Rename build_and_send_cmd() to tpm_send_cmd(). Introduce tpm_send_check_cmd() which is a wrapper around tpm_send_cmd() that calls tpm_set_failure() on failure.
This also moves the debugging dprintf() preceding all callers of tpm_set_failure() into tpm_set_failure(). This change eliminates the code line number in the debugging, but all callers of tpm_set_failure() will log the action that failed immediately prior to the dprintf(). So, the line number should not be necessary.
Signed-off-by: Kevin O'Connor kevin@koconnor.net --- src/tcgbios.c | 151 +++++++++++++++++++++++----------------------------------- 1 file changed, 59 insertions(+), 92 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c index cd6a433..046b3ce 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -170,8 +170,8 @@ tpm_is_working(void) * the custom part per command) and expect a response of the given size. */ static int -build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size, - enum tpmDurationType to_t) +tpm_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size, + enum tpmDurationType to_t) { struct { struct tpm_req_header trqh; @@ -195,7 +195,7 @@ build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
int ret = tpmhw_transmit(locty, &req.trqh, obuffer, &obuffer_len, to_t); ret = ret ? -1 : be32_to_cpu(trsh->errcode); - dprintf(DEBUG_tcg, "Return from build_and_send_cmd(%x, %x %x) = %x\n", + dprintf(DEBUG_tcg, "Return from tpm_send_cmd(%x, %x %x) = %x\n", ordinal, req.cmd[0], req.cmd[1], ret); return ret; } @@ -203,23 +203,36 @@ build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size, static void tpm_set_failure(void) { + dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning.\n"); + /* we will try to deactivate the TPM now - ignoring all errors */ - build_and_send_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_CMD_ENABLE, - sizeof(PhysicalPresence_CMD_ENABLE), - TPM_DURATION_TYPE_SHORT); + tpm_send_cmd(0, TPM_ORD_PhysicalPresence, + PhysicalPresence_CMD_ENABLE, + sizeof(PhysicalPresence_CMD_ENABLE), + TPM_DURATION_TYPE_SHORT);
- build_and_send_cmd(0, TPM_ORD_PhysicalPresence, - PhysicalPresence_PRESENT, - sizeof(PhysicalPresence_PRESENT), - TPM_DURATION_TYPE_SHORT); + tpm_send_cmd(0, TPM_ORD_PhysicalPresence, + PhysicalPresence_PRESENT, + sizeof(PhysicalPresence_PRESENT), + TPM_DURATION_TYPE_SHORT);
- build_and_send_cmd(0, TPM_ORD_SetTempDeactivated, - NULL, 0, TPM_DURATION_TYPE_SHORT); + tpm_send_cmd(0, TPM_ORD_SetTempDeactivated, + NULL, 0, TPM_DURATION_TYPE_SHORT);
TPM_working = 0; }
+// Wrapper around tpm_send_cmd that will shutdown on failure +static int +tpm_send_check_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size, + enum tpmDurationType to_t) +{ + int ret = tpm_send_cmd(locty, ordinal, append, append_size, to_t); + if (ret) + tpm_set_failure(); + return ret; +} + static int tpm_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize) { @@ -237,10 +250,8 @@ tpm_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize) ret = (ret || resp_size != rsize) ? -1 : be32_to_cpu(rsp->errcode); dprintf(DEBUG_tcg, "TCGBIOS: Return code from TPM_GetCapability(%d, %d)" " = %x\n", cap, subcap, ret); - if (ret) { - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); + if (ret) tpm_set_failure(); - } return ret; }
@@ -340,8 +351,10 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type, }; tpm_fill_hash(&pcpes, hashdata, hashdata_length); int ret = tpm_log_extend_event(&pcpes, event); - if (ret) + if (ret) { + dprintf(DEBUG_tcg, "TCGBIOS: Failed to add internal measurement.\n"); tpm_set_failure(); + } }
@@ -401,9 +414,9 @@ static int tpm_startup(void) { dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM_Startup(ST_CLEAR)\n"); - int ret = build_and_send_cmd(0, TPM_ORD_Startup, - Startup_ST_CLEAR, sizeof(Startup_ST_CLEAR), - TPM_DURATION_TYPE_SHORT); + int ret = tpm_send_cmd(0, TPM_ORD_Startup, + Startup_ST_CLEAR, sizeof(Startup_ST_CLEAR), + TPM_DURATION_TYPE_SHORT); if (CONFIG_COREBOOT && ret == TPM_INVALID_POSTINIT) /* with other firmware on the system the TPM may already have been * initialized @@ -416,21 +429,19 @@ tpm_startup(void) if (ret) return -1;
- ret = build_and_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0, - TPM_DURATION_TYPE_LONG); + ret = tpm_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0, + TPM_DURATION_TYPE_LONG); if (ret) goto err_exit;
- ret = build_and_send_cmd(3, TSC_ORD_ResetEstablishmentBit, NULL, 0, - TPM_DURATION_TYPE_SHORT); + ret = tpm_send_cmd(3, TSC_ORD_ResetEstablishmentBit, NULL, 0, + TPM_DURATION_TYPE_SHORT); if (ret && ret != TPM_BAD_LOCALITY) goto err_exit;
