diff options
-rw-r--r-- | firmware/include/tlcl.h | 6 | ||||
-rw-r--r-- | firmware/lib/tpm2_lite/tlcl.c | 39 | ||||
-rw-r--r-- | firmware/lib/tpm_lite/tlcl.c | 4 | ||||
-rw-r--r-- | utility/tpmc.c | 9 |
4 files changed, 38 insertions, 20 deletions
diff --git a/firmware/include/tlcl.h b/firmware/include/tlcl.h index 31347eba..53731200 100644 --- a/firmware/include/tlcl.h +++ b/firmware/include/tlcl.h @@ -28,12 +28,6 @@ uint32_t TlclLibInit(void); */ uint32_t TlclLibClose(void); -/** - * Indicate that we access tlcl with user privileges from OS userland - * as opposed to from firmware. May affect required NVRAM read authorization. - */ -void TlclLibAccessAsUser(void); - /* Low-level operations */ /** diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c index 9d7e1dfb..a03125d3 100644 --- a/firmware/lib/tpm2_lite/tlcl.c +++ b/firmware/lib/tpm2_lite/tlcl.c @@ -10,6 +10,7 @@ #include "rollback_index.h" #include "tpm2_marshaling.h" #include "utility.h" +#include "tlcl.h" static struct tpm2_response *tpm_process_command(TPM_CC command, void *command_body) @@ -42,19 +43,40 @@ static struct tpm2_response *tpm_process_command(TPM_CC command, return response; } -uint32_t TlclLibInit(void) +static uint32_t tlcl_read_ph_disabled(void) { - return VbExTpmInit(); + uint32_t rv; + TPM_STCLEAR_FLAGS flags; + + rv = TlclGetSTClearFlags(&flags); + if (rv != TPM_SUCCESS) + return rv; + + tpm_set_ph_disabled(!flags.phEnable); + + return TPM_SUCCESS; } -uint32_t TlclLibClose(void) +uint32_t TlclLibInit(void) { - return VbExTpmClose(); + uint32_t rv; + + rv = VbExTpmInit(); + if (rv != TPM_SUCCESS) + return rv; + + rv = tlcl_read_ph_disabled(); + if (rv != TPM_SUCCESS) { + TlclLibClose(); + return rv; + } + + return TPM_SUCCESS; } -void TlclLibAccessAsUser(void) +uint32_t TlclLibClose(void) { - tpm_set_ph_disabled(1); + return VbExTpmClose(); } uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response, @@ -100,7 +122,7 @@ uint32_t TlclContinueSelfTest(void) return TPM_SUCCESS; } -int32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) +uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) { VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); return TPM_SUCCESS; @@ -250,6 +272,7 @@ static uint32_t tlcl_disable_platform_hierarchy(void) if (!response || response->hdr.tpm_code) return TPM_E_INTERNAL_INCONSISTENCY; + tpm_set_ph_disabled(1); return TPM_SUCCESS; } @@ -334,7 +357,7 @@ uint32_t TlclWrite(uint32_t index, const void *data, uint32_t length) return TPM_SUCCESS; } -int32_t TlclPCRRead(uint32_t index, void *data, uint32_t length) +uint32_t TlclPCRRead(uint32_t index, void *data, uint32_t length) { VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); return TPM_SUCCESS; diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index 181b516a..bf2d27f9 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -152,10 +152,6 @@ uint32_t TlclLibClose(void) { return VbExTpmClose(); } -void TlclLibAccessAsUser(void) { - /* no-op for TPM1.2 */ -} - uint32_t TlclStartup(void) { VBDEBUG(("TPM: Startup\n")); return Send(tpm_startup_cmd.buffer); diff --git a/utility/tpmc.c b/utility/tpmc.c index f621661e..beb739f9 100644 --- a/utility/tpmc.c +++ b/utility/tpmc.c @@ -491,6 +491,8 @@ static int n_commands = sizeof(command_table) / sizeof(command_table[0]); int main(int argc, char* argv[]) { char *progname; + uint32_t result; + progname = strrchr(argv[0], '/'); if (progname) progname++; @@ -515,8 +517,11 @@ int main(int argc, char* argv[]) { return 0; } - TlclLibInit(); - TlclLibAccessAsUser(); + result = TlclLibInit(); + if (result) { + fprintf(stderr, "initialization failed with code %d\n", result); + return result > OTHER_ERROR ? OTHER_ERROR : result; + } for (c = command_table; c < command_table + n_commands; c++) { if (strcmp(cmd, c->name) == 0 || strcmp(cmd, c->abbr) == 0) { |