tpm2-util: handle TPMs gracefully that do not support ECC and return TPM2_RC_VALUES

If a TPM doesn't do ECC it could either return zero curves when asked
for it, or it could simply fail with TPM2_RC_VALUES because it doesn't
recognize the capability at all.

Handle both cases the same way.

Fixes: #30679

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 80a0d5f2dc60838c7765113723177e1e870051df..8c683254a2a7098cfacc99aab6952425cea8f2c2 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -228,11 +228,14 @@ static int tpm2_get_capability(
                         count,
                         &more,
                         &capabilities);
+        if (rc == TPM2_RC_VALUE)
+                return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
+                                       "Requested TPM2 capability 0x%04" PRIx32 " property 0x%04" PRIx32 " apparently doesn't exist: %s",
+                                       capability, property, sym_Tss2_RC_Decode(rc));
         if (rc != TSS2_RC_SUCCESS)
                 return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
                                        "Failed to get TPM2 capability 0x%04" PRIx32 " property 0x%04" PRIx32 ": %s",
                                        capability, property, sym_Tss2_RC_Decode(rc));
-
         if (capabilities->capability != capability)
                 return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
                                        "TPM provided wrong capability: 0x%04" PRIx32 " instead of 0x%04" PRIx32 ".",
@@ -333,6 +336,8 @@ static int tpm2_cache_capabilities(Tpm2Context *c) {
                                 current_ecc_curve,
                                 TPM2_MAX_ECC_CURVES,
                                 &capability);
+                if (r == -ENXIO) /* If the TPM doesn't support ECC, it might return TPM2_RC_VALUE rather than capability.eccCurves == 0 */
+                        break;
                 if (r < 0)
                         return r;