tpm2-util: do not load tpm2 libraries when not interested in the existence of the...

For example, 'bootctl status' only interested in if the efi has TPM2
support and a TPM2 driver is loaded. Hence, not necessary to load
libtss2.

diff --git a/src/boot/bootctl-status.c b/src/boot/bootctl-status.c
index 58c6527ab811f32c033d55cb6959da901b57e99d..61d76dd67954cb94e020783820ed9f50bf0741a5 100644 (file)
--- a/src/boot/bootctl-status.c
+++ b/src/boot/bootctl-status.c
@@ -411,7 +411,6 @@ int verb_status(int argc, char *argv[], void *userdata) {
                 _cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL, *stub_path = NULL,
                         *current_entry = NULL, *oneshot_entry = NULL, *default_entry = NULL;
                 uint64_t loader_features = 0, stub_features = 0;
-                Tpm2Support s;
                 int have;
 
                 (void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderFirmwareType), &fw_type);
@@ -440,7 +439,7 @@ int verb_status(int argc, char *argv[], void *userdata) {
                 else
                         printf("\n");
 
-                s = tpm2_support();
+                Tpm2Support s = tpm2_support_full(TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER);
                 printf("  TPM2 Support: %s%s%s\n",
                        FLAGS_SET(s, TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER) ? ansi_highlight_green() :
                        (s & (TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER)) != 0 ? ansi_highlight_red() : ansi_highlight_yellow(),

diff --git a/src/shared/condition.c b/src/shared/condition.c
index 2e231dfdff5b8275c88a0dbe017b3638c641c95b..da5c6f6309c90fd3e05482ada3d67b25a93c98e7 100644 (file)
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -667,7 +667,7 @@ static int has_tpm2(void) {
          *
          * Note that we don't check if we ourselves are built with TPM2 support here! */
 
-        return FLAGS_SET(tpm2_support(), TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_FIRMWARE);
+        return FLAGS_SET(tpm2_support_full(TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_FIRMWARE), TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_FIRMWARE);
 }
 
 static int condition_test_security(Condition *c, char **env) {

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 38e4da40127b23221bf23be2823fce6c8bdfa57c..9f5618c16264bb003ffd73ddc94b54c9dc118d2e 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -7872,11 +7872,11 @@ int tpm2_sym_mode_from_string(const char *mode) {
         return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown symmetric mode name '%s'", mode);
 }
 
-Tpm2Support tpm2_support(void) {
+Tpm2Support tpm2_support_full(Tpm2Support mask) {
         Tpm2Support support = TPM2_SUPPORT_NONE;
         int r;
 
-        if (detect_container() <= 0) {
+        if (((mask & (TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_DRIVER)) != 0) && detect_container() <= 0) {
                 /* Check if there's a /dev/tpmrm* device via sysfs. If we run in a container we likely just
                  * got the host sysfs mounted. Since devices are generally not virtualized for containers,
                  * let's assume containers never have a TPM, at least for now. */
@@ -7893,18 +7893,20 @@ Tpm2Support tpm2_support(void) {
                         support |= TPM2_SUPPORT_SUBSYSTEM;
         }
 
-        if (efi_has_tpm2())
+        if (FLAGS_SET(mask, TPM2_SUPPORT_FIRMWARE) && efi_has_tpm2())
                 support |= TPM2_SUPPORT_FIRMWARE;
 
 #if HAVE_TPM2
         support |= TPM2_SUPPORT_SYSTEM;
 
-        r = dlopen_tpm2();
-        if (r >= 0)
-                support |= TPM2_SUPPORT_LIBRARIES;
+        if (FLAGS_SET(mask, TPM2_SUPPORT_LIBRARIES)) {
+                r = dlopen_tpm2();
+                if (r >= 0)
+                        support |= TPM2_SUPPORT_LIBRARIES;
+        }
 #endif
 
-        return support;
+        return support & mask;
 }
 
 int verb_has_tpm2_generic(bool quiet) {

diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index e25c0661941b250962b23a5e8a4635960b0b18a0..068369761811ce67e14205e53a1a8ddea2e98f06 100644 (file)
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -461,7 +461,10 @@ typedef enum Tpm2Support {
         TPM2_SUPPORT_FULL      = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_LIBRARIES,
 } Tpm2Support;
 
-Tpm2Support tpm2_support(void);
+Tpm2Support tpm2_support_full(Tpm2Support mask);
+static inline Tpm2Support tpm2_support(void) {
+        return tpm2_support_full(TPM2_SUPPORT_FULL);
+}
 static inline bool tpm2_is_fully_supported(void) {
         return tpm2_support() == TPM2_SUPPORT_FULL;
 }