From 9a492fb26d7588b16fbce954dbed5eed9a74352d Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Tue, 19 May 2026 16:48:48 -0400
Subject: [PATCH] initrd: fix TPM1 counter auth regression and add DA lockout
 handling

  - tpm1_counter_increment: empty -pwdc '' bypasses _tpm_auth_retry and
    calls tpm directly per TCG spec. Non-empty passphrase or no -pwdc
    falls through to owner-auth retry path (migration for counters created
    by pre-fix code).
  - tpm1_bad_auth: emit STATUS when lockout detected or counter ID
    missing, instead of silent DEBUG-only return. STATUS deduplicated with
    marker file for loop safety. On lockout, queries da_state and shows
    remaining duration when available.
  - tpm1_da_state: convert raw hex firmware version (0x0D.0x0C) to
    human-readable decimal (13.12) in all output and log messages.
  - tpm1_da_state: when state=1 but timer is 0 or empty, print "duration
    unknown on this TPM" instead of misleading "0s remaining".
  - tpm1_da_state: declare rev_major_dec/rev_minor_dec as local variables
    and normalize variable names to match tpm2_da_state conventions.
  - tpm2_da_state: declare interval_hex, recovery_hex, interval, recovery
    as local variables (previously leaked into global scope).
  - da_state output in bad_auth: extract only the => summary line for
    STATUS on console and the DA: machine line for DEBUG in log. Avoids
    duplicate re-emission of diagnostic lines already logged internally.
  - tpm1_unseal: detect DA lockout from unseal failure output ("defend
    lock"), emit WARN, query da_state for remaining time, set marker file
    so callers show lockout-specific guidance instead of generic reseal.
  - gui-init.sh update_totp: when marker present, show DA-lockout-specific
    whiptail with TCG exponential backoff guidance instead of generic OEM
    reset message. Shows exact remaining time when da_state provides it.
  - unseal-totp.sh: check DA lockout marker and show lockout-specific
    fail_unseal message.
  - recovery shell: show concise DA state summary at STATUS (not INFO)
    level so it reaches console in Quiet mode.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
---
 doc/tpm.md                      | 130 ++++++++-
 initrd/bin/gui-init.sh          |  37 +++
 initrd/bin/oem-factory-reset.sh |   2 +-
 initrd/bin/tpm-reset.sh         |   9 +
 initrd/bin/tpmr.sh              | 457 ++++++++++++++++++++++++++++++--
 initrd/bin/unseal-totp.sh       |   6 +
 initrd/etc/functions.sh         | 133 ++++++++--
 7 files changed, 727 insertions(+), 47 deletions(-)

diff --git a/doc/tpm.md b/doc/tpm.md
index 90f7ec064..5421b0f6e 100644
--- a/doc/tpm.md
+++ b/doc/tpm.md
@@ -10,8 +10,35 @@ See also: [architecture.md](architecture.md), [boot-process.md](boot-process.md)
 ## tpmr — unified TPM abstraction
 
 `initrd/bin/tpmr.sh` is a shell script wrapper that presents a single interface
-over both TPM 1.2 (`tpm` / `trousers`) and TPM 2.0 (`tpm2-tools`). All Heads
-scripts call `tpmr.sh` rather than invoking `tpm` or `tpm2` directly.
+over both TPM 1.2 and TPM 2.0. All Heads scripts call `tpmr.sh` rather than
+invoking TPM tools directly.
+
+### Boot chain and TPM tool selection
+
+```text
+initrd/init  (PID 1)
+  └─ CONFIG_BOOTSCRIPT → /bin/gui-init.sh          [board config]
+       ├─ source /etc/functions.sh                   [shared TPM helpers]
+       ├─ source /etc/gui_functions.sh               [whiptail wrappers]
+       └─ calls initrd/bin/tpmr.sh                   [TPM abstraction]
+            ├─ TPM1: calls `tpm` (tpmtotp util/tpm)  [CONFIG_TPM2_TOOLS != y]
+            │          modules/tpmtotp → output: totp hotp qrenc util/tpm
+            │
+             └─ TPM2: calls `tpm2` (single binary, subcommands)  [CONFIG_TPM2_TOOLS=y]
+                        modules/tpm2-tss + modules/tpm2-tools
+```
+
+TPM1 support comes exclusively from the `tpmtotp` module (`modules/tpmtotp`),
+which builds `util/tpm` as part of its outputs. This binary is installed to
+the initrd as `tpm` and supports subcommands such as `physicalpresence`,
+`forceclear`, `takeown -pwdo`, `counter_create`, `counter_increment`, etc.
+
+TPM2 support comes from `modules/tpm2-tss` (TSS software stack) and
+`modules/tpm2-tools` (`tpm2` binary with subcommands like `getcap`,
+`nvdefine`, `nvincrement`).
+
+Both TPM1 and TPM2 boards may also enable `CONFIG_TPMTOTP=y` for the
+`totp` and `hotp` utilities, which are independent of the TPM version.
 
 ### PCR sizes
 
@@ -271,9 +298,11 @@ The rollback counter prevents **TPM swap attacks** and **/boot disk swap attacks
 
 ### How it works
 
-The counter is stored **in the TPM** (NVRAM index `0x3135106223`), ensuring
-hardware binding. A SHA-256 hash of the counter value is stored on **/boot**
-(`/boot/kexec_rollback.txt`). This creates a two-way binding:
+The counter value is stored **in the TPM** at a persistent NVRAM index
+(stored in `/boot/kexec_rollback.txt`; the index is a well-known value
+for TPM1 and randomly generated per TPM2 at provisioning time).  A SHA-256
+hash of the counter value is stored on **/boot** (`/boot/kexec_rollback.txt`).
+This creates a two-way binding:
 
 - Cannot swap TPM without breaking /boot consistency
 - Cannot swap /boot without breaking TPM consistency
@@ -398,3 +427,94 @@ To verify that a new board's coreboot config matches the expected RoT:
 | Auth sessions | Not used | Required for policy-based unseal |
 | `kexec_finalize` | No-op | Extends PCRs, then `tpm2 shutdown` |
 | `startsession` | No-op | Creates encryption session |
+
+### TPM1 auth retry and error detection
+
+`_tpm_auth_retry()` in `initrd/bin/tpmr.sh` provides shared retry logic for
+both TPM1 and TPM2 operations that need authorization. On auth failure
+(wrong passphrase), the passphrase cache is shredded and the user is
+re-prompted up to 3 times before giving up.
+
+Auth failure is detected by grepping the command output for known error
+patterns.  TPM1 (tpmtotp) errors go to stdout via `printf()` with
+`TPM_GetErrMsg()` strings.  TPM2 (tpm2-tools) errors go to stderr via
+`LOG_ERR()` and may include raw TPM response codes.
+
+| Pattern | Type | TPM version | Example error |
+| --- | --- | --- | --- |
+| `authorization|auth|bad|permission` | English words | TPM1+TPM2 | `TPM_AUTHFAIL`, `bad passphrase` |
+| `defend` | English word | TPM1 | `Defend lock running` |
+| `0x98e|0x149` | Hex codes | TPM2 | `TPM2_RC_AUTH_FAIL`, `TPM2_RC_NV_AUTHORIZATION` |
+
+### TPM1 reset defend lock
+
+`TPM_DEFEND_LOCK_RUNNING` (`tpm_error.h`: `TPM_BASE + TPM_NON_FATAL + 3`)
+is a standard TPM 1.2 error raised when the TPM's dictionary-attack
+protection is active. After too many failed authorization attempts, the
+TPM enters a time-out period and refuses all authorization operations --
+including `tpm takeown` even after a successful `tpm forceclear`
+(forceclear clears the owner but not the dictionary attack counter on
+some implementations, particularly Infineon TPMs).
+
+tpmtotp's `tpm takeown` outputs:
+```
+Error Defend lock running from TPM_TakeOwnership
+```
+
+`tpm1_reset()` in `initrd/bin/tpmr.sh` detects "defend lock" in the
+`takeown` output and attempts one recovery: cycling physical presence
+(`physicaldisable` / `physicalenable` / `physicalpresence` /
+`physicalsetdeactivated`) to re-assert PP before retrying `takeown`.
+This works on some chipsets where software presence was not properly
+honoured by the first `forceclear`.
+
+If PP cycling also fails, no software-based recovery is available.
+Further attempts (second forceclear, `TPM_ResetLockValue` with empty
+auth, sleep+retry) will not help.  Reset the TPM via `tpm-reset.sh` from
+the recovery shell to clear the DA state.
+
+### TPM1 physical presence
+
+TPM1.2 forceclear requires physical presence to be asserted. The
+`tpm1_reset()` function does this with `tpm physicalpresence -s` (software
+presence). On some platforms (e.g., Dell OptiPlex, some Infineon TPMs),
+software physical presence may not work — the TPM firmware only accepts
+hardware-asserted presence (GPIO set by BIOS). In that case, `forceclear`
+returns success but may not fully reset the TPM, or `takeown` may fail
+with unexpected errors.
+
+When software physical presence fails, the LOG shows:
+```
+tpm1_reset: unable to set physical presence
+```
+
+This is logged but not fatal — `tpm forceclear` is still attempted.
+If the TPM firmware ignores software physical presence, the reset fails
+and the user must use the platform's hardware TPM reset mechanism
+(typically a BIOS option or jumper).
+
+### TPM reset methods
+
+Heads has two TPM reset methods with different scope:
+
+**`tpm-reset.sh`** (CLI, recovery shell):
+- Prompts for new owner passphrase, calls `tpmr.sh reset`
+- TPM clear + re-ownership only
+- No counter creation, no /boot signing, no TOTP/HOTP generation
+- Intended for headless recovery or clearing a defend lock before running
+  the full GUI flow
+
+**`reset_tpm()`** (GUI, via Options -> TPM/TOTP/HOTP -> Reset the TPM in
+`initrd/bin/gui-init.sh`):
+- Prompts for new owner passphrase, calls `tpmr.sh reset`
+- Removes stale `/boot/kexec_rollback.txt` and `/boot/kexec_primhdl_hash.txt`
+- Creates new TPM rollback counter via `check_tpm_counter()`
+- Increments the new counter
+- Re-signs /boot with the GPG signing key
+- Generates new TOTP/HOTP secrets
+- Reseals TPM Disk Unlock Key (DUK) to LUKS
+- Regenerates TPM2 encrypted sessions
+
+After `tpm-reset.sh`, the TPM is cleared but the system is not fully
+provisioned — the user must complete the GUI `reset_tpm()` or OEM Factory
+Reset to restore counter, signing, and secrets.
diff --git a/initrd/bin/gui-init.sh b/initrd/bin/gui-init.sh
index fe026173c..32dfa586f 100755
--- a/initrd/bin/gui-init.sh
+++ b/initrd/bin/gui-init.sh
@@ -380,6 +380,42 @@ update_totp() {
 			DEBUG "TPM state at TOTP failure:"
 			DEBUG "$(pcrs)"
 
