mirror of
https://github.com/systemd/systemd.git
synced 2024-11-23 18:23:32 +08:00
efi-api: check the EFI_TCG2_FINAL_EVENTS_TABLE in efi_has_tpm2()
The EFI firmware may provide the TPM2 event log using EFI_TCG2_FINAL_EVENTS_TABLE stored in EFI configuration table, instead of the ACPI Table TPM2. If the ACPI Table TPM2 doesn't exist, try to check whether EFI_TCG2_FINAL_EVENTS_TABLE is available or not. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
This commit is contained in:
parent
f151abb0e5
commit
4b33911581
@ -524,20 +524,32 @@ bool efi_has_tpm2(void) {
|
||||
|
||||
/* Returns whether the system has a TPM2 chip which is known to the EFI firmware. */
|
||||
|
||||
if (cache < 0) {
|
||||
if (cache >= 0)
|
||||
return cache;
|
||||
|
||||
/* First, check if we are on an EFI boot at all. */
|
||||
if (!is_efi_boot())
|
||||
cache = false;
|
||||
else {
|
||||
if (!is_efi_boot()) {
|
||||
cache = 0;
|
||||
return cache;
|
||||
}
|
||||
|
||||
/* Then, check if the ACPI table "TPM2" exists, which is the TPM2 event log table, see:
|
||||
* https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_v1.20_r8.pdf
|
||||
* This table exists whenever the firmware is hooked up to TPM2. */
|
||||
cache = access("/sys/firmware/acpi/tables/TPM2", F_OK) >= 0;
|
||||
if (!cache && errno != ENOENT)
|
||||
if (cache)
|
||||
return cache;
|
||||
|
||||
if (errno != ENOENT)
|
||||
log_debug_errno(errno, "Unable to test whether /sys/firmware/acpi/tables/TPM2 exists, assuming it doesn't: %m");
|
||||
}
|
||||
}
|
||||
|
||||
/* As the last try, check if the EFI firmware provides the EFI_TCG2_FINAL_EVENTS_TABLE
|
||||
* stored in EFI configuration table, see:
|
||||
* https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
|
||||
*/
|
||||
cache = access("/sys/kernel/security/tpm0/binary_bios_measurements", F_OK) >= 0;
|
||||
if (!cache && errno != ENOENT)
|
||||
log_debug_errno(errno, "Unable to test whether /sys/kernel/security/tpm0/binary_bios_measurements exists, assuming it doesn't: %m");
|
||||
|
||||
return cache;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user