[SeaBIOS] [PATCH 8/8] tpm: Replace build_and_send_cmd with tpm_send_cmd and tpm_send_check_cmd
Kevin O'Connor
kevin at koconnor.net
Wed Dec 30 20:32:02 CET 2015
Rename build_and_send_cmd() to tpm_send_cmd(). Introduce
tpm_send_check_cmd() which is a wrapper around tpm_send_cmd() that
calls tpm_set_failure() on failure.
This also moves the debugging dprintf() preceding all callers of
tpm_set_failure() into tpm_set_failure(). This change eliminates the
code line number in the debugging, but all callers of
tpm_set_failure() will log the action that failed immediately prior to
the dprintf(). So, the line number should not be necessary.
Signed-off-by: Kevin O'Connor <kevin at koconnor.net>
---
src/tcgbios.c | 151 +++++++++++++++++++++++-----------------------------------
1 file changed, 59 insertions(+), 92 deletions(-)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index cd6a433..046b3ce 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -170,8 +170,8 @@ tpm_is_working(void)
* the custom part per command) and expect a response of the given size.
*/
static int
-build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
- enum tpmDurationType to_t)
+tpm_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
+ enum tpmDurationType to_t)
{
struct {
struct tpm_req_header trqh;
@@ -195,7 +195,7 @@ build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
int ret = tpmhw_transmit(locty, &req.trqh, obuffer, &obuffer_len, to_t);
ret = ret ? -1 : be32_to_cpu(trsh->errcode);
- dprintf(DEBUG_tcg, "Return from build_and_send_cmd(%x, %x %x) = %x\n",
+ dprintf(DEBUG_tcg, "Return from tpm_send_cmd(%x, %x %x) = %x\n",
ordinal, req.cmd[0], req.cmd[1], ret);
return ret;
}
@@ -203,23 +203,36 @@ build_and_send_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
static void
tpm_set_failure(void)
{
+ dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning.\n");
+
/* we will try to deactivate the TPM now - ignoring all errors */
- build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_CMD_ENABLE,
- sizeof(PhysicalPresence_CMD_ENABLE),
- TPM_DURATION_TYPE_SHORT);
+ tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_CMD_ENABLE,
+ sizeof(PhysicalPresence_CMD_ENABLE),
+ TPM_DURATION_TYPE_SHORT);
- build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
- PhysicalPresence_PRESENT,
- sizeof(PhysicalPresence_PRESENT),
- TPM_DURATION_TYPE_SHORT);
+ tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_PRESENT,
+ sizeof(PhysicalPresence_PRESENT),
+ TPM_DURATION_TYPE_SHORT);
- build_and_send_cmd(0, TPM_ORD_SetTempDeactivated,
- NULL, 0, TPM_DURATION_TYPE_SHORT);
+ tpm_send_cmd(0, TPM_ORD_SetTempDeactivated,
+ NULL, 0, TPM_DURATION_TYPE_SHORT);
TPM_working = 0;
}
+// Wrapper around tpm_send_cmd that will shutdown on failure
+static int
+tpm_send_check_cmd(u8 locty, u32 ordinal, const u8 *append, u32 append_size,
+ enum tpmDurationType to_t)
+{
+ int ret = tpm_send_cmd(locty, ordinal, append, append_size, to_t);
+ if (ret)
+ tpm_set_failure();
+ return ret;
+}
+
static int
tpm_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize)
{
@@ -237,10 +250,8 @@ tpm_get_capability(u32 cap, u32 subcap, struct tpm_rsp_header *rsp, u32 rsize)
ret = (ret || resp_size != rsize) ? -1 : be32_to_cpu(rsp->errcode);
dprintf(DEBUG_tcg, "TCGBIOS: Return code from TPM_GetCapability(%d, %d)"
" = %x\n", cap, subcap, ret);
- if (ret) {
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
+ if (ret)
tpm_set_failure();
- }
return ret;
}
@@ -340,8 +351,10 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
};
tpm_fill_hash(&pcpes, hashdata, hashdata_length);
int ret = tpm_log_extend_event(&pcpes, event);
- if (ret)
+ if (ret) {
+ dprintf(DEBUG_tcg, "TCGBIOS: Failed to add internal measurement.\n");
tpm_set_failure();
+ }
}
@@ -401,9 +414,9 @@ static int
tpm_startup(void)
{
dprintf(DEBUG_tcg, "TCGBIOS: Starting with TPM_Startup(ST_CLEAR)\n");
- int ret = build_and_send_cmd(0, TPM_ORD_Startup,
- Startup_ST_CLEAR, sizeof(Startup_ST_CLEAR),
- TPM_DURATION_TYPE_SHORT);
+ int ret = tpm_send_cmd(0, TPM_ORD_Startup,
+ Startup_ST_CLEAR, sizeof(Startup_ST_CLEAR),
+ TPM_DURATION_TYPE_SHORT);
if (CONFIG_COREBOOT && ret == TPM_INVALID_POSTINIT)
/* with other firmware on the system the TPM may already have been
* initialized
@@ -416,21 +429,19 @@ tpm_startup(void)
if (ret)
return -1;
- ret = build_and_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0,
- TPM_DURATION_TYPE_LONG);
+ ret = tpm_send_cmd(0, TPM_ORD_SelfTestFull, NULL, 0,
+ TPM_DURATION_TYPE_LONG);
if (ret)
goto err_exit;
- ret = build_and_send_cmd(3, TSC_ORD_ResetEstablishmentBit, NULL, 0,
- TPM_DURATION_TYPE_SHORT);
+ ret = tpm_send_cmd(3, TSC_ORD_ResetEstablishmentBit, NULL, 0,
+ TPM_DURATION_TYPE_SHORT);