+			if [ -f /tmp/secret/tpm_da_lockout ]; then
+				rm -f /tmp/secret/tpm_da_lockout
+				da_lockout_msg=""
+				if [ -f /tmp/secret/tpm_da_lockout_msg ]; then
+					da_lockout_msg=$(cat /tmp/secret/tpm_da_lockout_msg)
+					rm -f /tmp/secret/tpm_da_lockout_msg
+				fi
+				totp_menu_text=$(
+					cat <<EOF
+ERROR: TPM dictionary attack lockout prevented TOTP unseal.
+
+Repeat bad TPM authentication attempts, typically from use of
+incorrect TPM owner passphrase during the current session,
+have triggered the TPM's dictionary attack defense mechanism.
+
+${da_lockout_msg:+TPM reports: $da_lockout_msg
+}TPM 1.2 lockout follows the TCG standard exponential backoff:
+  early failures unlock in seconds to minutes,
+  higher failure counts may take hours.
+  The counter resets 24h after the last failure.
+
+To recover:
+- Power off and wait for the lockout to expire.
+- Then reboot and the TPM will accept auth attempts again.
+- If the issue persists, reset the TPM from the menu below.
+
+How would you like to proceed?
+EOF
+				)
+				whiptail_error --title "ERROR: TPM Dictionary Attack Lockout" \
+					--menu "$totp_menu_text" 0 80 4 \
+					'p' ' Reset the TPM' \
+					'i' ' Ignore error and continue to main menu' \
+					'x' ' Exit to recovery shell' \
+					2>/tmp/whiptail || recovery "GUI menu failed"
+			else
 			totp_menu_text=$(
 				cat <<EOF
 ERROR: $CONFIG_BRAND_NAME couldn't generate the TOTP code.
@@ -405,6 +441,7 @@ EOF
 				'i' ' Ignore error and continue to main menu' \
 				'x' ' Exit to recovery shell' \
 				2>/tmp/whiptail || recovery "GUI menu failed"
+			fi
 
 			option=$(cat /tmp/whiptail)
 			case "$option" in
diff --git a/initrd/bin/oem-factory-reset.sh b/initrd/bin/oem-factory-reset.sh
index ece2f8f59..5dc315965 100755
--- a/initrd/bin/oem-factory-reset.sh
+++ b/initrd/bin/oem-factory-reset.sh
@@ -868,7 +868,7 @@ generate_checksums() {
 	if [ "$CONFIG_TPM" = "y" ]; then
 		if [ "$CONFIG_IGNORE_ROLLBACK" != "y" ]; then
 			tpmr.sh counter_create \
-				-pwdc "${TPM_PASS:-}" \
+				-pwdc '' \
 				-la -3135106223 |
 				tee /tmp/counter >/dev/null 2>&1 ||
 				whiptail_error_die "Unable to create TPM counter"
diff --git a/initrd/bin/tpm-reset.sh b/initrd/bin/tpm-reset.sh
index 047d49ef0..426012863 100755
--- a/initrd/bin/tpm-reset.sh
+++ b/initrd/bin/tpm-reset.sh
@@ -6,3 +6,12 @@ NOTE "This will erase all keys and secrets from the TPM"
 prompt_new_owner_password
 
 tpmr.sh reset "$tpm_owner_passphrase"
+
+# TODO: move the TPM reset + full reprovision flow (counter creation, /boot
+# signing, TOTP/HOTP generation, DUK reseal) from gui-init.sh's reset_tpm()
+# into a reusable function in functions.sh.  Then tpm-reset.sh and the GUI
+# reset_tpm() can both call the same code, eliminating the inconsistency
+# between CLI and GUI reset paths.
+
+NOTE "TPM cleared. The TPM rollback counter was destroyed. /boot/kexec_rollback.txt still references the old counter."
+NOTE "Restore full functionality from the GUI: Options -> TPM/TOTP/HOTP Options -> Reset the TPM"
diff --git a/initrd/bin/tpmr.sh b/initrd/bin/tpmr.sh
index 46f4581d8..6b4366fea 100755
--- a/initrd/bin/tpmr.sh
+++ b/initrd/bin/tpmr.sh
@@ -63,15 +63,16 @@ tpm2_password_hex() {
 # -a: Append to file.  Default is to overwrite.
 tpm2_pcrread() {
 	TRACE_FUNC
+	local append_mode
 	if [ "$1" = "-a" ]; then
-		APPEND=y
+		append_mode=y
 		shift
 	fi
 
 	index="$1"
 	file="$2"
 
-	if [ -z "$APPEND" ]; then
+	if [ -z "$append_mode" ]; then
 		# Don't append - truncate file now so real command always
 		# overwrites
 		true >"$file"
@@ -81,15 +82,16 @@ tpm2_pcrread() {
 }
 tpm1_pcrread() {
 	TRACE_FUNC
+	local append_mode
 	if [ "$1" = "-a" ]; then
-		APPEND=y
+		append_mode=y
 		shift
 	fi
 
 	index="$1"
 	file="$2"
 
-	if [ -z "$APPEND" ]; then
+	if [ -z "$append_mode" ]; then
 		# Don't append - truncate file now so real command always
 		# overwrites
 		true >"$file"
@@ -354,7 +356,7 @@ tpm2_counter_inc() {
 		rm -f "$tmp_err_file"
 		shred -n 10 -z -u /tmp/secret/tpm_owner_passphrase 2>/dev/null || true
 		DEBUG "tpm2_counter_inc attempt $attempt failed. Stderr: $tmp_err_content"
-		if ! echo "$tmp_err_content" | grep -qiE 'authorization|auth|bad|permission|0x98e|0x149'; then
+		if ! echo "$tmp_err_content" | grep -qiE 'authorization|auth|bad|permission|defend|0x98e|0x149'; then
 			DIE "Can't increment TPM counter for $index, access denied."
 		fi
 		WARN "Authentication failed, retrying..."
@@ -362,7 +364,7 @@ tpm2_counter_inc() {
 	DIE "Can't increment TPM counter for $index after 3 attempts, access denied."
 }
 
