On Wed, Jan 06, 2016 at 01:15:56PM -0500, Stefan Berger wrote:
From: Stefan Berger stefanb@linux.vnet.ibm.com
Rework the assertion of physical presence by calling assert_physical_presence in tpm_setup. This call will assert physical presence if SW assertion is possible or by checking whether it is enabled if HW physical presence is enabled. The TPM menu will only be shown if physical presence is asserted after this call.
Signed-off-by: Stefan Berger stefanb@linux.vnet.ibm.com
src/boot.c | 2 +- src/tcgbios.c | 28 ++++++++++++---------------- src/tcgbios.h | 1 + 3 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/src/boot.c b/src/boot.c index a251eb4..27b85d5 100644 --- a/src/boot.c +++ b/src/boot.c @@ -499,7 +499,7 @@ interactive_bootmenu(void) scan_code = get_keystroke(1000); if (scan_code == 1 && !irqtimer_check(esc_accepted_time)) continue;
if (tpm_is_working() && scan_code == 20 /* t */) {
if (tpm_can_show_menu() && scan_code == 20 /* t */) { printf("\n"); tpm_menu(); }diff --git a/src/tcgbios.c b/src/tcgbios.c index 6a6b6b0..7bcbdde 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -60,6 +60,8 @@ struct { u8 * log_area_last_entry; } tpm_state VARLOW;
+static int TPM_can_show_menu;
static struct tcpa_descriptor_rev2 * find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp) { @@ -164,6 +166,12 @@ tpm_is_working(void) return CONFIG_TCGBIOS && TPM_working; }
+int +tpm_can_show_menu(void) +{
- return tpm_is_working() && TPM_can_show_menu;
+}
/*
- Send a TPM command with the given ordinal. Append the given buffer
- containing all data in network byte order to the command (this is
@@ -599,6 +607,10 @@ tpm_setup(void) if (ret) return;
- ret = assert_physical_presence(0);
- if (!ret)
TPM_can_show_menu = 1;- tpm_smbios_measure(); tpm_add_action(2, "Start Option ROM Scan");
} @@ -1031,10 +1043,6 @@ enable_tpm(int enable, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable) return 0;
- ret = assert_physical_presence(verbose);
- if (ret)
return -1;
[...]
Makes sense, but we should remove the "verbose" branch from assert_physical_presence() then.
-Kevin