if (ret && ret != TPM_BAD_LOCALITY)
goto err_exit;
return 0;
err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-
tpm_set_failure();
return -1;
}
@@ -468,29 +479,22 @@ tpm_prepboot(void)
if (!tpm_is_working())
return;
- int ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+ int ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
PhysicalPresence_CMD_ENABLE,
sizeof(PhysicalPresence_CMD_ENABLE),
TPM_DURATION_TYPE_SHORT);
if (ret)
- goto err_exit;
+ return;
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+ ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
PhysicalPresence_NOT_PRESENT_LOCK,
sizeof(PhysicalPresence_NOT_PRESENT_LOCK),
TPM_DURATION_TYPE_SHORT);
if (ret)
- goto err_exit;
+ return;
tpm_add_action(4, "Calling INT 19h");
tpm_add_event_separators();
-
- return;
-
-err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-
- tpm_set_failure();
}
/*
@@ -578,19 +582,9 @@ tpm_s3_resume(void)
return;
dprintf(DEBUG_tcg, "TCGBIOS: Resuming with TPM_Startup(ST_STATE)\n");
-
- int ret = build_and_send_cmd(0, TPM_ORD_Startup,
- Startup_ST_STATE, sizeof(Startup_ST_STATE),
- TPM_DURATION_TYPE_SHORT);
- if (ret)
- goto err_exit;
-
- return;
-
-err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-
- tpm_set_failure();
+ tpm_send_check_cmd(0, TPM_ORD_Startup,
+ Startup_ST_STATE, sizeof(Startup_ST_STATE),
+ TPM_DURATION_TYPE_SHORT);
}
@@ -911,7 +905,7 @@ assert_physical_presence(int verbose)
/* physical presence already asserted */
return 0;
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+ ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
PhysicalPresence_CMD_ENABLE,
sizeof(PhysicalPresence_CMD_ENABLE),
TPM_DURATION_TYPE_SHORT);
@@ -921,7 +915,7 @@ assert_physical_presence(int verbose)
goto err_exit;
}
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+ ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalPresence,
PhysicalPresence_PRESENT,
sizeof(PhysicalPresence_PRESENT),
TPM_DURATION_TYPE_SHORT);
@@ -934,8 +928,6 @@ assert_physical_presence(int verbose)
return 0;
err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
- tpm_set_failure();
dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret);
return -1;
}
@@ -985,23 +977,15 @@ enable_tpm(int enable, int verbose)
if (ret)
return -1;
- ret = build_and_send_cmd(0, enable ? TPM_ORD_PhysicalEnable
+ ret = tpm_send_check_cmd(0, enable ? TPM_ORD_PhysicalEnable
: TPM_ORD_PhysicalDisable,
NULL, 0, TPM_DURATION_TYPE_SHORT);
- if (ret)
- goto err_exit;
-
- return 0;
-
-err_exit:
- if (enable)
- dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n");
- else
- dprintf(DEBUG_tcg, "TCGBIOS: Disabling the TPM failed.\n");
-
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-
- tpm_set_failure();
+ if (ret) {
+ if (enable)
+ dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n");
+ else
+ dprintf(DEBUG_tcg, "TCGBIOS: Disabling the TPM failed.\n");
+ }
return ret;
}
@@ -1023,14 +1007,14 @@ activate_tpm(int activate, int allow_reset, int verbose)
if (ret)
return -1;
- ret = build_and_send_cmd(0, TPM_ORD_PhysicalSetDeactivated,
+ ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalSetDeactivated,
activate ? CommandFlag_FALSE
: CommandFlag_TRUE,
activate ? sizeof(CommandFlag_FALSE)
: sizeof(CommandFlag_TRUE),
TPM_DURATION_TYPE_SHORT);
if (ret)
- goto err_exit;
+ return ret;
if (activate && allow_reset) {
if (verbose) {
@@ -1042,12 +1026,6 @@ activate_tpm(int activate, int allow_reset, int verbose)
}
return 0;
-
-err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-
- tpm_set_failure();
- return ret;
}
static int
@@ -1086,10 +1064,10 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose)
if (ret)
return -1;
- ret = build_and_send_cmd(0, TPM_ORD_ForceClear,
+ ret = tpm_send_check_cmd(0, TPM_ORD_ForceClear,
NULL, 0, TPM_DURATION_TYPE_SHORT);
if (ret)
- goto err_exit;
+ return ret;
if (!enable_activate_after) {
if (verbose)
@@ -1099,12 +1077,6 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose)
}
return enable_activate(1, verbose);
-
-err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-
- tpm_set_failure();
- return ret;
}
static int
@@ -1135,23 +1107,18 @@ set_owner_install(int allow, int verbose)
if (ret)
return -1;
- ret = build_and_send_cmd(0, TPM_ORD_SetOwnerInstall,
+ ret = tpm_send_check_cmd(0, TPM_ORD_SetOwnerInstall,
(allow) ? CommandFlag_TRUE
: CommandFlag_FALSE,
sizeof(CommandFlag_TRUE),
TPM_DURATION_TYPE_SHORT);
if (ret)
- goto err_exit;
+ return ret;
if (verbose)
printf("Installation of owner %s.\n", allow ? "enabled" : "disabled");
return 0;
-
-err_exit:
- dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
- tpm_set_failure();
- return ret;
}
static int
--
2.5.0
More information about the SeaBIOS
mailing list