-# _tpm_auth_retry - Shared retry helper for TPM commands needing owner auth.
+# _tpm_auth_retry - Shared retry helper for TPM commands needing authorization.
 #
 # Handles both TPM1 (tpmtotp: errors to stdout, uses -pwdo/-pwdc flags)
 # and TPM2 (tpm2-tools: errors to stderr, uses -P parameter).
@@ -370,16 +372,26 @@ tpm2_counter_inc() {
 # Caching: prompt_tpm_owner_password reuses cached passphrase if available.
 # On auth failure the cache is shredded; next prompt will ask the user.
 #
+# Error stream selection:
+#   TPM1 (tpmtotp):   errors go to stdout via printf() — capture stdout+stderr
+#   TPM2 (tpm2-tools): errors go to stderr via LOG_ERR() — capture stderr only
+#
+# Auth detection grep patterns:
+#   English words  — TPM1 (TPM_GetErrMsg returns "Authentication failed...")
+#                  — TPM2 (tpm2-tools LOG_ERR returns "TPM2_RC_AUTH_FAIL...")
+#   defend         — TPM1 "Defend lock running" (TPM_DEFEND_LOCK_RUNNING)
+#   0x98e, 0x149  — TPM2 raw hex codes (TPM2_RC_AUTH_FAIL, TPM2_RC_NV_AUTHORIZATION)
+#
 # Usage: _tpm_auth_retry <label> <error_stream> <tpm_type> <pw_flag> <cmd...>
 #   <label>:        short name for debug (e.g. "counter_create")
-#   <error_stream>: "stdout" (TPM1) or "stderr" (TPM2)
+#   <error_stream>: "stdout" (TPM1: tpmtotp printf) or "stderr" (TPM2: tpm2-tools LOG_ERR)
 #   <tpm_type>:    "tpm1" or "tpm2"
 #   <pw_flag>:     passphrase flag for TPM1 (-pwdo or -pwdc), ignored for TPM2
 #   <cmd...>:       the tpm command and its non-auth arguments
 #
 # Exit codes:
 #   0: success
-#   1: non-auth error (e.g., "out of resources" 0x15) — caller should check
+#   1: non-auth error (e.g., TPM1 "out of resources" 0x15) — caller should check
 _tpm_auth_retry() {
 	local label="$1" error_stream="$2" tpm_type="$3" pw_flag="$4"
 	shift 4
@@ -417,7 +429,7 @@ _tpm_auth_retry() {
 		DEBUG "_tpm_auth_retry $label attempt $attempt failed: $out_content"
 		rm -f "$tmp_file"
 		shred -n 10 -z -u /tmp/secret/tpm_owner_passphrase 2>/dev/null || true
-		if echo "$out_content" | grep -qiE 'authorization|auth|bad|permission'; then
+		if echo "$out_content" | grep -qiE 'authorization|auth|bad|permission|defend|0x98e|0x149'; then
 			WARN "$label failed (bad passphrase?). Retrying..."
 		else
 			# Non-auth error (e.g., out of resources 0x15)
@@ -443,17 +455,35 @@ tpm1_counter_read() {
 
 # tpm1_counter_increment - Increment a TPM1 rollback counter.
 # Args: -ix <index> [ -pwdc <passphrase> ]
+#
+# Auth behaviour:
+#   -pwdc ''       : empty counter auth (SHA1 of ""), correct per TCG spec.
+#                    Calls tpm directly without retry — caller handles fallback.
+#   -pwdc <pass>   : owner passphrase auth via _tpm_auth_retry (migration).
+#   (no -pwdc)     : owner passphrase auth via _tpm_auth_retry (backward compat).
 tpm1_counter_increment() {
 	TRACE_FUNC
 	local counter_id=""
+	local pwdc_provided="n"
+	local pwdc_value=""
 	while [ $# -gt 0 ]; do
 		case "$1" in
 			-ix) counter_id="$2"; shift 2 ;;
-			-pwdc) shift 2 ;;  # passphrase handled by _tpm_auth_retry
+			-pwdc) pwdc_provided="y"; pwdc_value="$2"; shift 2 ;;
 			*) shift ;;
 		esac
 	done
-	_tpm_auth_retry "counter_increment" "stdout" "tpm1" "-pwdc" tpm counter_increment -ix "$counter_id"
+	if [ "$pwdc_provided" = "y" ] && [ -z "$pwdc_value" ]; then
+		# Empty counter auth per TCG spec: this is the normal counter
+		# increment (no secret). Bypass _tpm_auth_retry because the
+		# empty string is intentional, not a user input error.
+		# Use || return so set -e doesn't kill the script on DA failure.
+		DEBUG "tpm1_counter_increment: empty auth, calling tpm directly"
+		tpm counter_increment -ix "$counter_id" -pwdc '' || return $?
+	else
+		_tpm_auth_retry "counter_increment" "stdout" "tpm1" "-pwdc" \
+			tpm counter_increment -ix "$counter_id"
+	fi
 }
 
 tpm2_counter_create() {
@@ -627,7 +657,6 @@ tpm2_seal() {
 	while true; do
 		attempt=$((attempt + 1))
 		prompt_tpm_owner_password
-		tpm_owner_passphrase="$tpm_owner_passphrase"
 		tmp_err_file="$(mktemp)"
 		tpm2 evictcontrol -Q -C o -P "$(tpm2_password_hex "$tpm_owner_passphrase")" \
 			-c "$handle" 2>"$tmp_err_file" || true
@@ -641,7 +670,7 @@ tpm2_seal() {
 		rm -f "$tmp_err_file"
 		DEBUG "Failed attempt $attempt to write sealed secret to NVRAM from tpm2_seal. Stderr: $tmp_err_content"
 		shred -n 10 -z -u /tmp/secret/tpm_owner_passphrase 2>/dev/null || true
-		if echo "$tmp_err_content" | grep -qiE 'authorization|auth|bad|permission'; then
+		if echo "$tmp_err_content" | grep -qiE 'authorization|auth|bad|permission|defend|0x98e|0x149'; then
 			if [ "$attempt" -ge 3 ]; then
 				DIE "Unable to write sealed secret to TPM NVRAM after 3 attempts. Reset the TPM and try again."
 			fi
@@ -759,7 +788,7 @@ tpm1_seal() {
 			rm -f "$tmp_def_out"
 			DEBUG "tpm1_seal nv_definespace failed (attempt $attempt): $def_out_content"
 			# If auth failure, retry after re-prompt; otherwise bail out.
-			if echo "$def_out_content" | grep -qiE 'authorization|auth|bad|permission'; then
+			if echo "$def_out_content" | grep -qiE 'authorization|auth|bad|permission|defend'; then
 				shred -n 10 -z -u /tmp/secret/tpm_owner_passphrase 2>/dev/null || true
 				WARN "nv_definespace failed (bad passphrase?). Retrying..."
 				continue
@@ -788,7 +817,7 @@ tpm1_seal() {
 		fi
 		DEBUG "tpm1_seal nv_writevalue(post-define) output: $tmp_out_content"
 		shred -n 10 -z -u /tmp/secret/tpm_owner_passphrase 2>/dev/null || true
-		if echo "$tmp_out_content" | grep -qiE 'authorization|auth|bad|permission'; then
+		if echo "$tmp_out_content" | grep -qiE 'authorization|auth|bad|permission|defend'; then
 			if [ "$attempt" -ge 3 ]; then
 				DIE "Unable to write sealed secret to TPM NVRAM after 3 attempts"
 			fi
@@ -846,15 +875,23 @@ tpm2_unseal() {
 	fi
 
