From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 18 Sep 2024 20:25:37 +0000 (+0900)
Subject: tpm2-util: introduce tpm2_is_fully_supported()
X-Git-Tag: v257-rc1~397^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b7f051c91db90d909f77266a42c54b3a768c8e0c;p=thirdparty%2Fsystemd.git

tpm2-util: introduce tpm2_is_fully_supported()
---

diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c
index 1c3da3fd840..0848f8e5b49 100644
--- a/src/analyze/analyze-pcrs.c
+++ b/src/analyze/analyze-pcrs.c
@@ -96,7 +96,7 @@ int verb_pcrs(int argc, char *argv[], void *userdata) {
         const char *alg = NULL;
         int r;
 
-        if (tpm2_support() != TPM2_SUPPORT_FULL)
+        if (!tpm2_is_fully_supported())
                 log_notice("System lacks full TPM2 support, not showing PCR state.");
         else {
                 r = get_pcr_alg(&alg);
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 1af5fef720f..36d42147a1f 100644
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -1005,7 +1005,7 @@ static int validate_stub(void) {
         bool found = false;
         int r;
 
-        if (tpm2_support() != TPM2_SUPPORT_FULL)
+        if (!tpm2_is_fully_supported())
                 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Sorry, system lacks full TPM2 support.");
 
         r = efi_stub_get_features(&features);
diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c
index 92f117c2cee..1bf39caf43d 100644
--- a/src/pcrextend/pcrextend.c
+++ b/src/pcrextend/pcrextend.c
@@ -369,7 +369,7 @@ static int run(int argc, char *argv[]) {
                 event = TPM2_EVENT_PHASE;
         }
 
-        if (arg_graceful && tpm2_support() != TPM2_SUPPORT_FULL) {
+        if (arg_graceful && !tpm2_is_fully_supported()) {
                 log_notice("No complete TPM2 support detected, exiting gracefully.");
                 return EXIT_SUCCESS;
         }
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index 180ab560fa7..8cd7c9d7c50 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -886,7 +886,7 @@ int encrypt_credential_and_warn(
                  * container tpm2_support will detect this, and will return a different flag combination of
                  * TPM2_SUPPORT_FULL, effectively skipping the use of TPM2 when inside one. */
 
-                try_tpm2 = tpm2_support() == TPM2_SUPPORT_FULL;
+                try_tpm2 = tpm2_is_fully_supported();
                 if (!try_tpm2)
                         log_debug("System lacks TPM2 support or running in a container, not attempting to use TPM2.");
         } else
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index 31ce2e89dbc..e25c0661941 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -462,6 +462,9 @@ typedef enum Tpm2Support {
 } Tpm2Support;
 
 Tpm2Support tpm2_support(void);
+static inline bool tpm2_is_fully_supported(void) {
+        return tpm2_support() == TPM2_SUPPORT_FULL;
+}
 
 int verb_has_tpm2_generic(bool quiet);
 
diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
index b95c5e7a581..ee9d243d5ee 100644
--- a/src/tpm2-setup/tpm2-setup.c
+++ b/src/tpm2-setup/tpm2-setup.c
@@ -259,7 +259,7 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        if (arg_graceful && tpm2_support() != TPM2_SUPPORT_FULL) {
+        if (arg_graceful && !tpm2_is_fully_supported()) {
                 log_notice("No complete TPM2 support detected, exiting gracefully.");
                 return EXIT_SUCCESS;
         }