Christian Walter has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34381 )
Change subject: src/security/tpm/tss: Add Support for PTT ......................................................................
src/security/tpm/tss: Add Support for PTT
When we use Intel Platform Trust Technologies, we need to verify that the enable bit is set before we use the integrated TPM
Change-Id: I3b262a5d5253648fb96fb1fd9ba3995f92755bb1 Signed-off-by: Christian Walter christian.walter@9elements.com --- M src/security/tpm/tss/tcg-2.0/tss.c 1 file changed, 8 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/81/34381/1
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index c4b5538..5cba43d 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -11,6 +11,7 @@ #include <vb2_api.h> #include <security/tpm/tis.h> #include <security/tpm/tss.h> +#include <drivers/ptt/ptt.h>
#include "tss_structures.h" #include "tss_marshaling.h" @@ -190,6 +191,13 @@ printk(BIOS_ERR, "%s: tis_open returned error\n", __func__); return VB2_ERROR_UNKNOWN; } + if (CONFIG(INTEL_PTT)) { + if (ptt_active()) { + printk(BIOS_ERR, "%s: Intel PTT is not active.\n", __func__); + return VB2_ERROR_UNKNOWN; + } + printk(BIOS_SPEW, "%s: Intel PTT is active.\n", __func__); + }
car_set_var(tlcl_init_done, 1);