awful TPM fix

Posted Jan 28, 2026 11:02 UTC (Wed) by dd9jn (✭ supporter ✭, #4459)
In reply to: awful TPM fix by johill
Parent article: A critical GnuPG security update

> the TPM fix still seems awful to me.

I agree but it is the best solution we could do with less risk of a regression. The whole TPM API is a total mess and worse, there are actually two implementations (IBM and Intel) we need to support. Fortunately, exploiting the bug needs access to the local socket and if you have this access it is anyway game-over.

I also wonder why the static analyzers didn't find that bug or at least the even more obvious one from 1999 in armor.c (T7906) which has actually seen several Coverity runs.

to post comments

Why are TPMs so hard?

Posted Jan 31, 2026 3:13 UTC (Sat) by DemiMarie (subscriber, #164188) [Link] (1 responses)

What makes TPMs so hard to use? Is it that the underlying hardware is complex of necessity?

Why are TPMs so hard?

Posted Feb 2, 2026 14:00 UTC (Mon) by johill (subscriber, #25196) [Link]

It looks to me more like the libraries are a mess, you have to use two different ones, and they don't have the same APIs even though the API was kind of meant to be speced?

But the argument is a bit besides the point - I gave two lines that I'm pretty sure (only checked one of the two cases for exact bytes count) do an equivalent check without an ifdef maze...