From: Lennart Poettering Date: Tue, 2 Jan 2024 17:33:37 +0000 (+0100) Subject: tpm2-util: handle TPMs gracefully that do not support ECC and return TPM2_RC_VALUES X-Git-Tag: v256-rc1~1334 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ae17fcb61ad26119b41e3f82a339c37a3a2cb383;p=thirdparty%2Fsystemd.git tpm2-util: handle TPMs gracefully that do not support ECC and return TPM2_RC_VALUES If a TPM doesn't do ECC it could either return zero curves when asked for it, or it could simply fail with TPM2_RC_VALUES because it doesn't recognize the capability at all. Handle both cases the same way. Fixes: #30679 --- diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 80a0d5f2dc6..8c683254a2a 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -228,11 +228,14 @@ static int tpm2_get_capability( count, &more, &capabilities); + if (rc == TPM2_RC_VALUE) + return log_debug_errno(SYNTHETIC_ERRNO(ENXIO), + "Requested TPM2 capability 0x%04" PRIx32 " property 0x%04" PRIx32 " apparently doesn't exist: %s", + capability, property, sym_Tss2_RC_Decode(rc)); if (rc != TSS2_RC_SUCCESS) return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to get TPM2 capability 0x%04" PRIx32 " property 0x%04" PRIx32 ": %s", capability, property, sym_Tss2_RC_Decode(rc)); - if (capabilities->capability != capability) return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM provided wrong capability: 0x%04" PRIx32 " instead of 0x%04" PRIx32 ".", @@ -333,6 +336,8 @@ static int tpm2_cache_capabilities(Tpm2Context *c) { current_ecc_curve, TPM2_MAX_ECC_CURVES, &capability); + if (r == -ENXIO) /* If the TPM doesn't support ECC, it might return TPM2_RC_VALUE rather than capability.eccCurves == 0 */ + break; if (r < 0) return r;