[SeaBIOS] [PATCH v2 3/6] Add support for harware physical presence

7 Jan 2016

From: Stefan Berger stefanb@linux.vnet.ibm.com
Extend assert_physical_presence with checks for hardware physical presence
support. If hardware physical presence is enabled, we return 0.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com
---
 src/std/tcg.h |  1 +
 src/tcgbios.c | 79 ++++++++++++++++++++++-------------------------------------
 2 files changed, 30 insertions(+), 50 deletions(-)

diff --git a/src/std/tcg.h b/src/std/tcg.h
index 9f7f021..91692e9 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -285,6 +285,7 @@ enum permFlagsIndex {
     PERM_FLAG_IDX_ALLOW_MAINTENANCE,
     PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK,
     PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE,
+    PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE,
 };
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 51b3e78..7a81d00 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -410,24 +410,6 @@ tpm_smbios_measure(void)
                                (u8 *)&pcctes, sizeof(pcctes));
 }
-static u32
-read_stclear_flags(char *buf, int buf_len)
-{
-    memset(buf, 0, buf_len);
-
-    struct tpm_res_getcap_stclear_flags stcf;
-    int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_VOLATILE
-                                 , &stcf.hdr, sizeof(stcf));
-    if (ret) {
-        dprintf(DEBUG_tcg, "Error reading STClear flags: 0x%08x\n", ret);
-        return -1;
-    }
-
-    memcpy(buf, &stcf.stclear_flags, buf_len);
-
-    return 0;
-}
-
 static int
 read_permanent_flags(char *buf, int buf_len)
 {
@@ -444,42 +426,39 @@ read_permanent_flags(char *buf, int buf_len)
     return 0;
 }
-static u32
-assert_physical_presence(int verbose)
+static int
+assert_physical_presence(void)
 {
-    struct tpm_stclear_flags stcf;
-    int ret = read_stclear_flags((char *)&stcf, sizeof(stcf));
+    int ret = tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+                           PhysicalPresence_PRESENT,
+                           sizeof(PhysicalPresence_PRESENT),
+                           TPM_DURATION_TYPE_SHORT);
+    if (!ret)
+        return 0;
+
+    struct tpm_permanent_flags pf;
+    ret = read_permanent_flags((char *)&pf, sizeof(pf));
     if (ret)
         return -1;
-    if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE])
-        /* physical presence already asserted */
+    /* check if hardware physical presence is supported */
+    if (pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE]) {
+        /* HW phys. presence may not be asserted... */
         return 0;
-
-    ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
-                             PhysicalPresence_CMD_ENABLE,
-                             sizeof(PhysicalPresence_CMD_ENABLE),
-                             TPM_DURATION_TYPE_SHORT);
-    if (ret) {
-        if (verbose)
-            printf("Error: Could not enable physical presence.\n\n");
-        goto err_exit;
-    }
-
-    ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
-                             PhysicalPresence_PRESENT,
-                             sizeof(PhysicalPresence_PRESENT),
-                             TPM_DURATION_TYPE_SHORT);
-    if (ret) {
-        if (verbose)
-            printf("Error: Could not set presence flag.\n\n");
-        goto err_exit;
     }
-    return 0;
+    if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK]
+        && !pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) {
+        tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+                     PhysicalPresence_CMD_ENABLE,
+                     sizeof(PhysicalPresence_CMD_ENABLE),
+                     TPM_DURATION_TYPE_SHORT);
-err_exit:
-    dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret);
+        return tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+                            PhysicalPresence_PRESENT,
+                            sizeof(PhysicalPresence_PRESENT),
+                            TPM_DURATION_TYPE_SHORT);
+    }
     return -1;
 }
@@ -974,7 +953,7 @@ enable_tpm(int enable, int verbose)
     if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable)
         return 0;
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
@@ -1004,7 +983,7 @@ activate_tpm(int activate, int allow_reset, int verbose)
     if (pf.flags[PERM_FLAG_IDX_DISABLE])
         return 0;
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
@@ -1061,7 +1040,7 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose)
         }
     }
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
@@ -1104,7 +1083,7 @@ set_owner_install(int allow, int verbose)
         return 0;
     }
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
-- 
2.4.3



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[SeaBIOS] [PATCH v2 3/6] Add support for harware physical presence