 	# tpm2 unseal will write the unsealed data to stdout and any errors to
-	# stderr; capture stderr to log.
+	# stderr; capture stderr to a temp file for lockout detection.
+	TMP_STDERR="$(mktemp)"
+	at_exit cleanup_shred "$TMP_STDERR"
 	if ! tpm2 unseal -Q -c "$handle" -p "session:$POLICY_SESSION$UNSEAL_PASS_SUFFIX" \
-		-S "$ENC_SESSION_FILE" >"$file" 2> >(SINK_LOG "tpm2 stderr"); then
+		-S "$ENC_SESSION_FILE" >"$file" 2>"$TMP_STDERR"; then
+		# Log stderr for diagnostics
+		LOG "tpm2 unseal stderr: $(cat "$TMP_STDERR")"
+		# Detect DA lockout from stderr (TPM2 returns TPM2_RC_LOCKOUT)
+		if grep -qi 'lockout\|lock\|auth.*fail\|0x98e\|0x149' "$TMP_STDERR" 2>/dev/null; then
+			WARN "TPM2 dictionary attack lockout active. Unseal rejected."
+			touch /tmp/secret/tpm_da_lockout 2>/dev/null
+		fi
+		rm -f "$TMP_STDERR"
 		WARN "Unable to unseal secret from TPM NVRAM"
-
 		# should succeed, exit if it doesn't
 		exit 1
 	fi
-	rm -f "$TMP_ERR_FILE"
 }
 
 tpm1_unseal() {
@@ -943,6 +980,27 @@ tpm1_unseal() {
 		return 0
 	fi
 	DEBUG "tpm1_unseal unsealfile output: $(cat "$TMP_UNSEAL_OUT")"
+	# Detect DA lockout from unseal failure output (works on all TPMs
+	# including STM/Infineon that don't expose DA state via getcapability).
+	if grep -qi 'defend\|lock' "$TMP_UNSEAL_OUT" 2>/dev/null; then
+		WARN "TPM dictionary attack lockout active. Unseal rejected."
+		# Signal to callers (unseal-totp.sh, unseal-hotp.sh) that the
+		# failure was DA-lockout-specific so they can show appropriate
+		# guidance instead of generic "reseal" instructions.
+		touch /tmp/secret/tpm_da_lockout 2>/dev/null
+		# Query da_state for remaining time (best-effort, works on
+		# TPMs that support TPM_CAP_DA_LOGIC; STM returns unavailable).
+		# Save any found timer to a file so gui-init.sh can include it
+		# in the whiptail dialog (not just console STATUS).
+		da_state_output="$(tpmr.sh da_state 2>/dev/null)" || true
+		if [ -n "$da_state_output" ]; then
+			da_summary="$(echo "$da_state_output" | grep '^=> ' | head -1)"
+			if [ -n "$da_summary" ]; then
+				STATUS "TPM DA: ${da_summary#=> }"
+				echo "${da_summary#=> }" >/tmp/secret/tpm_da_lockout_msg 2>/dev/null
+			fi
+		fi
+	fi
 	if [ "$HEADS_NONFATAL_UNSEAL" = "y" ]; then
 		DEBUG "nonfatal tpm1_unseal failure: unable to unseal TPM NVRAM blob"
 		return 1
@@ -1051,6 +1109,113 @@ tpm2_reset() {
 		>/dev/null 2>&1 || LOG "tpm2_reset: unable to set lockout password"
 }
 
+# Query TPM1 dictionary attack state via TPM_CAP_DA_LOGIC capability.
+#
+# This function tries one thing: ask the TPM for its DA state.
+# If the TPM supports TPM_CAP_DA_LOGIC (0x19), it returns a structured
+# response with State, currentCount, thresholdCount, actionDependValue.
+# If it does not support the query (e.g., STM TPMs return TPM_BAD_MODE=44),
+# we report "unavailable" so callers know to rely on other detection
+# methods (e.g., increment failure with "Defend lock running").
+#
+# When the query succeeds, parses the raw capability output into a
+# human-readable summary and a machine-parsable DA: line.  The
+# preflight guard in increment_tpm_counter (functions.sh) reads the
+# DA: field values to decide DIE (locked) vs WARN (nearing threshold)
+# vs proceed.
+#
+# Timer logic:
+#   actionDependValue > 0 AND state = 1 => actively locked
+#   actionDependValue = 0 AND state = 0 => not locked (count may still
+#     be >= threshold; counter resets on correct empty auth)
+#
+# BusyBox compatibility: uses sed -n with /p so timer field is absent
+# from DA: when actionDependValue is unavailable.
+tpm1_da_state() {
+	TRACE_FUNC
+	local da_out rc=0
+	local state current threshold timer
+	local ver_output vendor_id rev_major rev_minor rev_major_dec rev_minor_dec perm_output da_logic_flag
+
+	# Log TPM chip identity for diagnostics (works on all TPM 1.2 chips).
+	# TPM_CAP_VERSION_VAL (0x1a) returns vendor ID and firmware revision.
+	ver_output="$(tpm getcapability -cap 0x1a 2>/dev/null)" || true
+	if [ -n "$ver_output" ]; then
+		vendor_id="$(echo "$ver_output" | grep 'VendorID' | tail -1 | sed 's/.*: *//')"
+		rev_major="$(echo "$ver_output" | grep 'revMajor' | sed 's/.*: 0x//')"
+		rev_minor="$(echo "$ver_output" | grep 'revMinor' | sed 's/.*: 0x//')"
+		rev_major_dec=$(printf '%d' "0x${rev_major:-0}" 2>/dev/null)
+		rev_minor_dec=$(printf '%d' "0x${rev_minor:-0}" 2>/dev/null)
+		DEBUG "tpm1_da_state: TPM vendor=\"$vendor_id\" firmware=$rev_major_dec.$rev_minor_dec"
+	fi
+
+	# Check whether full DA logic info is deliberately disabled in TPM firmware.
+	# TPM_CAP_FLAG with subcap TPM_CAP_FLAG_PERMANENT (0x108) returns permanent
+	# flags including disableFullDALogicInfo.  TRUE means the TPM only exposes
+	# TPM_DA_INFO_LIMITED (state only, no counter/threshold/timer).
+	# TPM_BAD_MODE (44) from this query means the flag itself is not implemented.
+	perm_output="$(tpm getcapability -cap 0x04 -scap 0x108 2>/dev/null)" || true
+	if echo "$perm_output" | grep -q 'Disable full DA logic info'; then
+		da_logic_flag="$(echo "$perm_output" | grep 'Disable full DA logic info' | sed 's/.*: //')"
+		DEBUG "tpm1_da_state: disableFullDALogicInfo=$da_logic_flag"
+	fi
+
+	# TPM_CAP_DA_LOGIC = 0x19, subcap 0x0000 (owner auth DA info).
+	# Some TPMs (e.g., STM) do not support this query and return
+	# TPM_BAD_MODE (44) for the subcap.  This is a capability absence,
+	# not a lockout state -- the TPM may still implement DA protection
+	# but simply not expose the state via this query.
+	da_out="$(tpm getcapability -cap 0x19 -scap 0x0000 2>/dev/null)" || rc=$?
+	if [ -z "$da_out" ] || ! echo "$da_out" | grep -q 'State'; then
+		[ -n "${rc-}" ] && DEBUG "tpm1_da_state: getcapability exit=$rc"
+		if [ "${rc-}" = "44" ]; then
+			DEBUG "tpm1_da_state: TPM does not support DA state queries (TPM_BAD_MODE)"
+			echo "TPM DA state: unavailable (this TPM does not report DA state)"
+			[ -n "${vendor_id-}" ] && echo "TPM chip: $vendor_id (firmware ${rev_major_dec:-?}.${rev_minor_dec:-?})"
+		else
+			DEBUG "tpm1_da_state: DA state not available (exit=${rc-})"
+			echo "TPM DA state: unavailable"
+		fi
+		return 1
+	fi
+	echo "$da_out"
+	[ -n "${vendor_id-}" ] && echo "TPM chip: $vendor_id (firmware ${rev_major_dec:-?}.${rev_minor_dec:-?})"
+	state=$(echo "$da_out" | grep 'State' | awk '{print $NF}')
+	current=$(echo "$da_out" | grep 'currentCount' | awk '{print $NF}')
+	threshold=$(echo "$da_out" | grep 'thresholdCount' | awk '{print $NF}')
+	timer=$(echo "$da_out" | grep 'actionDependValue' | awk '{print $NF}')
+	DEBUG "tpm1_da_state: state=$state current=$current threshold=$threshold timer=$timer"
+	echo ""
+	echo "DA policy:"
+	echo "  thresholdCount (max failures before defend): $threshold"
+	echo "  currentCount (current failure count): $current"
+	echo "  actionDependValue (lockout seconds remaining): ${timer:-0}"
+	echo "  state (DA logic: 0=inactive, 1=active): $state"
+	if [ "$state" = "1" ]; then
+		if [ -n "$timer" ] && [ "$timer" -ge 3600 ] 2>/dev/null; then
+			echo "=> TPM DEFEND LOCK ACTIVE (~$((timer / 3600)) hour(s) remaining)"
+		elif [ -n "$timer" ] && [ "$timer" -ge 60 ] 2>/dev/null; then
+			echo "=> TPM DEFEND LOCK ACTIVE (~$((timer / 60)) min remaining)"
+		elif [ -n "$timer" ] && [ "$timer" -gt 0 ] 2>/dev/null; then
+			echo "=> TPM DEFEND LOCK ACTIVE (${timer}s remaining)"
+		else
+			echo "=> TPM DEFEND LOCK ACTIVE (duration unknown on this TPM)"
+		fi
+	elif [ -n "$current" ] && [ -n "$threshold" ] && [ "$current" -ge "$threshold" ] 2>/dev/null; then
+		DEBUG "tpm1_da_state: above threshold, not locked (timer=$timer)"
+		echo "=> Above threshold: $current/$threshold failures (auth failures will trigger lockout)"
+	elif [ -n "$current" ] && [ -n "$threshold" ]; then
+		echo "=> Within lockout threshold ($current/$threshold failures used)"
+	else
+		echo "=> DA state: limited info (state=$state)"
+	fi
+	# Machine-parsable line for callers (preflight guard, scripts)
+	# timer= field always emitted; value is empty when unavailable.
+	# Preflight guard's sed -n /p returns empty string on timer= (no match
+	# on empty value), so da_timer stays empty and lockout check is skipped.
+	echo "DA: state=${state:-} current=${current:-} threshold=${threshold:-} timer=${timer:-}"
+}
+
 tpm1_reset() {
 	TRACE_FUNC
 	tpm_owner_passphrase="$1"
@@ -1075,9 +1240,39 @@ tpm1_reset() {
 	DO_WITH_DEBUG tpm physicalenable >/dev/null 2>&1 || LOG "tpm1_reset: unable to physicalenable after clear"
 
