[PATCH v2] efi_loader: check tcg2 protocol installation outside the TCG protocol
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu Nov 25 14:22:18 CET 2021
Hi Kojima-san,
On Thu, Nov 25, 2021 at 08:36:28PM +0900, Masahisa Kojima wrote:
> +/**
[...]
> + * is_tcg2_protocol_installed - chech whether tcg2 protocol is installed
> + *
> + * @Return: true if tcg2 protocol is installed, false if not
> + */
> +bool is_tcg2_protocol_installed(void)
> +{
> + struct efi_handler *handler;
> + efi_status_t ret;
> +
> + ret = efi_search_protocol(efi_root, &efi_guid_tcg2_protocol, &handler);
> + return ((ret == EFI_SUCCESS) ? true : false);
> +}
return ret == EFI_SUCCESS; is enough here.
> +
> static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
> {
> u32 len;
> @@ -962,6 +976,9 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
> IMAGE_NT_HEADERS32 *nt;
> struct efi_handler *handler;
>
> + if (!is_tcg2_protocol_installed())
> + return EFI_NOT_READY;
> +
> ret = platform_get_tpm2_device(&dev);
> if (ret != EFI_SUCCESS)
> return ret;
> @@ -2140,6 +2157,9 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha
> u32 event = 0;
> struct smbios_entry *entry;
>
> + if (!is_tcg2_protocol_installed())
> + return EFI_NOT_READY;
> +
> if (tcg2_efi_app_invoked)
> return EFI_SUCCESS;
>
> @@ -2190,6 +2210,9 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void)
> efi_status_t ret;
> struct udevice *dev;
>
> + if (!is_tcg2_protocol_installed())
[...]
Heinrich, this whole patch is needed because installing the tcg2 protocol
always returns EFI_SUCCESS. The reason is that some sandbox tests with
sandbox_tpm used to fail. Do you want to keep this or perhaps just failing
the boot now is the protocol fails to install is an option ?
Thanks
/Ilias
More information about the U-Boot
mailing list