[SeaBIOS] [PATCH v2 3/6] Add support for harware physical presence
Stefan Berger
stefanb at us.ibm.com
Thu Jan 7 13:55:38 CET 2016
From: Stefan Berger <stefanb at linux.vnet.ibm.com>
Extend assert_physical_presence with checks for hardware physical presence
support. If hardware physical presence is enabled, we return 0.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
src/std/tcg.h | 1 +
src/tcgbios.c | 79 ++++++++++++++++++++++-------------------------------------
2 files changed, 30 insertions(+), 50 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index 9f7f021..91692e9 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -285,6 +285,7 @@ enum permFlagsIndex {
PERM_FLAG_IDX_ALLOW_MAINTENANCE,
PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK,
PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE,
+ PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE,
};
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 51b3e78..7a81d00 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -410,24 +410,6 @@ tpm_smbios_measure(void)
(u8 *)&pcctes, sizeof(pcctes));
}
-static u32
-read_stclear_flags(char *buf, int buf_len)
-{
- memset(buf, 0, buf_len);
-
- struct tpm_res_getcap_stclear_flags stcf;
- int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_VOLATILE
- , &stcf.hdr, sizeof(stcf));
- if (ret) {
- dprintf(DEBUG_tcg, "Error reading STClear flags: 0x%08x\n", ret);
- return -1;
- }
-
- memcpy(buf, &stcf.stclear_flags, buf_len);
-
- return 0;
-}
-
static int
read_permanent_flags(char *buf, int buf_len)
{
@@ -444,42 +426,39 @@ read_permanent_flags(char *buf, int buf_len)
return 0;
}
-static u32
-assert_physical_presence(int verbose)
+static int
+assert_physical_presence(void)
{
- struct tpm_stclear_flags stcf;
- int ret = read_stclear_flags((char *)&stcf, sizeof(stcf));
+ int ret = tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_PRESENT,
+ sizeof(PhysicalPresence_PRESENT),
+ TPM_DURATION_TYPE_SHORT);
+ if (!ret)
+ return 0;
+
+ struct tpm_permanent_flags pf;
+ ret = read_permanent_flags((char *)&pf, sizeof(pf));
if (ret)
return -1;
- if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE])
- /* physical presence already asserted */
+ /* check if hardware physical presence is supported */
+ if (pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE]) {
+ /* HW phys. presence may not be asserted... */
return 0;
-
- ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_CMD_ENABLE,
- sizeof(PhysicalPresence_CMD_ENABLE),
- TPM_DURATION_TYPE_SHORT);
- if (ret) {
- if (verbose)
- printf("Error: Could not enable physical presence.\n\n");
- goto err_exit;
- }
-
- ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_PRESENT,
- sizeof(PhysicalPresence_PRESENT),
- TPM_DURATION_TYPE_SHORT);
- if (ret) {
- if (verbose)
- printf("Error: Could not set presence flag.\n\n");
- goto err_exit;
}
- return 0;
+ if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK]
+ && !pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) {
+ tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_CMD_ENABLE,
+ sizeof(PhysicalPresence_CMD_ENABLE),
+ TPM_DURATION_TYPE_SHORT);
-err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret);
+ return tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_PRESENT,
+ sizeof(PhysicalPresence_PRESENT),
+ TPM_DURATION_TYPE_SHORT);
+ }
return -1;
}
@@ -974,7 +953,7 @@ enable_tpm(int enable, int verbose)
if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable)
return 0;
- ret = assert_physical_presence(verbose);
+ ret = assert_physical_presence();
if (ret)
return -1;
@@ -1004,7 +983,7 @@ activate_tpm(int activate, int allow_reset, int verbose)
if (pf.flags[PERM_FLAG_IDX_DISABLE])
return 0;
- ret = assert_physical_presence(verbose);
+ ret = assert_physical_presence();
if (ret)
return -1;
@@ -1061,7 +1040,7 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose)
}
}
- ret = assert_physical_presence(verbose);
+ ret = assert_physical_presence();
if (ret)
return -1;
@@ -1104,7 +1083,7 @@ set_owner_install(int allow, int verbose)
return 0;
}
- ret = assert_physical_presence(verbose);
+ ret = assert_physical_presence();
if (ret)
return -1;
--
2.4.3
More information about the SeaBIOS
mailing list