[edk2-devel] [PATCH v6 7/9] SecurityPkg: Disable TPM platform hierarchy if TPM resume fails (S3 resume)
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Sep 8 12:46:42 UTC 2021
If Tpm2Startup(TPM_SU_STATE) fails, call ConfigureTPMPlatformHierarchy()
to disable the platform hierarchy.
Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 2 ++
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 +
2 files changed, 3 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 93a8803ff6..63323b9509 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/PeimEntryPoint.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
#include <Library/HashLib.h>
#include <Library/HobLib.h>
#include <Library/PcdLib.h>
@@ -1050,6 +1051,7 @@ PeimEntryMA (
if (!EFI_ERROR(Status)) {
S3ErrorReport = TRUE;
}
+ ConfigureTpmPlatformHierarchy ();
}
} else {
Status = Tpm2Startup (TPM_SU_CLEAR);
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 06c26a2904..2f4988eb6b 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -55,6 +55,7 @@
ReportStatusCodeLib
ResetSystemLib
PrintLib
+ TpmPlatformHierarchyLib
[Guids]
gTcgEventEntryHobGuid ## PRODUCES ## HOB
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80360): https://edk2.groups.io/g/devel/message/80360
Mute This Topic: https://groups.io/mt/85459207/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list