[PATCH] tcgbios: Disable platform hierarchy in case of failure
In the rare case of a TPM 2 failure, disable the platform hierarchy after disabling the endorsement and owner hierarchies. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- src/tcgbios.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tcgbios.c b/src/tcgbios.c index 02921d8..31f4d7b 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -983,6 +983,7 @@ tpm_set_failure(void) case TPM_VERSION_2: tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO); tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO); + tpm20_hierarchycontrol(TPM2_RH_PLATFORM, TPM2_NO); break; } -- 2.31.1
On Tue, Sep 07, 2021 at 05:05:52PM -0400, Stefan Berger wrote:
In the rare case of a TPM 2 failure, disable the platform hierarchy after disabling the endorsement and owner hierarchies.
Thanks. I committed this change. -Kevin
participants (2)
-
Kevin O'Connor -
Stefan Berger