hwdb: introduce hwdb for tpm2 devices

This hwdb is can carry hw quirks and similar for us, in particular tell
us if nvpcrs have a chance of working.

diff --git a/hwdb.d/60-tpm2.hwdb b/hwdb.d/60-tpm2.hwdb
new file mode 100644 (file)
index 0000000..2772bf3
--- /dev/null
+++ b/hwdb.d/60-tpm2.hwdb
@@ -0,0 +1,14 @@
+# This file is part of systemd.
+#
+# Use "systemd-analyze identify-tpm2" to generate the modalias string for your
+# hardware. Don't forget to prefix it with "tpm:" for inclusion in a match here.
+#
+# Currently, the only relevant property to set here is TPM2_BROKEN_NVPCR=1,
+# which should be set on TPMs where NvPCRs don't work. Specifically, because
+# on some hardware the combination of TPMA_NV_ORDERLY + TPM2_NT_EXTEND cause
+# NV_Extend() operations to time out. For details, see:
+# https://github.com/systemd/systemd/issues/40485
+
+# ST33TPHF2ESPI Firmware 73.4
+tpm2:*:mfSTM:*:fw73.4.*:
+ TPM2_BROKEN_NVPCR=1

diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build
index 36a9937a60a3f11a52d273db79f67f19f386f5b3..9ba73b21d63933caffe07b1a1c7fff069e28ac82 100644 (file)
--- a/hwdb.d/meson.build
+++ b/hwdb.d/meson.build
@@ -26,6 +26,7 @@ hwdb_files_test = files(
         '60-keyboard.hwdb',
         '60-seat.hwdb',
         '60-sensor.hwdb',
+        '60-tpm2.hwdb',
         '70-analyzers.hwdb',
         '70-av-production.hwdb',
         '70-cameras.hwdb',

diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py
index 7efa61ad4b8c330ab7072e2fb2590e123c8a0268..e98510839b73fc65c6b2f772161059ee994f5403 100755 (executable)
--- a/hwdb.d/parse_hwdb.py
+++ b/hwdb.d/parse_hwdb.py
@@ -105,6 +105,7 @@ GENERAL_MATCHES = {'acpi',
                    'OUI',
                    'pci',
                    'sdio',
+                   'tpm2',
                    'usb',
                    'vmbus',
                    }
@@ -213,6 +214,7 @@ def property_grammar():
              ('ID_SYSFS_ATTRIBUTE_MODEL', name_literal),
              ('ID_NET_NAME_FROM_DATABASE', name_literal),
              ('ID_NET_NAME_INCLUDE_DOMAIN', zero_one),
+             ('TPM2_BROKEN_NVPCR', zero_one),
             )
     fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE')
                    for name, val in props]

diff --git a/rules.d/60-tpm2-id.rules b/rules.d/60-tpm2-id.rules
index 40ed0902bbe00d33282464d7187fc3fd66b96b0e..1e08f3b8e5b9d353b9a85056fe54e96e4b423297 100644 (file)
--- a/rules.d/60-tpm2-id.rules
+++ b/rules.d/60-tpm2-id.rules
@@ -5,5 +5,6 @@ SUBSYSTEM!="tpmrm", GOTO="tpm2_id_end"
 KERNEL!="tpmrm[0-9]*", GOTO="tpm2_id_end"
 
 IMPORT{program}="tpm2_id identify"
+ENV{ID_TPM2_MODALIAS}!="", IMPORT{builtin}="hwdb 'tpm2:$env{ID_TPM2_MODALIAS}'"
 
 LABEL="tpm2_id_end"