From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 19 Apr 2022 12:42:27 +0000 (+0200)
Subject: tpm2-util: add helper that checks for the various facets of TPM2 support
X-Git-Tag: v251-rc2~91^2~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ba578556288f5d6f16a94fda702178b349beca85;p=thirdparty%2Fsystemd.git

tpm2-util: add helper that checks for the various facets of TPM2 support

So far we were a bit sloppy regarding checks for TPM2 support. Let's
make things more precise and introduce a single helper that checks for
three axis of TPM2 support: whether we have a loaded kernel driver,
whether the firmware used it, and whether we ourselves are compiled for
it.

This only adds the helper. Follow-up patches will use it at various
places.
---

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 3dfc5d8b7dd..62ba4b0ba8f 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -1,7 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+#include "efi-api.h"
 #include "extract-word.h"
 #include "parse-util.h"
+#include "stat-util.h"
 #include "tpm2-util.h"
 
 #if HAVE_TPM2
@@ -1453,3 +1455,24 @@ int tpm2_primary_alg_from_string(const char *alg) {
                 return TPM2_ALG_RSA;
         return -EINVAL;
 }
+
+Tpm2Support tpm2_support(void) {
+        Tpm2Support support = TPM2_SUPPORT_NONE;
+        int r;
+
+        r = dir_is_empty("/sys/class/tpmrm");
+        if (r < 0) {
+                if (r != -ENOENT)
+                        log_debug_errno(r, "Unable to test whether /sys/class/tpmrm/ exists and is populated, assuming it is not: %m");
+        } else if (r == 0) /* populated! */
+                support |= TPM2_SUPPORT_DRIVER;
+
+        if (efi_has_tpm2())
+                support |= TPM2_SUPPORT_FIRMWARE;
+
+#if HAVE_TPM2
+        support |= TPM2_SUPPORT_SYSTEM;
+#endif
+
+        return support;
+}
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index f9dedd670b0..7a0c47e233c 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -89,3 +89,13 @@ typedef struct {
         uint32_t search_pcr_mask;
         const char *device;
 } systemd_tpm2_plugin_params;
+
+typedef enum Tpm2Support {
+        TPM2_SUPPORT_NONE     = 0,       /* no support */
+        TPM2_SUPPORT_FIRMWARE = 1 << 0,  /* firmware reports TPM2 was used */
+        TPM2_SUPPORT_DRIVER   = 1 << 1,  /* the kernel has a driver loaded for it */
+        TPM2_SUPPORT_SYSTEM   = 1 << 2,  /* we support it ourselves */
+        TPM2_SUPPORT_FULL     = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM,
+} Tpm2Support;
+
+Tpm2Support tpm2_support(void);