[SeaBIOS] [PATCH v2 6/6] Do not set TPM in failure mode if menu command fails

Stefan Berger stefanb at us.ibm.com
Thu Jan 7 13:55:41 CET 2016


From: Stefan Berger <stefanb at linux.vnet.ibm.com>

Since we may detect that HW physical presence is enabled but we do not detect
whether it is actually asserted, we may fail on the TPM menu commands that
require the assertion of physical presence. We therefore cannot set the TPM
into failure mode if we hit this case. Failure should never occur in these
cases if SW physical presence has been asserted.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 src/tcgbios.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/tcgbios.c b/src/tcgbios.c
index ccf5486..dd391e9 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -952,9 +952,9 @@ enable_tpm(int enable, int verbose)
     if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable)
         return 0;
 
-    ret = tpm_send_check_cmd(0, enable ? TPM_ORD_PhysicalEnable
-                                       : TPM_ORD_PhysicalDisable,
-                             NULL, 0, TPM_DURATION_TYPE_SHORT);
+    ret = tpm_send_cmd(0, enable ? TPM_ORD_PhysicalEnable
+                                 : TPM_ORD_PhysicalDisable,
+                       NULL, 0, TPM_DURATION_TYPE_SHORT);
     if (ret) {
         if (enable)
             dprintf(DEBUG_tcg, "TCGBIOS: Enabling the TPM failed.\n");
@@ -978,12 +978,12 @@ activate_tpm(int activate, int allow_reset, int verbose)
     if (pf.flags[PERM_FLAG_IDX_DISABLE])
         return 0;
 
-    ret = tpm_send_check_cmd(0, TPM_ORD_PhysicalSetDeactivated,
-                             activate ? CommandFlag_FALSE
-                                      : CommandFlag_TRUE,
-                             activate ? sizeof(CommandFlag_FALSE)
-                                      : sizeof(CommandFlag_TRUE),
-                             TPM_DURATION_TYPE_SHORT);
+    ret = tpm_send_cmd(0, TPM_ORD_PhysicalSetDeactivated,
+                       activate ? CommandFlag_FALSE
+                                : CommandFlag_TRUE,
+                       activate ? sizeof(CommandFlag_FALSE)
+                                : sizeof(CommandFlag_TRUE),
+                       TPM_DURATION_TYPE_SHORT);
     if (ret)
         return ret;
 
@@ -1031,8 +1031,8 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose)
         }
     }
 
-    ret = tpm_send_check_cmd(0, TPM_ORD_ForceClear,
-                             NULL, 0, TPM_DURATION_TYPE_SHORT);
+    ret = tpm_send_cmd(0, TPM_ORD_ForceClear,
+                       NULL, 0, TPM_DURATION_TYPE_SHORT);
     if (ret)
         return ret;
 
@@ -1070,11 +1070,11 @@ set_owner_install(int allow, int verbose)
         return 0;
     }
 
-    ret = tpm_send_check_cmd(0, TPM_ORD_SetOwnerInstall,
-                             (allow) ? CommandFlag_TRUE
-                                     : CommandFlag_FALSE,
-                             sizeof(CommandFlag_TRUE),
-                             TPM_DURATION_TYPE_SHORT);
+    ret = tpm_send_cmd(0, TPM_ORD_SetOwnerInstall,
+                       (allow) ? CommandFlag_TRUE
+                               : CommandFlag_FALSE,
+                       sizeof(CommandFlag_TRUE),
+                       TPM_DURATION_TYPE_SHORT);
     if (ret)
         return ret;
 
-- 
2.4.3




More information about the SeaBIOS mailing list