mlockall() before calling the TPM

2025-04-11 09:30:02 +03:00 · 2024-05-31 17:58:42 +02:00 · 2024-05-31 17:58:42 +02:00 · d6a2d4683d
commit d6a2d4683d
parent dcf545a6f6
2 changed files with 7 additions and 0 deletions
--- a/src/tpm1x.hpp
+++ b/src/tpm1x.hpp
@ -9,6 +9,7 @@
 #include "main.hpp"

 #include <stdlib.h>
+#include <sys/mman.h>

 #include <tss/platform.h>
 #include <tss/tspi.h>
@ -29,6 +30,9 @@ static const constexpr uint8_t parent_key_secret[TPM_SHA1_160_HASH_LEN]{0xCE, 0x

 template <class F>
 int with_tpm1x_session(F && func) {
+	mlockall(MCL_CURRENT | MCL_FUTURE);
+
+
 	TSS_HCONTEXT ctx{};  // All memory lives as long as this does
 	TRY_TPM1X("create TPM context", Tspi_Context_Create(&ctx));

--- a/src/tpm2.hpp
+++ b/src/tpm2.hpp
@ -9,6 +9,7 @@
 #include <tss2/tss2_common.h>
 #include <tss2/tss2_esys.h>
 #include <tss2/tss2_rc.h>
+#include <sys/mman.h>


 #define TRY_TPM2(what, ...) TRY_GENERIC(what, , != TPM2_RC_SUCCESS, _try_ret, __LINE__, Tss2_RC_Decode, __VA_ARGS__)
@ -20,6 +21,8 @@ static const constexpr TPMT_SYM_DEF tpm2_session_key{.algorithm = TPM2_ALG_AES,

 template <class F>
 int with_tpm2_session(F && func) {
+	mlockall(MCL_CURRENT | MCL_FUTURE);
+
 	// https://trustedcomputinggroup.org/wp-content/uploads/TSS_ESAPI_v1p00_r05_pubrev.pdf
 	// mainly "3.4. The ESAPI Session" and "3.5. ESAPI Use Model"
 	// https://tpm2-tss.readthedocs.io/en/latest/group___e_s_y_s___c_o_n_t_e_x_t.html