[SeaBIOS] [PATCH 4/5] Rework the assertion of physical presence

Wed Jan 6 21:22:14 CET 2016

On Wed, Jan 06, 2016 at 01:15:56PM -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
> 
> Rework the assertion of physical presence by calling assert_physical_presence
> in tpm_setup. This call will assert physical presence if SW assertion is
> possible or by checking whether it is enabled if HW physical presence is enabled.
> The TPM menu will only be shown if physical presence is asserted after this call.
> 
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
>  src/boot.c    |  2 +-
>  src/tcgbios.c | 28 ++++++++++++----------------
>  src/tcgbios.h |  1 +
>  3 files changed, 14 insertions(+), 17 deletions(-)
> 
> diff --git a/src/boot.c b/src/boot.c
> index a251eb4..27b85d5 100644
> --- a/src/boot.c
> +++ b/src/boot.c
> @@ -499,7 +499,7 @@ interactive_bootmenu(void)
>          scan_code = get_keystroke(1000);
>          if (scan_code == 1 && !irqtimer_check(esc_accepted_time))
>              continue;
> -        if (tpm_is_working() && scan_code == 20 /* t */) {
> +        if (tpm_can_show_menu() && scan_code == 20 /* t */) {
>              printf("\n");
>              tpm_menu();
>          }
> diff --git a/src/tcgbios.c b/src/tcgbios.c
> index 6a6b6b0..7bcbdde 100644
> --- a/src/tcgbios.c
> +++ b/src/tcgbios.c
> @@ -60,6 +60,8 @@ struct {
>      u8 *          log_area_last_entry;
>  } tpm_state VARLOW;
>  
> +static int TPM_can_show_menu;
> +
>  static struct tcpa_descriptor_rev2 *
>  find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp)
>  {
> @@ -164,6 +166,12 @@ tpm_is_working(void)
>      return CONFIG_TCGBIOS && TPM_working;
>  }
>  
> +int
> +tpm_can_show_menu(void)
> +{
> +    return tpm_is_working() && TPM_can_show_menu;
> +}
> +
>  /*
>   * Send a TPM command with the given ordinal. Append the given buffer
>   * containing all data in network byte order to the command (this is
> @@ -599,6 +607,10 @@ tpm_setup(void)
>      if (ret)
>          return;
>  
> +    ret = assert_physical_presence(0);
> +    if (!ret)
> +        TPM_can_show_menu = 1;
> +
>      tpm_smbios_measure();
>      tpm_add_action(2, "Start Option ROM Scan");
>  }
> @@ -1031,10 +1043,6 @@ enable_tpm(int enable, int verbose)
>      if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable)
>          return 0;
>  
> -    ret = assert_physical_presence(verbose);
> -    if (ret)
> -        return -1;
[...]

Makes sense, but we should remove the "verbose" branch from
assert_physical_presence() then.

-Kevin