tpm2-util: also load libtss2-tcti-device.so.0 in dlopen_tpm2()

This TCTI module is the one we need to actually access a Linux TPM
device, we'll hence pretty much always need it if we do TPM at all.
Given that we nowadays turn off dlopen() after fork() in the child,
let's explicitly load it as part of dlopen_tpm2() so that it is
available whenever TPM2 is used.

diff --git a/src/basic/dlfcn-util.c b/src/basic/dlfcn-util.c
index 8574e99546b81db93d4295ed44e94852d25f0d6b..23bd1f666e32be7531c2f9b2192840e31d92b7c2 100644 (file)
--- a/src/basic/dlfcn-util.c
+++ b/src/basic/dlfcn-util.c
@@ -47,9 +47,11 @@ int dlsym_many_or_warn_sentinel(void *dl, int log_level, ...) {
         return r;
 }
 
-int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_level, ...) {
+int dlopen_verbose(void **dlp, const char *filename) {
         int r;
 
+        assert(dlp);
+
         if (*dlp)
                 return 0; /* Already loaded */
 
@@ -62,6 +64,22 @@ int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_l
         }
 
         log_debug("Loaded shared library '%s' via dlopen().", filename);
+        *dlp = TAKE_PTR(dl);
+        return 1;
+}
+
+int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_level, ...) {
+        int r;
+
+        assert(dlp);
+
+        if (*dlp)
+                return 0; /* Already loaded */
+
+        _cleanup_(dlclosep) void *dl = NULL;
+        r = dlopen_verbose(&dl, filename);
+        if (r < 0)
+                return r;
 
         va_list ap;
         va_start(ap, log_level);

diff --git a/src/basic/dlfcn-util.h b/src/basic/dlfcn-util.h
index 367c47ddb8610e48cc77fbd9869792d8eef61bc0..9760b31da4d059de94958ae1fa4f66c4a50b4ad8 100644 (file)
--- a/src/basic/dlfcn-util.h
+++ b/src/basic/dlfcn-util.h
@@ -11,6 +11,7 @@ static inline void dlclosep(void **dlp) {
         safe_dlclose(*dlp);
 }
 
+int dlopen_verbose(void **dlp, const char *filename);
 int dlsym_many_or_warn_sentinel(void *dl, int log_level, ...) _sentinel_;
 int dlopen_many_sym_or_warn_sentinel(void **dlp, const char *filename, int log_level, ...) _sentinel_;
 

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index b0f6387b03782825a25ff15c0aec22a44c9fb7ac..0d4f51dc1e76290b07b865f4f9872941f3c3996d 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -53,6 +53,7 @@
 static void *libtss2_esys_dl = NULL;
 static void *libtss2_rc_dl = NULL;
 static void *libtss2_mu_dl = NULL;
+static void *libtss2_tcti_device_dl = NULL;
 
 static DLSYM_PROTOTYPE(Esys_Create) = NULL;
 static DLSYM_PROTOTYPE(Esys_CreateLoaded) = NULL;
@@ -226,6 +227,20 @@ static int dlopen_tpm2_mu(void) {
                         DLSYM_ARG(Tss2_MU_UINT32_Marshal));
 }
 
+static int dlopen_tpm2_tcti_device(void) {
+        /* The "device" TCTI is the most relevant one, let's also load it explicitly on dlopen_tpm2(), even
+         * if we don't resolve any symbols here. */
+
+        ELF_NOTE_DLOPEN("tpm",
+                        "Support for TPM",
+                        ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED,
+                        "libtss2-tcti-device.so.0");
+
+        return dlopen_verbose(
+                        &libtss2_tcti_device_dl,
+                        "libtss2-tcti-device.so.0");
+}
+
 #endif
 
 int dlopen_tpm2(void) {
@@ -244,6 +259,10 @@ int dlopen_tpm2(void) {
         if (r < 0)
                 return r;
 
+        r = dlopen_tpm2_tcti_device();
+        if (r < 0)
+                return r;
+
         return 0;
 #else
         return -EOPNOTSUPP;