From bb9536fc0db5a5bd4e425a6b1170d44a730361a2 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Fri, 17 Sep 2021 13:38:05 -0400
Subject: tcgbios: Disable platform hierarchy in case of failure

In the rare case of a TPM 2 failure, disable the platform hierarchy after
disabling the endorsement and owner hierarchies.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
 lib/libtpm/tcgbios.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'lib')

diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index e43745e..3b2e76d 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -620,6 +620,7 @@ static void tpm_set_failure(void)
 {
 	tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO);
 	tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO);
+	tpm20_hierarchycontrol(TPM2_RH_PLATFORM, TPM2_NO);
 
 	tpm_state.tpm_working = false;
 }
-- 
cgit v1.1