<tt><font size=2>"Kevin O'Connor" <kevin@koconnor.net>
wrote on 01/07/2016 11:21:02 AM:<br><br>> <br>> On Thu, Jan 07, 2016 at 07:55:39AM -0500, Stefan Berger wrote:<br>> > From: Stefan Berger <stefanb@linux.vnet.ibm.com><br>> > <br>> > Rework the assertion of physical presence by calling <br>> assert_physical_presence<br>> > in tpm_setup. This call will assert physical presence if SW assertion
is<br>> > possible or by checking whether HW physical presence is enabled.<br>> > The TPM menu will only be shown if physical presence is asserted
or HW<br>> > physical presence is enabled after this call.<br>> > <br>> > Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com><br>> > ---<br>> > src/boot.c | 2 +-<br>> > src/tcgbios.c | 33 +++++++++++++++++----------------<br>> > src/tcgbios.h | 1 +<br>> > 3 files changed, 19 insertions(+), 17 deletions(-)<br>> > <br>> > diff --git a/src/boot.c b/src/boot.c<br>> > index a251eb4..27b85d5 100644<br>> > --- a/src/boot.c<br>> > +++ b/src/boot.c<br>> > @@ -499,7 +499,7 @@ interactive_bootmenu(void)<br>> > scan_code = get_keystroke(1000);<br>> > if (scan_code == 1 &&
!irqtimer_check(esc_accepted_time))<br>> > continue;<br>> > - if (tpm_is_working() &&
scan_code == 20 /* t */) {<br>> > + if (tpm_can_show_menu() &&
scan_code == 20 /* t */) {<br>> > printf("\n");<br>> > tpm_menu();<br>> > }<br>> > diff --git a/src/tcgbios.c b/src/tcgbios.c<br>> > index 7a81d00..d14468e 100644<br>> > --- a/src/tcgbios.c<br>> > +++ b/src/tcgbios.c<br>> > @@ -60,6 +60,8 @@ struct {<br>> > u8 * log_area_last_entry;<br>> > } tpm_state VARLOW;<br>> > <br>> > +static int TPM_has_physical_presence;<br>> > +<br>> > static struct tcpa_descriptor_rev2 *<br>> > find_tcpa_by_rsdp(struct rsdp_descriptor *rsdp)<br>> > {<br>> > @@ -164,6 +166,12 @@ tpm_is_working(void)<br>> > return CONFIG_TCGBIOS && TPM_working;<br>> > }<br>> > <br>> > +int<br>> > +tpm_can_show_menu(void)<br>> > +{<br>> > + return tpm_is_working() && TPM_has_physical_presence;<br>> > +}<br>> > +<br>> > /*<br>> > * Send a TPM command with the given ordinal. Append the
given buffer<br>> > * containing all data in network byte order to the command
(this is<br>> > @@ -477,6 +485,11 @@ tpm_startup(void)<br>> > if (ret)<br>> > goto err_exit;<br>> > <br>> > + /* assertion of physical presence is only possible
after startup */<br>> > + ret = assert_physical_presence();<br>> > + if (!ret)<br>> > + TPM_has_physical_presence = 1;<br>> > +<br>> > ret = determine_timeouts();<br>> > if (ret)<br>> > return -1;<br>> > @@ -521,6 +534,10 @@ tpm_setup(void)<br>> > if (ret)<br>> > return;<br>> > <br>> > + ret = assert_physical_presence();<br>> > + if (!ret)<br>> > + TPM_has_physical_presence = 1;<br>> > +<br>> > tpm_smbios_measure();<br>> > tpm_add_action(2, "Start Option ROM
Scan");<br>> > }<br>> <br>> This calls assert_physical_presence() twice during setup. I'm<br>> guessing the first was a copy-and-paste error and only the one in<br>> tpm_setup() is desired?</font></tt><br><br><tt><font size=2>Right, copy-paste error. Only the first is necessary.</font></tt><br><tt><font size=2><br>> <br>> [...]<br>> > --- a/src/tcgbios.h<br>> > +++ b/src/tcgbios.h<br>> > @@ -14,6 +14,7 @@ void tpm_add_cdrom(u32 bootdrv, const u8 *addr,
<br>> u32 length);<br>> > void tpm_add_cdrom_catalog(const u8 *addr, u32 length);<br>> > void tpm_option_rom(const void *addr, u32 len);<br>> > int tpm_is_working(void);<br>> > +int tpm_can_show_menu(void);<br>> <br>> Now that tpm_is_working() is no longer used, it should be marked as<br>> static and not exported.</font></tt><br><br><tt><font size=2>Good catch.</font></tt><br><br><tt><font size=2> Stefan</font></tt><br><tt><font size=2><br>> <br>> -Kevin<br>> <br></font></tt><BR>