mount-encrypted: report numeric results on TPM failure

To help identify the specific failure conditions encountered when the
TPM goes weird, report them any time they are encountered.

BUG=chrome-os-partner:15960
TEST=daisy build, manual testing
BRANCH=none

Change-Id: I80b3bd23c88c19d807cbcafe8ea2736fe000e1d6
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38468
Reviewed-by: Darren Krahn <dkrahn@chromium.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c
index 67c2c261..1b45a7f6 100644
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -301,7 +301,8 @@ static int get_nvram_key(uint8_t *digest, int *migrate)
 	/* Ignore unowned TPM's NVRAM area. */
 	result = tpm_owned(&owned);
 	if (result != TPM_SUCCESS) {
-		INFO("Could not read TPM Permanent Flags.");
+		INFO("Could not read TPM Permanent Flags: error 0x%02x.",
+		     result);
 		return 0;
 	}
 	if (!owned) {
@@ -324,7 +325,7 @@ static int get_nvram_key(uint8_t *digest, int *migrate)
 		result = _read_nvram(value, sizeof(value), kLockboxIndex, size);
 		if (result != TPM_SUCCESS) {
 			/* No NVRAM area at all. */
-			INFO("No NVRAM area defined.");
+			INFO("No NVRAM area defined: error 0x%02x", result);
 			return 0;
 		}
 		/* Legacy NVRAM area. */
@@ -440,7 +441,7 @@ static int get_random_bytes_tpm(unsigned char *buffer, int wanted)
 		result = TlclGetRandom(buffer + (wanted - remaining),
 				       remaining, &size);
 		if (result != TPM_SUCCESS || size > remaining) {
-			ERROR("TPM GetRandom failed.");
+			ERROR("TPM GetRandom failed: error 0x%02x.", result);
 			return 0;
 		}
 		remaining -= size;