diff options
author | Kees Cook <keescook@chromium.org> | 2012-10-12 12:41:35 -0700 |
---|---|---|
committer | Gerrit <chrome-bot@google.com> | 2012-10-12 14:24:42 -0700 |
commit | adc676422972e28c1b38268852f6cec24a57366f (patch) | |
tree | c676997eb626996cfd482372566f410f2a32277d /utility | |
parent | 9bf0d535fefabeb6d04f4c837d1101fb00db08fc (diff) | |
download | vboot-adc676422972e28c1b38268852f6cec24a57366f.tar.gz |
mount-encrypted: handle missing TPM on Chrome OS
While not having a TPM was supported for non-Chrome devices, it was not
expected for Chrome devices. This adds logic to fail the TPM calls
before making them when the TPM is missing. The tpm_lite library doesn't
handle the TPM being missing, so we have to do this ourselves.
BUG=chrome-os-partner:15192
TEST=parrot build, verified operation after "mv /dev/tpm0 /dev/tpm0.bak"
BRANCH=none
Change-Id: I2f625305dce7fa698fcad33e412ee37c60da9bc2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/35440
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
Diffstat (limited to 'utility')
-rw-r--r-- | utility/mount-encrypted.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c index 10263b72..67c2c261 100644 --- a/utility/mount-encrypted.c +++ b/utility/mount-encrypted.c @@ -128,7 +128,7 @@ static void tpm_init(void) setenv("TPM_DEVICE_PATH", kNullDev, 1); } TlclLibInit(); - DEBUG("TPM %s", has_tpm ? "Ready" : "not available"); + INFO("TPM %s", has_tpm ? "ready" : "not available"); } /* Returns TPM result status code, and on TPM_SUCCESS, stores ownership @@ -139,7 +139,10 @@ static uint32_t tpm_owned(uint8_t *owned) uint32_t result; DEBUG("Reading TPM Ownership Flag"); - result = TlclGetOwnership(owned); + if (!has_tpm) + result = TPM_E_NO_DEVICE; + else + result = TlclGetOwnership(owned); DEBUG("TPM Ownership Flag returned: %s", result ? "FAIL" : "ok"); return result; @@ -244,7 +247,10 @@ _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size) } DEBUG("Reading NVRAM area 0x%x (size %u)", index, size); - result = TlclRead(index, buffer, size); + if (!has_tpm) + result = TPM_E_NO_DEVICE; + else + result = TlclRead(index, buffer, size); DEBUG("NVRAM read returned: %s", result == TPM_SUCCESS ? "ok" : "FAIL"); @@ -252,6 +258,10 @@ _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size) } /* + * TPM cases: + * - does not exist at all (disabled in test firmware or non-chrome device). + * - exists (below). + * * TPM ownership cases: * - unowned (OOBE): * - expect modern lockbox (no migration allowed). |