return 0;
err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - tpm_set_failure(); return -1; } @@ -468,29 +479,22 @@ tpm_prepboot(void) if (!tpm_is_working()) return;
- int ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence, + int ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_CMD_ENABLE, sizeof(PhysicalPresence_CMD_ENABLE), TPM_DURATION_TYPE_SHORT); if (ret) - goto err_exit; + return;
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence, + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_NOT_PRESENT_LOCK, sizeof(PhysicalPresence_NOT_PRESENT_LOCK), TPM_DURATION_TYPE_SHORT); if (ret) - goto err_exit; + return;
tpm_add_action(4, "Calling INT 19h"); tpm_add_event_separators(); - - return; - -err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - - tpm_set_failure(); }
/* @@ -578,19 +582,9 @@ tpm_s3_resume(void) return;
dprintf(DEBUG_tcg, "TCGBIOS: Resuming with TPM_Startup(ST_STATE)\n"); - - int ret = build_and_send_cmd(0, TPM_ORD_Startup, - Startup_ST_STATE, sizeof(Startup_ST_STATE), - TPM_DURATION_TYPE_SHORT); - if (ret) - goto err_exit; - - return; - -err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - - tpm_set_failure(); + tpm_send_check_cmd(0, TPM_ORD_Startup, + Startup_ST_STATE, sizeof(Startup_ST_STATE), + TPM_DURATION_TYPE_SHORT); }
@@ -911,7 +905,7 @@ assert_physical_presence(int verbose) /* physical presence already asserted */ return 0;
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence, + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_CMD_ENABLE, sizeof(PhysicalPresence_CMD_ENABLE), TPM_DURATION_TYPE_SHORT); @@ -921,7 +915,7 @@ assert_physical_presence(int verbose) goto err_exit; }
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence, + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence, PhysicalPresence_PRESENT, sizeof(PhysicalPresence_PRESENT), TPM_DURATION_TYPE_SHORT); @@ -934,8 +928,6 @@ assert_physical_presence(int verbose) return 0;
err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - tpm_set_failure(); dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret); return -1; } @@ -985,23 +977,15 @@ enable_tpm(int enable, int verbose) if (ret) return -1;
- ret = build_and_send_cmd(0, enable ? TPM_ORD_PhysicalEnable + ret = tpm_send_check_cmd(0, enable ? TPM_ORD_PhysicalEnable : TPM_ORD_PhysicalDisable, NULL, 0, TPM_DURATION_TYPE_SHORT); - if (ret) - goto err_exit; - - return 0; - -err_exit: - if (enable) - dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n"); - else - dprintf(DEBUG_tcg, "TCGBIOS: Disabling the TPM failed.\n"); - - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - - tpm_set_failure(); + if (ret) { + if (enable) + dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n"); + else + dprintf(DEBUG_tcg, "TCGBIOS: Disabling the TPM failed.\n"); + } return ret; }
@@ -1023,14 +1007,14 @@ activate_tpm(int activate, int allow_reset, int verbose) if (ret) return -1;
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalSetDeactivated, + ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalSetDeactivated, activate ? CommandFlag_FALSE : CommandFlag_TRUE, activate ? sizeof(CommandFlag_FALSE) : sizeof(CommandFlag_TRUE), TPM_DURATION_TYPE_SHORT); if (ret) - goto err_exit; + return ret;
if (activate && allow_reset) { if (verbose) { @@ -1042,12 +1026,6 @@ activate_tpm(int activate, int allow_reset, int verbose) }
return 0; - -err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - - tpm_set_failure(); - return ret; }
static int @@ -1086,10 +1064,10 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose) if (ret) return -1;
- ret = build_and_send_cmd(0, TPM_ORD_ForceClear, + ret = tpm_send_check_cmd(0, TPM_ORD_ForceClear, NULL, 0, TPM_DURATION_TYPE_SHORT); if (ret) - goto err_exit; + return ret;
if (!enable_activate_after) { if (verbose) @@ -1099,12 +1077,6 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose) }
return enable_activate(1, verbose); - -err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - - tpm_set_failure(); - return ret; }
static int @@ -1135,23 +1107,18 @@ set_owner_install(int allow, int verbose) if (ret) return -1;
- ret = build_and_send_cmd(0, TPM_ORD_SetOwnerInstall, + ret = tpm_send_check_cmd(0, TPM_ORD_SetOwnerInstall, (allow) ? CommandFlag_TRUE : CommandFlag_FALSE, sizeof(CommandFlag_TRUE), TPM_DURATION_TYPE_SHORT); if (ret) - goto err_exit; + return ret;
if (verbose) printf("Installation of owner %s.\n", allow ? "enabled" : "disabled");
return 0; - -err_exit: - dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__); - tpm_set_failure(); - return ret; }
static int