feature/tpm: protect all TPM handle operations with a mutex (#17708) - tailscale - The easiest, most secure way to use WireGuard and 2FA

diff options

author	Andrew Lytvynov <awly@tailscale.com>	2025-10-30 10:32:30 -0700
committer	GitHub <noreply@github.com>	2025-10-30 10:32:30 -0700
commit	f522b9dbb77bc82be6fc46cacc94148f3bafdf66 (patch)
tree	9685d2abdec9c98782508f2345d86bdef0943d0e /control/controlhttp/controlhttpserver/controlhttpserver.go
parent	b6c6960e40a79bc8869b004edc7d17df06a46dec (diff)
download	tailscale-f522b9dbb77bc82be6fc46cacc94148f3bafdf66.tar.xz tailscale-f522b9dbb77bc82be6fc46cacc94148f3bafdf66.zip

feature/tpm: protect all TPM handle operations with a mutex (#17708)

In particular on Windows, the `transport.TPMCloser` we get is not safe for concurrent use. This is especially noticeable because `tpm.attestationKey.Clone` uses the same open handle as the original key. So wrap the operations on ak.tpm with a mutex and make a deep copy with a new connection in Clone. Updates #15830 Updates #17662 Updates #17644 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>

Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: