security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup
There are use cases where TPM has already been set up in a previous stage, e.g. TXT or when a CPU reset without a platform reset happens. If this is the case the TPM startup will return a INVALID_POSTINIT (return code 0x26). This adds a Kconfig to allow platforms to disregard that return code. Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/36027 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
parent
e67dce0f94
commit
6d5fcf4fbe
2 changed files with 14 additions and 0 deletions
|
@ -93,4 +93,13 @@ config TPM_RDRESP_NEED_DELAY
|
||||||
to work around a race-condition-related issue, possibly
|
to work around a race-condition-related issue, possibly
|
||||||
caused by ill-programmed TPM firmware.
|
caused by ill-programmed TPM firmware.
|
||||||
|
|
||||||
|
config TPM_STARTUP_IGNORE_POSTINIT
|
||||||
|
bool
|
||||||
|
help
|
||||||
|
Select this to ignore POSTINIT INVALID return codes on TPM
|
||||||
|
startup. This is useful on platforms where a previous stage
|
||||||
|
issued a TPM startup. Examples of use cases are Intel TXT
|
||||||
|
or VBOOT on the Intel Nehalem northbridge which issues a
|
||||||
|
CPU-only reset during the romstage.
|
||||||
|
|
||||||
endmenu # Trusted Platform Module (tpm)
|
endmenu # Trusted Platform Module (tpm)
|
||||||
|
|
|
@ -141,6 +141,11 @@ uint32_t tpm_setup(int s3flag)
|
||||||
}
|
}
|
||||||
|
|
||||||
result = tlcl_startup();
|
result = tlcl_startup();
|
||||||
|
if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT)
|
||||||
|
&& result == TPM_E_INVALID_POSTINIT) {
|
||||||
|
printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n");
|
||||||
|
result = TPM_SUCCESS;
|
||||||
|
}
|
||||||
if (result != TPM_SUCCESS) {
|
if (result != TPM_SUCCESS) {
|
||||||
printk(BIOS_ERR, "TPM: Can't run startup command.\n");
|
printk(BIOS_ERR, "TPM: Can't run startup command.\n");
|
||||||
return tpm_setup_epilogue(result);
|
return tpm_setup_epilogue(result);
|
||||||
|
|
Loading…
Reference in a new issue