-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: Esys called in bad sequence #118
Comments
To add more information, we're using the following versions:
|
We have found the issue. Long story short: the threads are using the same context at the same time. The provider should protect the Esys operations or treat them as atomic operations. Let's take the random operations as an example. In the TSS function /* Check context, sequence correctness and set state to error for now */
if (esysContext == NULL) {
LOG_ERROR("esyscontext is NULL.");
return TSS2_ESYS_RC_BAD_REFERENCE;
}
r = iesys_check_sequence_async(esysContext);
if (r != TSS2_RC_SUCCESS)
return r;
esysContext->state = ESYS_STATE_INTERNALERROR; If the second thread starts its execution after the first one set this variable to ESYS_STATE_INTERNALERROR,
|
Hello,
We have encountered an issue in how the provider behaves when a process spawns two or more threads that access the TPM. In our case, this process was an Apache server that uses the TPM as a generator/storage for the private key. We have built the provider with debug mode enabled as well as activated the tpm2-tss traces.
Depending on the browser, this issue appears or not: with Firefox does not appear, but with Chrome/Edge does. This is because Firefox only sends one request, while Chrome/Edge send two (spawning three threads in the Apache process, one for key loading, and two for request processing).
You can see the logs in
chrome_logs.txt
. The flow would be as follows (In a general way. The order is not exactly like this always, as one thread could have started the TPM operations before the other one gets even started, but you get the point):This behaviour could also be observable in the signs operations. Seeing this, we thought that this could be a synchronization problem between the two threads accessing the TPM. This shouldn't be a problem, since the abrmd is a thing, but the daemon manages the access to the TPM at a process level (it uses the Dbus): it delegates the thread access to the developer.
In order to debug more, we tried to address the issue. We found some problems with the RAND operations order, so we ended up deactivating the rand operations in OpenSSL with the provider. We did as follows:
You can see the logs of this execution in
chrome_sign_mutex_logs.txt
. Now, the execution would go as follows (I will skip the rand generation since it is not being done in the TPM now):DIGEST_INIT
is done twice).SIGN DIGEST_SIGN estimate
is called, the mutex is freed once.SIGN DIGEST_SIGN
is done, the mutex is freed totally. Then, the other thread makes the same process.With this, the problem seems to be "solved", at least for the sign operations. We're looking into it more deeply, in order to make a better description of the problem, but some help may be useful.
Any suggestion is appreciated.
Thanks.
chrome_logs.txt
chrome_sign_mutex_logs.txt
The text was updated successfully, but these errors were encountered: