[SLOF] [PATCH] tcgbios: Disable platform hierarchy in case of failure
Stefan Berger
stefanb at linux.ibm.com
Sat Sep 18 03:38:05 AEST 2021
In the rare case of a TPM 2 failure, disable the platform hierarchy after
disabling the endorsement and owner hierarchies.
Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
lib/libtpm/tcgbios.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
index e43745e..3b2e76d 100644
--- a/lib/libtpm/tcgbios.c
+++ b/lib/libtpm/tcgbios.c
@@ -620,6 +620,7 @@ static void tpm_set_failure(void)
{
tpm20_hierarchycontrol(TPM2_RH_ENDORSEMENT, TPM2_NO);
tpm20_hierarchycontrol(TPM2_RH_OWNER, TPM2_NO);
+ tpm20_hierarchycontrol(TPM2_RH_PLATFORM, TPM2_NO);
tpm_state.tpm_working = false;
}
--
2.31.1
More information about the SLOF
mailing list