From 4d2af9df7cc1aab4a48ddf0f06c3f92e6580f6fa Mon Sep 17 00:00:00 2001
From: Philipp Deppenwiese <zaolin@das-labor.org>
Date: Tue, 14 Aug 2018 09:46:55 -0700
Subject: security/tpm: Fix TPM 1.2 state machine issues

* Fix ACPI resume path compilation for TPM ramstage
  driver
* Move enabling of the TPM prior activation and remove
  reboot return status from TPM enable.

More information can be found via the TCG
specification v1.2

Tested=Elgon

Change-Id: Ided110e0c1889b302e29acac6d8d2341f97eb10b
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
Reviewed-on: https://review.coreboot.org/28085
Reviewed-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/drivers/tpm/tpm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/drivers')

diff --git a/src/drivers/tpm/tpm.c b/src/drivers/tpm/tpm.c
index e4a81c3da4..77d3a8e81e 100644
--- a/src/drivers/tpm/tpm.c
+++ b/src/drivers/tpm/tpm.c
@@ -18,16 +18,18 @@
 #include <bootstate.h>
 #include <security/tpm/tspi.h>
 
-#if IS_ENABLED(CONFIG_ARCH_X86)
+#if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
 #include <arch/acpi.h>
 #endif
 
 static void init_tpm_dev(void *unused)
 {
-#if IS_ENABLED(CONFIG_ARCH_X86)
+#if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
 	int s3resume = acpi_is_wakeup_s3();
 	tpm_setup(s3resume);
 #else
+	/* This can lead to PCR reset attacks but currently there
+	   is no generic way to detect resume on other platforms. */
 	tpm_setup(false);
 #endif
 }
-- 
cgit v1.2.3