So far we were a bit sloppy regarding checks for TPM2 support. Let's
make things more precise and introduce a single helper that checks for
three axis of TPM2 support: whether we have a loaded kernel driver,
whether the firmware used it, and whether we ourselves are compiled for
it.
This only adds the helper. Follow-up patches will use it at various
places.
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "efi-api.h"
#include "extract-word.h"
#include "parse-util.h"
+#include "stat-util.h"
#include "tpm2-util.h"
#if HAVE_TPM2
return TPM2_ALG_RSA;
return -EINVAL;
}
+
+Tpm2Support tpm2_support(void) {
+ Tpm2Support support = TPM2_SUPPORT_NONE;
+ int r;
+
+ r = dir_is_empty("/sys/class/tpmrm");
+ if (r < 0) {
+ if (r != -ENOENT)
+ log_debug_errno(r, "Unable to test whether /sys/class/tpmrm/ exists and is populated, assuming it is not: %m");
+ } else if (r == 0) /* populated! */
+ support |= TPM2_SUPPORT_DRIVER;
+
+ if (efi_has_tpm2())
+ support |= TPM2_SUPPORT_FIRMWARE;
+
+#if HAVE_TPM2
+ support |= TPM2_SUPPORT_SYSTEM;
+#endif
+
+ return support;
+}
uint32_t search_pcr_mask;
const char *device;
} systemd_tpm2_plugin_params;
+
+typedef enum Tpm2Support {
+ TPM2_SUPPORT_NONE = 0, /* no support */
+ TPM2_SUPPORT_FIRMWARE = 1 << 0, /* firmware reports TPM2 was used */
+ TPM2_SUPPORT_DRIVER = 1 << 1, /* the kernel has a driver loaded for it */
+ TPM2_SUPPORT_SYSTEM = 1 << 2, /* we support it ourselves */
+ TPM2_SUPPORT_FULL = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM,
+} Tpm2Support;
+
+Tpm2Support tpm2_support(void);
projects / thirdparty / systemd.git / commitdiff
