[SeaBIOS] [PATCH 5/5] Give up physical presence when setting TPM into failure mode
Stefan Berger
stefanb at us.ibm.com
Wed Jan 6 19:15:57 CET 2016
From: Stefan Berger <stefanb at linux.vnet.ibm.com>
After temporarily deactivating the TPM, also give up physical
presence to disable more commands.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
src/tcgbios.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/tcgbios.c b/src/tcgbios.c
index 7bcbdde..685075f 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -227,6 +227,16 @@ tpm_set_failure(void)
tpm_send_cmd(0, TPM_ORD_SetTempDeactivated,
NULL, 0, TPM_DURATION_TYPE_SHORT);
+ tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_CMD_ENABLE,
+ sizeof(PhysicalPresence_CMD_ENABLE),
+ TPM_DURATION_TYPE_SHORT);
+
+ tpm_send_cmd(0, TPM_ORD_PhysicalPresence,
+ PhysicalPresence_NOT_PRESENT_LOCK,
+ sizeof(PhysicalPresence_NOT_PRESENT_LOCK),
+ TPM_DURATION_TYPE_SHORT);
+
TPM_working = 0;
}
--
2.4.3
More information about the SeaBIOS
mailing list