From: Lennart Poettering <lennart@amutable.com>
Date: Tue, 3 Mar 2026 13:06:44 +0000 (+0100)
Subject: hwdb: introduce hwdb for tpm2 devices
X-Git-Tag: v260-rc2~7^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2eed3fa25e8c38b7a90d6ab3d22ee90e3569271;p=thirdparty%2Fsystemd.git

hwdb: introduce hwdb for tpm2 devices

This hwdb is can carry hw quirks and similar for us, in particular tell
us if nvpcrs have a chance of working.
---

diff --git a/hwdb.d/60-tpm2.hwdb b/hwdb.d/60-tpm2.hwdb
new file mode 100644
index 00000000000..2772bf3cde1
--- /dev/null
+++ b/hwdb.d/60-tpm2.hwdb
@@ -0,0 +1,14 @@
+# This file is part of systemd.
+#
+# Use "systemd-analyze identify-tpm2" to generate the modalias string for your
+# hardware. Don't forget to prefix it with "tpm:" for inclusion in a match here.
+#
+# Currently, the only relevant property to set here is TPM2_BROKEN_NVPCR=1,
+# which should be set on TPMs where NvPCRs don't work. Specifically, because
+# on some hardware the combination of TPMA_NV_ORDERLY + TPM2_NT_EXTEND cause
+# NV_Extend() operations to time out. For details, see:
+# https://github.com/systemd/systemd/issues/40485
+
+# ST33TPHF2ESPI Firmware 73.4
+tpm2:*:mfSTM:*:fw73.4.*:
+ TPM2_BROKEN_NVPCR=1
diff --git a/hwdb.d/meson.build b/hwdb.d/meson.build
index 36a9937a60a..9ba73b21d63 100644
--- a/hwdb.d/meson.build
+++ b/hwdb.d/meson.build
@@ -26,6 +26,7 @@ hwdb_files_test = files(
         '60-keyboard.hwdb',
         '60-seat.hwdb',
         '60-sensor.hwdb',
+        '60-tpm2.hwdb',
         '70-analyzers.hwdb',
         '70-av-production.hwdb',
         '70-cameras.hwdb',
diff --git a/hwdb.d/parse_hwdb.py b/hwdb.d/parse_hwdb.py
index 7efa61ad4b8..e98510839b7 100755
--- a/hwdb.d/parse_hwdb.py
+++ b/hwdb.d/parse_hwdb.py
@@ -105,6 +105,7 @@ GENERAL_MATCHES = {'acpi',
                    'OUI',
                    'pci',
                    'sdio',
+                   'tpm2',
                    'usb',
                    'vmbus',
                    }
@@ -213,6 +214,7 @@ def property_grammar():
              ('ID_SYSFS_ATTRIBUTE_MODEL', name_literal),
              ('ID_NET_NAME_FROM_DATABASE', name_literal),
              ('ID_NET_NAME_INCLUDE_DOMAIN', zero_one),
+             ('TPM2_BROKEN_NVPCR', zero_one),
             )
     fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE')
                    for name, val in props]
diff --git a/rules.d/60-tpm2-id.rules b/rules.d/60-tpm2-id.rules
index 40ed0902bbe..1e08f3b8e5b 100644
--- a/rules.d/60-tpm2-id.rules
+++ b/rules.d/60-tpm2-id.rules
@@ -5,5 +5,6 @@ SUBSYSTEM!="tpmrm", GOTO="tpm2_id_end"
 KERNEL!="tpmrm[0-9]*", GOTO="tpm2_id_end"
 
 IMPORT{program}="tpm2_id identify"
+ENV{ID_TPM2_MODALIAS}!="", IMPORT{builtin}="hwdb 'tpm2:$env{ID_TPM2_MODALIAS}'"
 
 LABEL="tpm2_id_end"