]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c7ce6fd)
tpm2-util: also generate recognizable error if PolicyAuthorizeNV fails
authorLennart Poettering <lennart@poettering.net>
Mon, 2 Jun 2025 11:12:28 +0000 (13:12 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 3 Jun 2025 14:12:45 +0000 (16:12 +0200)
src/shared/tpm2-util.c patch | blob | blame | history

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 103cf5058137769fa428ef1888b632264d3e6133..7e2a84bfee01b0bee79f67c0945b088852ea2f96 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -3661,6 +3661,11 @@ int tpm2_policy_authorize_nv(
                         ESYS_TR_PASSWORD,
                         ESYS_TR_NONE,
                         ESYS_TR_NONE);
+        if ((rc & ~(TPM2_RC_N_MASK|TPM2_RC_P)) == TPM2_RC_VALUE) /* Return a recognizable error if the policy
+                                                                  * in the NV index does not match what we
+                                                                  * just put together */
+                return log_debug_errno(SYNTHETIC_ERRNO(EREMCHG),
+                                       "Submitted policy does not match policy stored in PolicyAuthorizeNV.");
         if (rc != TSS2_RC_SUCCESS)
                 return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
                                        "Failed to add AuthorizeNV policy to TPM: %s",
Unnamed repository; edit this file 'description' to name the repository.