diff options
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss_marshaling.c | 18 | ||||
| -rw-r--r-- | src/security/tpm/tss/vendor/cr50/cr50.c | 6 | ||||
| -rw-r--r-- | src/security/tpm/tss/vendor/cr50/cr50.h | 1 |
3 files changed, 17 insertions, 8 deletions
diff --git a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c index a229dd17ef..eff1acd2cd 100644 --- a/src/security/tpm/tss/tcg-2.0/tss_marshaling.c +++ b/src/security/tpm/tss/tcg-2.0/tss_marshaling.c @@ -587,17 +587,23 @@ struct tpm2_response *tpm_unmarshal_response(TPM_CC command, struct ibuf *ib) if (rc != 0) return NULL; - if (ibuf_remaining(ib) == 0) { - if (tpm2_static_resp.hdr.tpm_size != ibuf_nr_read(ib)) - printk(BIOS_ERR, - "%s: size mismatch in response to command %#x\n", - __func__, command); - return &tpm2_static_resp; + if (ibuf_capacity(ib) != tpm2_static_resp.hdr.tpm_size) { + printk(BIOS_ERR, + "%s: size mismatch in response to command %#x\n", + __func__, command); + return NULL; } + /* On errors, we're not sure what the TPM is returning. None of the + commands we use actually expect useful data payloads for errors, so + just ignore any data after the header. */ + if (tpm2_static_resp.hdr.tpm_code != TPM2_RC_SUCCESS) + return &tpm2_static_resp; + switch (command) { case TPM2_Startup: case TPM2_Shutdown: + case TPM2_SelfTest: break; case TPM2_GetCapability: diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c index ae2f7c2516..d7bf48d711 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.c +++ b/src/security/tpm/tss/vendor/cr50/cr50.c @@ -89,7 +89,8 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) return TPM_E_MUST_REBOOT; } - if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND) { + if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || + response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) { /* * Explicitly inform caller when command is not supported */ @@ -119,7 +120,8 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode) if (!response) return TPM_E_IOERROR; - if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND) + if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || + response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) /* Explicitly inform caller when command is not supported */ return TPM_E_NO_SUCH_COMMAND; diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h index 0f91732856..e3146a421f 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.h +++ b/src/security/tpm/tss/vendor/cr50/cr50.h @@ -21,6 +21,7 @@ #define VENDOR_RC_ERR 0x00000500 enum cr50_vendor_rc { VENDOR_RC_INTERNAL_ERROR = (VENDOR_RC_ERR | 6), + VENDOR_RC_NO_SUCH_SUBCOMMAND = (VENDOR_RC_ERR | 8), VENDOR_RC_NO_SUCH_COMMAND = (VENDOR_RC_ERR | 127), }; |