<p>Philipp Deppenwiese <strong>merged</strong> this change.</p><p><a href="https://review.coreboot.org/29063">View Change</a></p><div style="white-space:pre-wrap">Approvals:
build bot (Jenkins): Verified
Paul Menzel: Looks good to me, but someone else must approve
Philipp Deppenwiese: Looks good to me, approved
Julius Werner: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT<br><br>Change TSS layer tlcl_send_startup() to expose TPM_RC_INITIALIZE,<br>which gets mapped to TPM_E_INVALID_POSTINIT. The return value<br>is exposed to TSPI layer tpm_setup(), and dealt with as follows:<br><br>- Regular startup: TPM_E_INVALID_POSTINIT should count as failure.<br>- S3 resume: TPM_E_INVALID_POSTINIT can be assumed to mean that<br> TPM maintains power during S3, and is already initialized.<br><br>Also, correct an error where |response| could be erroneously accessed<br>when it is set to NULL.<br><br>BUG=b:114018226<br>TEST=compile coreboot<br><br>Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf<br>Signed-off-by: Joel Kitching <kitching@google.com><br>Reviewed-on: https://review.coreboot.org/29063<br>Tested-by: build bot (Jenkins) <no-reply@coreboot.org><br>Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net><br>Reviewed-by: Julius Werner <jwerner@chromium.org><br>Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com><br>---<br>M src/security/tpm/tss/tcg-2.0/tss.c<br>1 file changed, 15 insertions(+), 3 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>index e6ec57c..c67fdfa 100644</span><br><span>--- a/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>+++ b/src/security/tpm/tss/tcg-2.0/tss.c</span><br><span>@@ -61,12 +61,24 @@</span><br><span> startup.startup_type = type;</span><br><span> response = tpm_process_command(TPM2_Startup, &startup);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (response && (response->hdr.tpm_code == 0 ||</span><br><span style="color: hsl(0, 100%, 40%);">- response->hdr.tpm_code == TPM_RC_INITIALIZE)) {</span><br><span style="color: hsl(0, 100%, 40%);">- return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* IO error, tpm2_response pointer is empty. */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (response == NULL) {</span><br><span style="color: hsl(120, 100%, 40%);">+ printk(BIOS_ERR, "%s: TPM communication error\n", __func__);</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_IOERROR;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> printk(BIOS_INFO, "%s: Startup return code is %x\n",</span><br><span> __func__, response->hdr.tpm_code);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (response->hdr.tpm_code) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case TPM_RC_INITIALIZE:</span><br><span style="color: hsl(120, 100%, 40%);">+ /* TPM already initialized. */</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_E_INVALID_POSTINIT;</span><br><span style="color: hsl(120, 100%, 40%);">+ case TPM2_RC_SUCCESS:</span><br><span style="color: hsl(120, 100%, 40%);">+ return TPM_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Collapse any other errors into TPM_E_IOERROR. */</span><br><span> return TPM_E_IOERROR;</span><br><span> }</span><br><span> </span><br><span></span><br></pre><p>To view, visit <a href="https://review.coreboot.org/29063">change 29063</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/29063"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf </div>
<div style="display:none"> Gerrit-Change-Number: 29063 </div>
<div style="display:none"> Gerrit-PatchSet: 6 </div>
<div style="display:none"> Gerrit-Owner: Joel Kitching <kitching@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Aaron Durbin <adurbin@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: Furquan Shaikh <furquan@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joel Kitching <kitching@google.com> </div>
<div style="display:none"> Gerrit-Reviewer: Julius Werner <jwerner@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: Paul Menzel <paulepanter@users.sourceforge.net> </div>
<div style="display:none"> Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Vadim Bendebury <vbendeb@chromium.org> </div>
<div style="display:none"> Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org> </div>
<div style="display:none"> Gerrit-CC: Werner Zeh <werner.zeh@siemens.com> </div>