On 11/29/21 15:55, Ilias Apalodimas wrote:
On Mon, 29 Nov 2021 at 16:26, Michal Simek <michal.si...@xilinx.com> wrote:For systems which have TPM support enabled but actual device is missing there is no reason to show a message that measurement failed in efi_load_pe(). To ensure that the patch is returning EFI_SUCCESS even for cases where TPM device is not found. The reason is that other parts of the code return also EFI_NOT_FOUND in tcg2_measure_pe_image() (e.g efi_search_protocol) that's why this error code can't be checked but still it needs to be reported. The same logic is also used in efi_tcg2_get_eventlog() added by commit c8d0fd582576 ("efi_loader: Introduce eventlog support for TCG2_PROTOCOL"). Signed-off-by: Michal Simek <michal.si...@xilinx.com> --- Changes in v2: - Change subject and description - Change logic in different location - Origin thread was https://lore.kernel.org/r/657a869c04e9b09e3bd2e6fd74ff94320b7fbe9b.1638191161.git.michal.si...@xilinx.com lib/efi_loader/efi_tcg2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 8c1f22e3377b..db785f4d8c27 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -888,7 +888,8 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) - return ret; + /* don't fail when TPM is not found */ + return EFI_SUCCESS; switch (handle->image_type) { case IMAGE_SUBSYSTEM_EFI_APPLICATION: -- 2.33.1Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
This patch means: You can run some command that initializes the TCG2 protocol (e.g. debug_hd), then unbind the TPM, run a first EFI binary which diverts EFI API addresses, bind the TPM again and run the normal binary and nobody will see the first binary in boot measurement. Best regards Heinrich