 	# 3. Take ownership with the new TPM owner passphrase.
-	if ! DO_WITH_DEBUG --mask-position 3 tpm takeown -pwdo "$tpm_owner_passphrase" >/dev/null 2>&1; then
-		LOG "tpm1_reset: tpm takeown failed after forceclear"
-		return 1
+	# TPM_DEFEND_LOCK_RUNNING is a standard TPM 1.2 error raised after
+	# too many failed authorization attempts (see tpm_error.h).  The TPM
+	# enters a time-out period (varies by chip: minutes to hours) and
+	# refuses all authorization operations.  forceclear clears the owner
+	# but not the dictionary attack counter on some implementations, so
+	# takeown may still fail after forceclear.
+	#
+	# Recovery: cycle physical presence once — this works on some chipsets
+	# where software presence was not properly asserted before forceclear.
+	# If that fails, the lockout must resolve naturally (wait with power on
+	# for the DA timer to expire, or hardware TPM reset via BIOS/jumper).
+	# AC power cycling behavior is implementation-specific.
+	local takeown_rc takeown_out
+	takeown_out="$(DO_WITH_DEBUG --mask-position 3 tpm takeown -pwdo "$tpm_owner_passphrase" 2>&1)" && takeown_rc=0 || takeown_rc=$?
+	if [ $takeown_rc -ne 0 ]; then
+		if echo "$takeown_out" | grep -qi "defend lock"; then
+			LOG "tpm1_reset: defend lock detected after forceclear"
+			LOG "tpm1_reset: cycling physical presence to assert PP before retry"
+			DO_WITH_DEBUG tpm physicaldisable >/dev/null 2>&1 || true
+			DO_WITH_DEBUG tpm physicalenable >/dev/null 2>&1 || true
+			DO_WITH_DEBUG tpm physicalpresence -s >/dev/null 2>&1 || true
+			DO_WITH_DEBUG tpm physicalsetdeactivated -c >/dev/null 2>&1 || true
+			if DO_WITH_DEBUG --mask-position 3 tpm takeown -pwdo "$tpm_owner_passphrase" >/dev/null 2>&1; then
+				: # Success: fall through to final assertions below
+			else
+				LOG "tpm1_reset: physical presence cycling did not clear defend lock"
+				LOG "tpm1_reset: run 'tpmr.sh da_state' for expected delay, or try tpm-reset.sh to clear TPM"
+				return 1
+			fi
+		else
+			LOG "tpm1_reset: tpm takeown failed after forceclear"
+			return 1
+		fi
 	fi
 
 	# 4. Leave TPM enabled, present, and not deactivated.
@@ -1116,6 +1311,204 @@ tpm2_shutdown() {
 	tpm2 shutdown -Q --clear
 }
 
