[coreboot-gerrit] Change in coreboot[master]: tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT

Joel Kitching (Code Review) gerrit at coreboot.org
Fri Oct 12 09:57:32 CEST 2018 

Joel Kitching has uploaded this change for review. ( https://review.coreboot.org/29063


Change subject: tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT
......................................................................

tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT

In src/security/tpm/tspi/tspi.c:tpm_setup(), different S3 resume cases
are handled.  One of those is when TPM returns TPM_E_INVALID_POSTINIT,
in which case we can assume that TPM maintains power during S3 and is
already initialized.  However, this value can never reach tpm_setup()
since it gets collapsed into TPM_E_IOERROR by tlcl_send_startup().

Change tpm_setup() to pass this error value through.

Also, correct an error where |response| could be erroneously accessed
when it is set to NULL.

BUG=b:114018226
TEST=compile coreboot

Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf
---
M src/security/tpm/tss/tcg-2.0/tss.c
1 file changed, 15 insertions(+), 2 deletions(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/63/29063/1

diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index e6ec57c..6be8dd4 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -61,12 +61,25 @@
 	startup.startup_type = type;
 	response = tpm_process_command(TPM2_Startup, &startup);
 
-	if (response && (response->hdr.tpm_code == 0 ||
-			 response->hdr.tpm_code == TPM_RC_INITIALIZE)) {
+	/* Some IO error, tpm2_response pointer is empty. */
+	if (response == NULL) {
+		printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
+		return TPM_E_IOERROR;
+	}
+
+	/* Expected TPM return code. */
+	if (response->hdr.tpm_code == 0 ||
+	    response->hdr.tpm_code == TPM_RC_INITIALIZE) {
 		return TPM_SUCCESS;
 	}
+
+	/* Unexpected TPM return code. */
 	printk(BIOS_INFO, "%s: Startup return code is %x\n",
 	       __func__, response->hdr.tpm_code);
+
+	if (response->hdr.tpm_code == TPM_E_INVALID_POST_INST)
+		return response->hdr.tpm_code;
+
 	return TPM_E_IOERROR;
 }
 

-- 
To view, visit https://review.coreboot.org/29063
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf
Gerrit-Change-Number: 29063
Gerrit-PatchSet: 1
Gerrit-Owner: Joel Kitching <kitching at google.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181012/80243029/attachment.html>

More information about the coreboot-gerrit mailing list