Tlcl: allow OS failures to bubble up to callerstabilize2

If there were any errors communicating with the TPM at the OS layer
(open, read, write failures), the library would immediately exit, not
allowing the caller to make any decisions about how to handle it. This
introduces a way to initialize the library so that errors will get passed
back up to the caller instead of unceremoniously exiting.

Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To
avoid needing to implement supporting functions in all backends, the
feature is currently limited to just the Tlcl stub implementation.

In the case of mount-encrypted, it can now survive the kernel returning
read/write failures. In the past it had only worked around having open
fail, but that has now been replaced with more sensible logic instead of
the environment variable trickiness.

BUG=chrome-os-partner:15960
TEST=daisy built with an always-failing kernel driver, u-boot builds too
BRANCH=None

Change-Id: Ic7b217017537980f9c239d678067398613045676
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/38791
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>

1 files changed, 4 insertions, 13 deletions

diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c
index 94f54d8a..2c975a39 100644
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -113,21 +113,12 @@ static int has_tpm = 0;
 
 static void tpm_init(void)
 {
-	int tpm;
+	uint32_t result;
 
 	DEBUG("Opening TPM");
-	tpm = open(kTpmDev, O_RDWR);
-	if (tpm >= 0) {
-		has_tpm = 1;
-		close(tpm);
-	}
-	else {
-		/* TlclLibInit does not fail, it exits, so instead,
-		 * have it open /dev/null if the TPM is not available.
-		 */
-		setenv("TPM_DEVICE_PATH", kNullDev, 1);
-	}
-	TlclLibInit();
+	setenv("TPM_NO_EXIT", "1", 1);
+	result = TlclLibInit();
+	has_tpm = (result == TPM_SUCCESS);
 	INFO("TPM %s", has_tpm ? "ready" : "not available");
 }