diff options
| author | Stefan Berger <stefanb@linux.vnet.ibm.com> | 2016-01-07 12:02:49 -0500 |
|---|---|---|
| committer | Kevin O'Connor <kevin@koconnor.net> | 2016-01-07 12:13:07 -0500 |
| commit | 115d0084831b1e9e085d8fe49fa9e4ea21542464 (patch) | |
| tree | 29a6495a6e1acbc45422f2ccc684f72884964684 /src/tcgbios.c | |
| parent | a2206d30aed52722ce708519ef7b31d88330d515 (diff) | |
| download | seabios-115d0084831b1e9e085d8fe49fa9e4ea21542464.tar.gz | |
tpm: Rework the assertion of physical presence
Rework the assertion of physical presence by calling assert_physical_presence
in tpm_setup. This call will assert physical presence if SW assertion is
possible or by checking whether HW physical presence is enabled.
The TPM menu will only be shown if physical presence is asserted or HW
physical presence is enabled after this call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Diffstat (limited to 'src/tcgbios.c')
| -rw-r--r-- | src/tcgbios.c | 31 |
1 files changed, 14 insertions, 17 deletions
diff --git a/src/tcgbios.c b/src/tcgbios.c index 545e9b63..ceeb5fbd 100644 --- a/src/tcgbios.c +++ b/src/tcgbios.c @@ -60,6 +60,8 @@ struct { u8 * log_area_last_entry; } tpm_state VARLOW; +static int TPM_has_physical_presence; + static struct tcpa_descriptor_rev2 * find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp) { @@ -158,12 +160,18 @@ tpm_log_event(struct pcpes *pcpes, const void *event) u8 TPM_working VARLOW; -int +static int tpm_is_working(void) { return CONFIG_TCGBIOS && TPM_working; } +int +tpm_can_show_menu(void) +{ + return tpm_is_working() && TPM_has_physical_presence; +} + /* * Send a TPM command with the given ordinal. Append the given buffer * containing all data in network byte order to the command (this is @@ -462,6 +470,11 @@ tpm_startup(void) if (ret) goto err_exit; + /* assertion of physical presence is only possible after startup */ + ret = assert_physical_presence(); + if (!ret) + TPM_has_physical_presence = 1; + ret = determine_timeouts(); if (ret) return -1; @@ -957,10 +970,6 @@ enable_tpm(int enable, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE] && !enable) return 0; - ret = assert_physical_presence(); - if (ret) - return -1; - ret = build_and_send_cmd(0, enable ? TPM_ORD_PhysicalEnable : TPM_ORD_PhysicalDisable, NULL, 0, TPM_DURATION_TYPE_SHORT); @@ -995,10 +1004,6 @@ activate_tpm(int activate, int allow_reset, int verbose) if (pf.flags[PERM_FLAG_IDX_DISABLE]) return 0; - ret = assert_physical_presence(); - if (ret) - return -1; - ret = build_and_send_cmd(0, TPM_ORD_PhysicalSetDeactivated, activate ? CommandFlag_FALSE : CommandFlag_TRUE, @@ -1058,10 +1063,6 @@ force_clear(int enable_activate_before, int enable_activate_after, int verbose) } } - ret = assert_physical_presence(); - if (ret) - return -1; - ret = build_and_send_cmd(0, TPM_ORD_ForceClear, NULL, 0, TPM_DURATION_TYPE_SHORT); if (ret) @@ -1107,10 +1108,6 @@ set_owner_install(int allow, int verbose) return 0; } - ret = assert_physical_presence(); - if (ret) - return -1; - ret = build_and_send_cmd(0, TPM_ORD_SetOwnerInstall, (allow) ? CommandFlag_TRUE : CommandFlag_FALSE, |