKCS11 connection that then runs keygen.Fix
Generate the provision key up front, while the SunPKCS11/TPM connection is clean, before the authorizer signature loads the sign key.
CreateLoadedthen runs with only the sobject loaded, well within budget. Every later step (sign, CSR sign) only loads keys (no create), so they stay within the 3-slot ceiling.No tpm2-pkcs11 change, no flush plumbing, no reliance on GC/finalize timing — just do the one object-creating operation when nothing else is cached.
Validation
To be confirmed on hardware/QEMU: after this change the strace should show the provision key's
CreateLoadedsucceeding early, and the signLoad; Signhappening afterwards within the 3-slot budget.