+# Query TPM2 dictionary attack state via getcap properties-variable.
+# TPM2 has no single DA state query (unlike TPM1's TPM_CAP_DA_LOGIC).
+# We read four properties and derive lockout status.
+#
+# Lockout logic:
+#   count >= max_auth => locked (no auth will succeed)
+#   count < max_auth => within threshold (one bad auth may push over)
+#   estimate = (counter - max_auth + 1) * interval
+#   When locked, DA: line includes timer=<estimate> for the preflight guard.
+#   When not locked, DA: line has no timer= field (sed -n /p returns empty).
+#
+# Firmware version (TPM2_PT_FIRMWARE_VERSION_1) is logged to debug.log
+# for diagnostic use (identifying TPM chip and firmware revision).
+tpm2_da_state() {
+	TRACE_FUNC
+	local cap_out da_out counter_hex max_auth_hex interval_hex recovery_hex counter max_auth interval recovery fw_ver
+	cap_out="$(tpm2 getcap properties-variable 2>/dev/null)" || {
+		WARN "Unable to query TPM2 dictionary attack state"
+		DEBUG "tpm2_da_state: getcap properties-variable failed (no TPM access?)"
+		return 1
+	}
+	# Extract firmware version from cap_out for diagnostic logging
+	fw_ver="$(echo "$cap_out" | grep 'TPM2_PT_FIRMWARE_VERSION_1' | sed 's/.*0x//')"
+	[ -n "$fw_ver" ] && DEBUG "tpm2_da_state: TPM firmware version: $(printf '%d.%d' $((0x${fw_ver}>>16)) $((0x${fw_ver}&0xffff)) 2>/dev/null)"
+	da_out="$(echo "$cap_out" | grep -E \
+		'TPM2_PT_LOCKOUT_COUNTER|TPM2_PT_MAX_AUTH_FAIL|TPM2_PT_LOCKOUT_INTERVAL|TPM2_PT_LOCKOUT_RECOVERY')" || true
+	if [ -z "$da_out" ]; then
+		DEBUG "tpm2_da_state: no matching properties found in getcap output"
+		echo "TPM2 DA state: unavailable"
+		return 1
+	fi
+	echo "$da_out"
+	counter_hex=$(echo "$da_out" | grep 'LOCKOUT_COUNTER' | sed 's/.*0x//')
+	max_auth_hex=$(echo "$da_out" | grep 'MAX_AUTH_FAIL' | sed 's/.*0x//')
+	interval_hex=$(echo "$da_out" | grep 'LOCKOUT_INTERVAL' | sed 's/.*0x//')
+	recovery_hex=$(echo "$da_out" | grep 'LOCKOUT_RECOVERY' | sed 's/.*0x//')
+	counter=$((0x${counter_hex:-0}))
+	max_auth=$((0x${max_auth_hex:-0}))
+	interval=$((0x${interval_hex:-0}))
+	recovery=$((0x${recovery_hex:-0}))
+	echo ""
+	echo "DA policy:"
+	echo "  maxTries (max auth fails before lockout): $max_auth"
+	if [ "$interval" -ge 60 ]; then
+		echo "  recoveryTime (seconds before one failure is forgotten): $interval ($((interval / 60)) min)"
+	else
+		echo "  recoveryTime (seconds before one failure is forgotten): $interval"
+	fi
+	echo "  lockoutRecovery (seconds lockout auth blocked after failure): $recovery"
+	echo "  failedTries (current auth failure count): $counter"
+	if [ -n "$counter_hex" ] && [ -n "$max_auth_hex" ] && [ "$counter" -ge "$max_auth" ] 2>/dev/null; then
+		DEBUG "tpm2_da_state: LOCKOUT ACTIVE (counter=$counter threshold=$max_auth)"
+		echo "=> TPM LOCKOUT ACTIVE ($counter/$max_auth failures)"
+		# counter drops by 1 every recoveryTime seconds.
+		# When counter < maxTries, TPM unlocks. So we need (counter - maxTries + 1) decrements.
+		local need=$((counter - max_auth + 1))
+		local estimate=$((need * interval))
+		if [ "$estimate" -ge 3600 ]; then
+			echo "=> Estimated unlock in ~$((estimate / 3600)) hour(s) (if no new failures)"
+		elif [ "$estimate" -ge 60 ]; then
+			echo "=> Estimated unlock in ~$((estimate / 60)) min (if no new failures)"
+		else
+			echo "=> Estimated unlock in ~${estimate}s (if no new failures)"
+		fi
+		echo "DA: current=${counter:-} threshold=${max_auth:-} timer=${estimate}"
+	else
+		DEBUG "tpm2_da_state: within threshold (counter=$counter threshold=$max_auth)"
+		echo "=> Within lockout threshold ($counter/$max_auth failures used)"
+		echo "DA: current=${counter:-} threshold=${max_auth:-}"
+	fi
+}
+
+
+# bad_auth - TPM1: deliberately attempt counter increment with wrong auth.
+# Tests dictionary attack lockout detection and preflight guard behavior.
+# The test works by checking whether the increment succeeds (no lockout)
+# or fails (lockout active).  Repeat until the increment fails with lockout.
+#
+# Design decisions:
+#   - Wrong password is TPM_DEFEND_LOCK_TEST_WRONG_PASSWORD (self-documenting).
+#   - || rc=$? captures the exit code for inspection without tripping set -e.
+# Reads counter ID from /boot/kexec_rollback.txt or takes one as argument.
+tpm1_bad_auth() {
+	TRACE_FUNC
+	local rollback_counter_id="${1:-}"
+	local increment_exit_code increment_command_output
+	local ver_output vendor_id rev_major rev_minor rev_major_dec rev_minor_dec
+	# If no counter ID given, read it from the rollback config on /boot.
+	# Note: /boot is not mounted in recovery shell; the user must mount
+	# a boot device first or provide a counter ID as argument.
+	if [ -z "$rollback_counter_id" ] && [ -r /boot/kexec_rollback.txt ]; then
+		rollback_counter_id=$(grep -Eo 'counter-[0-9a-fA-F]+' /boot/kexec_rollback.txt | \
+			sed 's/counter-//' | head -1)
+	fi
+	DEBUG "=== BAD AUTH TEST (TPM1) ==="
+	DEBUG "Counter: ${rollback_counter_id:-<none>}"
+	if [ -z "$rollback_counter_id" ]; then
+		DEBUG "No counter ID found. Use tpmr.sh bad_auth <counter_id>."
+		# WARN once per session to avoid 1s sleep on every loop iteration.
+		if [ ! -f /tmp/.tpmr_bad_auth_no_counter_warned ]; then
+			WARN "No TPM counter ID: mount /boot partition then rerun, or pass ID directly: tpmr.sh bad_auth <ID>"
+			touch /tmp/.tpmr_bad_auth_no_counter_warned
+		fi
+		return 1
+	fi
+	# Log TPM chip identity for diagnostics.
+	ver_output="$(tpm getcapability -cap 0x1a 2>/dev/null)" || true
+	if [ -n "$ver_output" ]; then
+		vendor_id="$(echo "$ver_output" | grep 'VendorID' | tail -1 | sed 's/.*: *//')"
+		rev_major="$(echo "$ver_output" | grep 'revMajor' | sed 's/.*: 0x//')"
+		rev_minor="$(echo "$ver_output" | grep 'revMinor' | sed 's/.*: 0x//')"
+		# Convert raw hex version bytes (e.g. 0x0D.0x0C) to human-readable
+		# decimal (13.12) for user-facing output and log messages.
+		rev_major_dec=$(printf '%d' "0x${rev_major:-0}" 2>/dev/null)
+		rev_minor_dec=$(printf '%d' "0x${rev_minor:-0}" 2>/dev/null)
+		DEBUG "bad_auth: TPM vendor=\"$vendor_id\" firmware=$rev_major_dec.$rev_minor_dec"
+	fi
+	# Verify the counter exists before attempting a bad-auth increment.
+	if ! tpm counter_read -ix "$rollback_counter_id" >/dev/null 2>&1; then
+		DEBUG "Counter $rollback_counter_id does not exist on this TPM."
+		WARN "Counter $rollback_counter_id not found on this TPM"
+		return 1
+	fi
+	# Attempt increment with a deliberately wrong password.
+	# Each failed auth increments the TPM's global DA failedTries counter.
+	# After the vendor threshold, the TPM returns TPM_DEFEND_LOCK_RUNNING.
+	#
+	# TPM exit codes from counter_increment.c:
+	#   0   = TPM_SUCCESS — increment succeeded (unexpected with wrong password)
+	#   1   = TPM_AUTHFAIL (0x01) — wrong password rejected, DA counter incremented
+	#   255 = TPM_DEFEND_LOCK_RUNNING (0x803, capped at 255 by counter_increment)
+	#         — DA lockout active, no auth operations accepted
+	increment_exit_code=0
+	increment_command_output=$(tpm counter_increment -ix "$rollback_counter_id" -pwdc "TPM_DEFEND_LOCK_TEST_WRONG_PASSWORD" 2>&1) || increment_exit_code=$?
+	# Log raw result to debug.log for diagnostics; also echo to console for UX.
+	DEBUG "bad_auth: counter_increment rc=$increment_exit_code output='$increment_command_output'"
+	if [ "$increment_exit_code" -ne 0 ]; then
+		if echo "$increment_command_output" | grep -qi 'defend\|lock'; then
+			DEBUG "bad_auth: DA LOCKOUT ACTIVE (rc=$increment_exit_code = TPM_DEFEND_LOCK_RUNNING)"
+			STATUS "bad_auth: DA lockout confirmed. TPM rejected increment (rc=255 = defend lock running)."
+			# Query DA state for diagnostics and console summary.
+			# tpm1_da_state returns 1 on TPMs that don't expose DA
+			# policy (e.g. STM) — its internal DEBUG calls already
+			# capture vendor/firmware/diagnostics in the log.
+			# We only need the summary line for the user and the
+			# machine-parsable DA: line for automation/scripts.
+			da_state_output="$(tpm1_da_state 2>/dev/null)" || true
+			if [ -n "$da_state_output" ]; then
+				da_summary="$(echo "$da_state_output" | grep '^=> ' | head -1)"
+				if [ -n "$da_summary" ]; then
+					STATUS "TPM DA: ${da_summary#=> }"
+				fi
+				da_machine="$(echo "$da_state_output" | grep '^DA:' | tail -1)"
+				[ -n "$da_machine" ] && DEBUG "bad_auth: $da_machine"
+			fi
+		else
+			DEBUG "bad_auth: auth failure (rc=$increment_exit_code = TPM_AUTHFAIL)"
+			echo "Auth failure (rc=$increment_exit_code = TPM_AUTHFAIL, expected with wrong password)."
+			echo "Run again to accumulate failures toward DA lockout."
+		fi
+	else
+		DEBUG "bad_auth: UNEXPECTED SUCCESS (rc=0 = TPM_SUCCESS)"
+		echo "UNEXPECTED: wrong password was accepted (rc=0 = TPM_SUCCESS)."
+	fi
+}
+
+# TPM2 bad_auth: same purpose but uses NV index auth (-P) not owner auth.
+# Design decision: NV index auth failure produces TPM2_RC_AUTH_FAIL (0x98e)
+# and does increment LOCKOUT_COUNTER.  Owner auth failure (-C o -P) may not
+# increment the counter on some TPM2 implementations, so we use -P directly.
+tpm2_bad_auth() {
+	TRACE_FUNC
+	local counter_id="${1:-}"
+	if [ -z "$counter_id" ] && [ -r /boot/kexec_rollback.txt ]; then
+		counter_id=$(grep -Eo 'counter-[0-9a-fA-F]+' /boot/kexec_rollback.txt | \
+			sed 's/counter-//' | head -1)
+	fi
+	DEBUG "=== BAD AUTH TEST (TPM2) ==="
+	DEBUG "Counter: ${counter_id:-<none>}"
+	DEBUG "DA state BEFORE bad auth:"
+	tpm2_da_state
+	if [ -z "$counter_id" ]; then
+		DEBUG "No counter ID found. Use tpmr.sh bad_auth <counter_id>."
+		return 1
+	fi
+	# Verify the counter exists before attempting bad auth
+	if ! tpm2 nvread "0x$counter_id" >/dev/null 2>&1; then
+		DEBUG "Counter 0x$counter_id does not exist on this TPM."
+		return 1
+	fi
+	DEBUG "Attempting increment with wrong passphrase..."
+	# Intentionally wrong auth at NV index level (not owner auth).
+	# Use || true so set -e does not abort on expected TPM2_RC_AUTH_FAIL.
+	tpm2 nvincrement -P "TPM_DEFEND_LOCK_TEST_WRONG_PASSWORD" "0x$counter_id" 2>&1 || true
+	DEBUG "DA state AFTER bad auth:"
+	tpm2_da_state
+}
+
 if [ "$CONFIG_TPM" != "y" ]; then
 	DIE "No TPM!"
 fi
@@ -1166,9 +1559,9 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
 		fi
 
