[SLOF] [PATCH 09/16] Add support for a TPM menu to control the state of the TPM
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Nov 11 23:59:21 AEDT 2015
On 11/09/2015 05:51 AM, Nikunj A Dadhania wrote:
> Stefan Berger <stefanb at linux.vnet.ibm.com> writes:
>
> +: (t-pressed) ( -- )
> + vtpm-menu
> +;
> +
> : (boot?) ( -- )
> + \ before we boot (and after the TPM menu) make sure we give up
> + \ physical presence on the TPM and lock it -> call vtpm-unassert-pp
> + vtpm-unassert-pp
> +
> 0) vtpm-unassert-pp returns uint32_t, that remains in the stack.
Thanks. Will 'drop'.
> 1) Why dont you check if TPM is available before calling this ?
oversight
> 2) Why are errors not handled?
This actually may be the only return code that we should react upon on
this level since the TPM should not be under physical presence when the
OS takes over.
>
>> of-prompt? not auto-boot? and IF
>> (boot)
>> THEN
>> @@ -147,6 +155,7 @@ TRUE VALUE use-load-watchdog?
>> key? IF
>> key CASE
>> [char] s OF (s-pressed) ENDOF
>> + [char] t OF (t-pressed) (boot?) ENDOF
>> 1b OF
>> (esc-sequence) CASE
>> 1 OF
>> diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
>> index d425693..7954be2 100644
>> --- a/slof/fs/tpm/tpm-static.fs
>> +++ b/slof/fs/tpm/tpm-static.fs
>> @@ -43,3 +43,196 @@ false VALUE vtpm-debug?
>> THEN
>> THEN
>> ;
>> +
>> +1 CONSTANT TPM_ST_ENABLED
>> +2 CONSTANT TPM_ST_ACTIVE
>> +4 CONSTANT TPM_ST_OWNED
>> +8 CONSTANT TPM_ST_OWNERINSTALL
>> +
>> +\ helper to test whether the TPM is enabled and active
>> +: vtpm-enabled-active ( state -- ok? )
>> + TPM_ST_ENABLED TPM_ST_ACTIVE OR AND TPM_ST_ENABLED TPM_ST_ACTIVE OR =
>> +;
> Use the stack :-)
>
> TPM_ST_ENABLED TPM_ST_ACTIVE OR dup rot AND =
or like this :-)
Stefan
More information about the SLOF
mailing list