tpm: Add support for harware physical presence

Extend assert_physical_presence with checks for hardware physical presence support. If hardware physical presence is enabled, we return 0. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
author: Stefan Berger <stefanb@linux.vnet.ibm.com> 2016-01-07 12:02:48 -0500
committer: Kevin O'Connor <kevin@koconnor.net> 2016-01-07 12:13:07 -0500
commit: a2206d30aed52722ce708519ef7b31d88330d515 (patch)
tree: cd2c49c60fc18b23d61f1f1624c29fc422de98ba /src/tcgbios.c
parent: e55e37f4ba4ff8ebfc68ab7694245e475d646b84 (diff)
download: seabios-hppa-a2206d30aed52722ce708519ef7b31d88330d515.zip
seabios-hppa-a2206d30aed52722ce708519ef7b31d88330d515.tar.gz
seabios-hppa-a2206d30aed52722ce708519ef7b31d88330d515.tar.bz2
1 files changed, 28 insertions, 51 deletions
diff --git a/src/tcgbios.c b/src/tcgbios.c
index aa93e5e..545e9b6 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -396,24 +396,6 @@ tpm_smbios_measure(void)
 }
 
 static int
-read_stclear_flags(char *buf, int buf_len)
-{
-    memset(buf, 0, buf_len);
-
-    struct tpm_res_getcap_stclear_flags stcf;
-    int ret = tpm_get_capability(TPM_CAP_FLAG, TPM_CAP_FLAG_VOLATILE
-                                 , &stcf.hdr, sizeof(stcf));
-    if (ret) {
-        dprintf(DEBUG_tcg, "Error reading STClear flags: 0x%08x\n", ret);
-        return -1;
-    }
-
-    memcpy(buf, &stcf.stclear_flags, buf_len);
-
-    return 0;
-}
-
-static int
 read_permanent_flags(char *buf, int buf_len)
 {
     memset(buf, 0, buf_len);
@@ -430,43 +412,38 @@ read_permanent_flags(char *buf, int buf_len)
 }
 
 static int
-assert_physical_presence(int verbose)
+assert_physical_presence(void)
 {
-    struct tpm_stclear_flags stcf;
-    int ret = read_stclear_flags((char *)&stcf, sizeof(stcf));
+    int ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+                                 PhysicalPresence_PRESENT,
+                                 sizeof(PhysicalPresence_PRESENT),
+                                 TPM_DURATION_TYPE_SHORT);
+    if (!ret)
+        return 0;
+
+    struct tpm_permanent_flags pf;
+    ret = read_permanent_flags((char *)&pf, sizeof(pf));
     if (ret)
         return -1;
 
-    if (stcf.flags[STCLEAR_FLAG_IDX_PHYSICAL_PRESENCE])
-        /* physical presence already asserted */
+    /* check if hardware physical presence is supported */
+    if (pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_HW_ENABLE]) {
+        /* HW phys. presence may not be asserted... */
         return 0;
-
-    ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
-                             PhysicalPresence_CMD_ENABLE,
-                             sizeof(PhysicalPresence_CMD_ENABLE),
-                             TPM_DURATION_TYPE_SHORT);
-    if (ret) {
-        if (verbose)
-            printf("Error: Could not enable physical presence.\n\n");
-        goto err_exit;
     }
 
-    ret = build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
-                             PhysicalPresence_PRESENT,
-                             sizeof(PhysicalPresence_PRESENT),
-                             TPM_DURATION_TYPE_SHORT);
-    if (ret) {
-        if (verbose)
-            printf("Error: Could not set presence flag.\n\n");
-        goto err_exit;
+    if (!pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_LIFETIME_LOCK]
+        && !pf.flags[PERM_FLAG_IDX_PHYSICAL_PRESENCE_CMD_ENABLE]) {
+        build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+                           PhysicalPresence_CMD_ENABLE,
+                           sizeof(PhysicalPresence_CMD_ENABLE),
+                           TPM_DURATION_TYPE_SHORT);
+
+        return build_and_send_cmd(0, TPM_ORD_PhysicalPresence,
+                                  PhysicalPresence_PRESENT,
+                                  sizeof(PhysicalPresence_PRESENT),
+                                  TPM_DURATION_TYPE_SHORT);
     }
-
-    return 0;
-
-err_exit:
-    dprintf(DEBUG_tcg, "TCGBIOS: TPM malfunctioning (line %d).\n", __LINE__);
-    tpm_set_failure();
-    dprintf(DEBUG_tcg, "TCGBIOS: Asserting physical presence failed: %x\n", ret);
     return -1;
 }
 
@@ -980,7 +957,7 @@ enable_tpm(int enable, int verbose)
     if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable)
         return 0;
 
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
 
@@ -1018,7 +995,7 @@ activate_tpm(int activate, int allow_reset, int verbose)
     if (pf.flags[PERM_FLAG_IDX_DISABLE])
         return 0;
 
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
 
@@ -1081,7 +1058,7 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose)
         }
     }
 
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
 
@@ -1130,7 +1107,7 @@ set_owner_install(int allow, int verbose)
         return 0;
     }
 
-    ret = assert_physical_presence(verbose);
+    ret = assert_physical_presence();
     if (ret)
         return -1;
author	Stefan Berger <stefanb@linux.vnet.ibm.com>	2016-01-07 12:02:48 -0500
committer	Kevin O'Connor <kevin@koconnor.net>	2016-01-07 12:13:07 -0500
commit	a2206d30aed52722ce708519ef7b31d88330d515 (patch)
tree	cd2c49c60fc18b23d61f1f1624c29fc422de98ba /src/tcgbios.c
parent	e55e37f4ba4ff8ebfc68ab7694245e475d646b84 (diff)
download	seabios-hppa-a2206d30aed52722ce708519ef7b31d88330d515.zip seabios-hppa-a2206d30aed52722ce708519ef7b31d88330d515.tar.gz seabios-hppa-a2206d30aed52722ce708519ef7b31d88330d515.tar.bz2