 		TRACE_FUNC
-		# Silence stdout/stderr, they're only useful for debugging
-		# and DO_WITH_DEBUG captures them
-		DO_WITH_DEBUG exec tpm "$@" &>/dev/null
+		# DO_WITH_DEBUG captures stdout/stderr to debug.log;
+		# on failure, log the exit code for diagnostics.
+		DO_WITH_DEBUG tpm "$@" || LOG "tpm extend failed (exit=$?)"
 
 		# Read PCR value after extend (TPM1 uses SHA1, read from sysfs)
 		pcr_value=$(grep -i "PCR-0*$3:" /sys/class/tpm/tpm0/pcrs | head -1 | cut -d: -f2 | tr -d ' ')
@@ -1184,12 +1577,20 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
 		shift
 		tpm1_unseal "$@"
 		;;
+	bad_auth)
+		shift
+		tpm1_bad_auth "$@"
+		;;
 	reset)
 		shift
 		INFO "TPM: Resetting TPM"
 		tpm1_reset "$@"
 		STATUS_OK "TPM reset completed"
 		;;
+	da_state)
+		shift
+		tpm1_da_state "$@"
+		;;
 	kexec_finalize) ;; # Nothing on TPM1.
 	shutdown) ;;       # Nothing on TPM1.
 	*)
@@ -1240,6 +1641,9 @@ counter_increment)
 counter_create)
 	tpm2_counter_create "$@"
 	;;
+da_state)
+	tpm2_da_state "$@"
+	;;
 destroy)
 	tpm2_destroy "$@"
 	;;
@@ -1252,6 +1656,9 @@ startsession)
 unseal)
 	tpm2_unseal "$@"
 	;;
+bad_auth)
+	tpm2_bad_auth "$@"
+	;;
 reset)
 	INFO "TPM: Resetting TPM"
 	tpm2_reset "$@"
diff --git a/initrd/bin/unseal-totp.sh b/initrd/bin/unseal-totp.sh
index 1a0dd00d8..bd675e6e8 100755
--- a/initrd/bin/unseal-totp.sh
+++ b/initrd/bin/unseal-totp.sh
@@ -23,6 +23,7 @@ if [ "$CONFIG_TPM" = "y" ]; then
 		if [ ! -f "/tmp/secret/primary.handle" ]; then
 			fail_unseal_reset_required "Unable to unseal TOTP secret from TPM; no TPM primary handle. Reset the TPM (Options -> TPM/TOTP/HOTP Options -> Reset the TPM in the GUI)." || exit 1
 		fi
+		# TPM NVRAM parameters: index=0x4d47, PCRs=0,1,2,3,4,7, sealed_size=312
 		# show unseal invocation; there is no secret argument to mask
 		if ! DO_WITH_DEBUG \
 			tpmr.sh unseal 4d47 0,1,2,3,4,7 312 "$TOTP_SECRET"; then
@@ -34,6 +35,11 @@ if [ "$CONFIG_TPM" = "y" ]; then
 	else
 		# TPM1 path: after reset/re-ownership, unseal failures here are best
 		# handled by resealing the secret from the GUI flow.
+		# The GUI caller (gui-init.sh update_totp) checks for the DA lockout
+		# marker (/tmp/secret/tpm_da_lockout) set by tpm1_unseal and shows
+		# a lockout-specific whiptail with TCG exponential backoff guidance.
+		# No marker handling needed here — just return the failure.
+		# TPM NVRAM parameters: index=0x4d47, PCRs=0,1,2,3,4,7, sealed_size=312
 		if ! DO_WITH_DEBUG tpmr.sh unseal 4d47 0,1,2,3,4,7 312 "$TOTP_SECRET"; then
 			fail_unseal "Unable to unseal TOTP secret from TPM. Use the GUI menu (Options -> TPM/TOTP/HOTP Options -> Generate new TOTP/HOTP secret) to reseal." || exit 1
 		fi
diff --git a/initrd/etc/functions.sh b/initrd/etc/functions.sh
index f9b0694fd..4340375a5 100644
--- a/initrd/etc/functions.sh
+++ b/initrd/etc/functions.sh
@@ -1111,6 +1111,28 @@ recovery() {
 			done
 		fi
 
+		# Show DA lockout state so users who landed in recovery due to
+		# repeated auth failures see lockout status and remaining time.
+		# Full detail logged at DEBUG (always in debug.log); a single
+		# INFO line summarizes the user-relevant state on console.
+		if [ "$CONFIG_TPM" = "y" ]; then
+			da_output="$(tpmr.sh da_state 2>/dev/null)" || true
+			if [ -n "$da_output" ]; then
+				echo "$da_output" | while IFS= read -r line; do
+					DEBUG "$line"
+				done
+				da_summary="$(echo "$da_output" | grep '^=> ' | head -1)"
+				if [ -n "$da_summary" ]; then
+					STATUS "TPM DA: ${da_summary#=> }"
+				else
+					# No => line (DA state unavailable on this TPM);
+					# show the self-descriptive "TPM DA state: ..." message.
+					da_unavail="$(echo "$da_output" | grep '^TPM DA state:' | head -1)"
+					[ -n "$da_unavail" ] && STATUS "$da_unavail"
+				fi
+			fi
+		fi
+
 		# Drain any queued serial input before starting the interactive shell.
 		# This avoids stale bytes being interpreted as bash commands on entry.
 		if [ -n "$RECOVERY_TTY" ]; then
@@ -1848,7 +1870,8 @@ check_tpm_counter() {
 	TRACE_FUNC
 
 	LABEL=${2:-3135106223}
-	tpm_passphrase="$3"
+	# $3 (tpm_passphrase) was used by pre-PR #2068 code but is now intentionally
+	# ignored — counters are created with empty auth (-pwdc '') per TCG spec.
 	# if the /boot.hashes file already exists, read the TPM counter ID
 	# from it.
 	if [ -r "$1" ]; then
@@ -1872,7 +1895,7 @@ check_tpm_counter() {
 		(
 			set +e
 			tpmr.sh counter_create \
-				-pwdc "${tpm_passphrase:-}" \
+				-pwdc '' \
 				-la "$LABEL" \
 				>/tmp/counter 2> >(tee >(SINK_LOG "tpm counter_create stderr") >&2)
 			echo $? > /tmp/counter_create_rc
@@ -2051,21 +2074,65 @@ increment_tpm_counter() {
 	fi
 
 	# Prefer explicit passphrase, otherwise reuse cached TPM owner passphrase.
+	# TPM2 uses owner-auth fallback in tpm2_counter_inc; TPM1 uses empty counter
+	# auth (SHA1("")) per TCG spec — no owner passphrase needed for increment.
 	if [ -z "$tpm_passphrase" ] && [ -s /tmp/secret/tpm_owner_passphrase ]; then
 		tpm_passphrase="$(cat /tmp/secret/tpm_owner_passphrase)"
-		DEBUG "increment_tpm_counter: using cached TPM owner passphrase"
 	fi
 
