Bugfix: Fix TPM auth retry, counter error handling, and NV error surfacing#2099
Open
tlaurion wants to merge 1 commit intolinuxboot:masterfrom
Open
Bugfix: Fix TPM auth retry, counter error handling, and NV error surfacing#2099tlaurion wants to merge 1 commit intolinuxboot:masterfrom
tlaurion wants to merge 1 commit intolinuxboot:masterfrom
Conversation
tlaurion
changed the title
There was a problem hiding this comment.
Pull request overview
This PR addresses TPM regressions introduced in PR #2068 by reworking TPM counter creation/increment error handling and auth retry behavior, and updating GUI flows/docs to surface TPM reset-required states more clearly.
Changes:
- Add shared TPM auth-retry helper logic and refactor TPM1/TPM2 counter operations in
tpmr.sh. - Improve rollback counter creation/increment handling and propagate TPM “out of resources (0x15)” into a
tpm_reset_requiredmarker + targeted UX. - Update GUI flows and documentation to support “Reset the TPM” gate-bypass patterns and clearer recovery guidance.
Reviewed changes
Copilot reviewed 4 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| initrd/etc/gui_functions.sh | Exit integrity investigation loop when update_checksums triggers tpm_reset_required. |
| initrd/etc/functions.sh | Detect TPM 0x15 on counter_create and adjust TPM counter increment plumbing. |
| initrd/bin/tpmr.sh | Introduce _tpm_auth_retry, refactor TPM counter ops, and surface TPM1 stdout quirks. |
| initrd/bin/gui-init.sh | Improve UX around checksum update failure and gate bypass for TPM reset; verify TPM reset result. |
| doc/ux-patterns.md | Document the reset gate-bypass UX pattern. |
| doc/tpm.md | Document 0x15 recovery behavior and TPM1 stdout behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tlaurion
force-pushed
the
bugfix-tpm_increment_on_seal
branch
from
35fa6b0 to
d76d01c
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
initrd/etc/functions.sh:1901
- The comment above the counter_increment pipeline says stdout is captured “while still letting stdout appear on the console”, but the current pipeline ends with
tee /tmp/counter-... >/dev/null, which discards stdout from the console entirely. Either update the comment to match the behavior, or adjust the pipeline if the intent really is to keep stdout visible to the user.
# Try to increment the counter. We normally hide the verbose
# output of tpmr.sh commands to avoid overwhelming the console, but we
# must *not* swallow any interactive prompts. The previous implementation
# redirected the entire `tpmr.sh counter_create` invocation to a file and
# /dev/null, which meant that when the counter was missing the password
# prompt could not be seen by the user even though tpmr.sh printed it to the
# controlling terminal. Instead, capture just the stdout in a temporary
# file while still letting stdout appear on the console (and logging
# stderr to debug log).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tlaurion
force-pushed
the
bugfix-tpm_increment_on_seal
branch
from
d76d01c to
9241c16
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
initrd/etc/functions.sh:1901
- The comment above the counter increment pipeline says stdout is captured “while still letting stdout appear on the console”, but the actual pipeline sends stdout into
tee ... >/dev/null, which suppresses console output. Either adjust the redirection to match the comment (if console output is desired) or update the comment to reflect that stdout is intentionally hidden and only logged/stored.
# Try to increment the counter. We normally hide the verbose
# output of tpmr.sh commands to avoid overwhelming the console, but we
# must *not* swallow any interactive prompts. The previous implementation
# redirected the entire `tpmr.sh counter_create` invocation to a file and
# /dev/null, which meant that when the counter was missing the password
# prompt could not be seen by the user even though tpmr.sh printed it to the
# controlling terminal. Instead, capture just the stdout in a temporary
# file while still letting stdout appear on the console (and logging
# stderr to debug log).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
tlaurion
force-pushed
the
bugfix-tpm_increment_on_seal
branch
from
9241c16 to
a88ee0e
Compare
4 tasks
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…acing This commit fixes regressions introduced by PR linuxboot#2068, merged to origin/master on 2026-04-07. Regressions fixed (present in origin/master post-PR linuxboot#2068): - No "out of resources" (0x15) TPM counter error detection - TPM2 counter increment had no auth retry on wrong passphrase - TPM1 counter increment had no error handling - tpm1_seal silenced NV define/write errors - Duplicate TPM1/TPM2 retry loops (~100 lines of redundant code) - counter_present dead code (now fixed with counter_read check) - Comment mismatch (stdout vs console) now fixed - set -e issue in check_tpm_counter (wrapped in subshell) Fixes implemented: - Add shared _tpm_auth_retry helper for TPM1/TPM2 - check_tpm_counter only triggers tpm_reset_required on 0x15 errors - tpm1_seal surfaces NV errors with retry loop - Simplify reset_tpm to verify tpmr.sh reset exit code Copilot review fixes: - Fix counter_present dead code: add counter_read check - Fix doc references: tpmr -> tpmr.sh for consistency - Fix comment at line 1901: stdout goes to /dev/null via tee - Wrap tpmr.sh counter_create in subshell for set -e compatibility Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
force-pushed
the
bugfix-tpm_increment_on_seal
branch
from
a88ee0e to
73b1916
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 4 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Collaborator
Author
|
Wating for +1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes regressions introduced by PR #2068, merged to origin/master on 2026-04-07.
Regressions fixed (present in origin/master post-PR #2068):
Fixes implemented:
Copilot review fixes:
Docs: unify script name references
Testing: Verified with tlaurion-bugfix-tpm_increment_on_seal-seal.log and tlaurion-bugfix-tpm_increment_on_seal-review.log — no regressions, counter increments succeed, no TPM reset required.