tcgbios: Disable platform hierarchy in case of failure

[SeaBIOS] [PATCH] tcgbios: Disable platform hierarchy in case of failure

Stefan Berger posted 1 patch 2 years, 7 months ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/seabios tags/patchew/20210907210552.742554-1-stefanb@linux.vnet.ibm.com

src/tcgbios.c | 1 +
1 file changed, 1 insertion(+)

Expand all Fold all

[SeaBIOS] [PATCH] tcgbios: Disable platform hierarchy in case of failure

Posted by Stefan Berger 2 years, 7 months ago

In the rare case of a TPM 2 failure, disable the platform hierarchy after
disabling the endorsement and owner hierarchies.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tcgbios.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tcgbios.c b/src/tcgbios.c
index 02921d8..31f4d7b 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -983,6 +983,7 @@ tpm_set_failure(void)
     case TPM_VERSION_2:
         tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO);
         tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO);
+        tpm20_hierarchycontrol(TPM2_RH_PLATFORM, TPM2_NO);
         break;
     }
 
-- 
2.31.1

_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org

[SeaBIOS] Re: [PATCH] tcgbios: Disable platform hierarchy in case of failure

Posted by Kevin O'Connor 2 years, 6 months ago

On Tue, Sep 07, 2021 at 05:05:52PM -0400, Stefan Berger wrote:
> In the rare case of a TPM 2 failure, disable the platform hierarchy after
> disabling the endorsement and owner hierarchies.

Thanks.  I committed this change.

-Kevin
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org