-	# TPM1 counter_increment requires owner auth in practice on this path.
-	# origin/master typically reached this with cached owner passphrase already set,
-	# but the newer reseal/update flows can call this later in the session after
-	# that cache is absent. Prompt once and cache to avoid empty -pwdc failures.
-	if [ "$CONFIG_TPM2_TOOLS" != "y" ] && [ -z "$tpm_passphrase" ]; then
-		WARN "TPM Owner Passphrase is required to update rollback counter before signing updated boot hashes."
-		DEBUG "increment_tpm_counter: TPM1 path has no cached/provided owner passphrase; prompting now"
-		prompt_tpm_owner_password
-		tpm_passphrase="$tpm_owner_passphrase"
-		DEBUG "increment_tpm_counter: TPM1 owner passphrase obtained and cached"
+	# Preflight DA state check: query da_state before every counter increment.
+	# TPM1: timer=0 means state inactive; timer>0 means locked.
+	#        NOTE: some TPM1 chips (e.g., STM, some Infineon) do not support
+	#        TPM_CAP_DA_LOGIC and return TPM_BAD_MODE (44).  da_state returns
+	#        "unavailable" and the guard has no DA info -- lockout is detected
+	#        only when the increment itself fails (handled below).  TPM firmware
+	#        version is logged to debug.log by tpm1_da_state for diagnostics.
+	# TPM2: timer absent when count<threshold; timer>0 when locked (estimate).
+	# TPM1 timer>0 or TPM2 timer>0: DIE with remaining time.
+	# TPM1 timer=0, count>=threshold: above threshold but not locked, WARN.
+	# TPM2 no timer, count>=threshold: locked (shouldn't happen, DIE).
+	# Both: count>=threshold-1 without lockout: WARN.
+	if [ "$CONFIG_TPM" = "y" ]; then
+		local da_line da_current da_threshold da_timer
+		da_line="$(tpmr.sh da_state 2>/dev/null | grep '^DA: ')"
+		da_current=$(echo "$da_line" | sed 's/.*current=\([^ ]*\).*/\1/')
+		da_threshold=$(echo "$da_line" | sed 's/.*threshold=\([^ ]*\).*/\1/')
+		# With sed -n /p, da_timer stays empty when timer= field absent (TPM2 clean)
+		da_timer=$(echo "$da_line" | sed -n 's/.*timer=\([^ ]*\).*/\1/p')
+		if [ -n "$da_current" ] && [ -n "$da_threshold" ]; then
+			if [ -n "$da_timer" ] && [ "$da_timer" -gt 0 ] 2>/dev/null; then
+				# TPM1 state=1 or TPM2 count>=threshold -- actively locked
+				local timer_display="${da_timer}s"
+				if [ "$da_timer" -ge 3600 ] 2>/dev/null; then
+					timer_display="~$((da_timer / 3600)) hour(s)"
+				elif [ "$da_timer" -ge 60 ] 2>/dev/null; then
+					timer_display="~$((da_timer / 60)) min"
+				fi
+				DEBUG "increment_tpm_counter: DA $da_current/$da_threshold (locked, ${timer_display})"
+				DIE "TPM dictionary attack lockout active (DA $da_current/$da_threshold, ${timer_display} remaining). Reset TPM from GUI: Options -> TPM/TOTP/HOTP Options -> Reset the TPM."
+			fi
+			if [ "$da_current" -ge "$da_threshold" ] 2>/dev/null; then
+				if [ -z "$da_timer" ]; then
+					# TPM2 with count>=threshold but no timer estimate.
+					# This can't happen on Heads-provisioned TPMs but guard defensively.
+					DEBUG "increment_tpm_counter: DA $da_current/$da_threshold (TPM2 locked, no timer)"
+					DIE "TPM dictionary attack lockout active (DA $da_current/$da_threshold). Reset TPM from GUI: Options -> TPM/TOTP/HOTP Options -> Reset the TPM."
+				else
+					# TPM1: timer=0, state=0, count above threshold but not locked.
+					# The increment will succeed with correct empty auth, but warn user
+					# that the next BAD auth will trigger lockout.
+					DEBUG "increment_tpm_counter: DA $da_current/$da_threshold (above threshold)"
+					WARN "DA counter above threshold ($da_current/$da_threshold). Auth failures will trigger lockout."
+				fi
+			elif [ "$da_current" -ge $((da_threshold - 1)) ] 2>/dev/null; then
+				DEBUG "increment_tpm_counter: DA $da_current/$da_threshold (nearing threshold)"
+				WARN "DA counter nearing threshold ($da_current/$da_threshold). One more auth failure may trigger lockout."
+			else
+				DEBUG "increment_tpm_counter: DA $da_current/$da_threshold"
+			fi
+		else
+			DEBUG "increment_tpm_counter: TPM DA state unavailable or limited"
+		fi
 	fi
 
 	# Try to increment the counter.  We normally hide the verbose
@@ -2094,7 +2161,12 @@ increment_tpm_counter() {
 			increment_ok="y"
 		fi
 	else
-		# TPM1 path uses owner auth in practice.
+		# TPM1 counter uses empty auth (SHA1 of "") per TCG spec.
+		# The counter's auth is separate from the owner passphrase.
+		# If empty auth fails on a readable counter, the counter was
+		# created by pre-fix code with owner-passphrase auth -- prompt
+		# for owner passphrase and retry as migration fallback.
+		# If empty auth fails with defend lock, skip fallback and DIE.
 		# NOTE: tpmtotp C code prints ALL output (success + errors) to stdout.
 		# We must capture stdout to detect failures properly.
 		# DO_WITH_DEBUG internally captures the command's stderr (tee /dev/stderr
@@ -2104,10 +2176,39 @@ increment_tpm_counter() {
 		if (
 			set -o pipefail
 			DO_WITH_DEBUG --mask-position 5 \
-				tpmr.sh counter_increment -ix "$counter_id" -pwdc "${tpm_passphrase:-}" \
+				tpmr.sh counter_increment -ix "$counter_id" -pwdc '' \
 					2>/dev/null | tee /tmp/counter-"$counter_id" >/dev/null
 		); then
 			increment_ok="y"
+		elif grep -qi 'defend\|lock' /tmp/counter-"$counter_id" 2>/dev/null; then
+			# TPM1 defend lock detected on increment.  This is the catch-all
+			# for TPM1 chips that do not expose DA state via TPM_CAP_DA_LOGIC
+			# (e.g., STM TPMs returning TPM_BAD_MODE).  The first sign of
+			# lockout is the increment failing with "Defend lock running".
+			#
+			# Why not grep for 0x19?  0x19 is the TPM_CAP_DA_LOGIC capability
+			# constant, NOT a documented error code from TPM_IncrementCounter.
+			# It appears only in getcapability output, not counter output.
+			# The actual DA lockout error is TPM_DEFEND_LOCK_RUNNING (0x803),
+			# rendered by tpmtotp as "Defend lock running".
+			# Skip the owner-passphrase migration fallback (lockout blocks all auth).
+			DEBUG "increment_tpm_counter: TPM1 defend lock detected on increment"
+			DIE "TPM dictionary attack lockout active. Reset TPM: Options -> TPM/TOTP/HOTP Options -> Reset the TPM."
+		elif [ "$counter_present" = "y" ]; then
+			if [ -z "$tpm_passphrase" ]; then
+				WARN "TPM Owner Passphrase required to increment counter created by previous Heads version"
+				prompt_tpm_owner_password
+				tpm_passphrase="$tpm_owner_passphrase"
+			fi
+			if (
+				set -o pipefail
+				DO_WITH_DEBUG --mask-position 5 \
+					tpmr.sh counter_increment -ix "$counter_id" -pwdc "${tpm_passphrase}" \
+						2>/dev/null | tee /tmp/counter-"$counter_id" >/dev/null
+			); then
+				increment_ok="y"
+				WARN "TPM counter created by older Heads version (uses owner passphrase). This is a one-time migration; operation continues with owner-passphrase auth. Reset TPM in menu (Options -> TPM/TOTP/HOTP Options -> Reset the TPM) to create a new empty-auth counter (recommended), or leave as-is."
+			fi
 		fi
 	fi
 
@@ -2126,7 +2227,7 @@ increment_tpm_counter() {
 		if (
 			set -o pipefail
 			DO_WITH_DEBUG --mask-position 3 \
-				tpmr.sh counter_create -pwdc "${tpm_passphrase:-}" -la 3135106223 \
+				tpmr.sh counter_create -pwdc '' -la 3135106223 \
 				2> >(tee >(SINK_LOG "tpm counter_create stderr") >&2) |
 				tee /tmp/new-counter >/dev/null
 		); then