[coreboot-gerrit] Change in coreboot[master]: tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT
Philipp Deppenwiese (Code Review)
gerrit at coreboot.org
Wed Oct 24 11:05:26 CEST 2018
Philipp Deppenwiese has submitted this change and it was merged. ( https://review.coreboot.org/29063 )
Change subject: tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT
......................................................................
tpm2/tlcl_send_startup: should pass on TPM_E_INVALID_POSTINIT
Change TSS layer tlcl_send_startup() to expose TPM_RC_INITIALIZE,
which gets mapped to TPM_E_INVALID_POSTINIT. The return value
is exposed to TSPI layer tpm_setup(), and dealt with as follows:
- Regular startup: TPM_E_INVALID_POSTINIT should count as failure.
- S3 resume: TPM_E_INVALID_POSTINIT can be assumed to mean that
TPM maintains power during S3, and is already initialized.
Also, correct an error where |response| could be erroneously accessed
when it is set to NULL.
BUG=b:114018226
TEST=compile coreboot
Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf
Signed-off-by: Joel Kitching <kitching at google.com>
Reviewed-on: https://review.coreboot.org/29063
Tested-by: build bot (Jenkins) <no-reply at coreboot.org>
Reviewed-by: Paul Menzel <paulepanter at users.sourceforge.net>
Reviewed-by: Julius Werner <jwerner at chromium.org>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
---
M src/security/tpm/tss/tcg-2.0/tss.c
1 file changed, 15 insertions(+), 3 deletions(-)
Approvals:
build bot (Jenkins): Verified
Paul Menzel: Looks good to me, but someone else must approve
Philipp Deppenwiese: Looks good to me, approved
Julius Werner: Looks good to me, approved
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index e6ec57c..c67fdfa 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -61,12 +61,24 @@
startup.startup_type = type;
response = tpm_process_command(TPM2_Startup, &startup);
- if (response && (response->hdr.tpm_code == 0 ||
- response->hdr.tpm_code == TPM_RC_INITIALIZE)) {
- return TPM_SUCCESS;
+ /* IO error, tpm2_response pointer is empty. */
+ if (response == NULL) {
+ printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
+ return TPM_E_IOERROR;
}
+
printk(BIOS_INFO, "%s: Startup return code is %x\n",
__func__, response->hdr.tpm_code);
+
+ switch (response->hdr.tpm_code) {
+ case TPM_RC_INITIALIZE:
+ /* TPM already initialized. */
+ return TPM_E_INVALID_POSTINIT;
+ case TPM2_RC_SUCCESS:
+ return TPM_SUCCESS;
+ }
+
+ /* Collapse any other errors into TPM_E_IOERROR. */
return TPM_E_IOERROR;
}
--
To view, visit https://review.coreboot.org/29063
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib0c3750386ae04279401c1dc318c5019d39f5ecf
Gerrit-Change-Number: 29063
Gerrit-PatchSet: 6
Gerrit-Owner: Joel Kitching <kitching at google.com>
Gerrit-Reviewer: Aaron Durbin <adurbin at chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan at google.com>
Gerrit-Reviewer: Joel Kitching <kitching at google.com>
Gerrit-Reviewer: Julius Werner <jwerner at chromium.org>
Gerrit-Reviewer: Paul Menzel <paulepanter at users.sourceforge.net>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Vadim Bendebury <vbendeb at chromium.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply at coreboot.org>
Gerrit-CC: Werner Zeh <werner.zeh at siemens.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20181024/426b2470/attachment.html>
More information about the coreboot-gerrit
mailing list