The Secure Launch MLE environment uses PCRs that are only accessible from
the DRTM locality 2. By default the TPM drivers always initialize the
locality to 0. When a Secure Launch is in progress, initialize the
locality to 2.
Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>
---
drivers/char/tpm/tpm-chip.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index ddaeceb..48b9351 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -23,6 +23,7 @@
#include <linux/major.h>
#include <linux/tpm_eventlog.h>
#include <linux/hw_random.h>
+#include <linux/slaunch.h>
#include "tpm.h"
DEFINE_IDR(dev_nums_idr);
@@ -34,12 +35,20 @@
static int tpm_request_locality(struct tpm_chip *chip)
{
- int rc;
+ int rc, locality;
if (!chip->ops->request_locality)
return 0;
- rc = chip->ops->request_locality(chip, 0);
+ if (slaunch_get_flags() & SL_FLAG_ACTIVE) {
+ dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n");
+ locality = 2;
+ } else {
+ dev_dbg(&chip->dev, "setting TPM locality to 0\n");
+ locality = 0;
+ }
+
+ rc = chip->ops->request_locality(chip, locality);
if (rc < 0)
return rc;
--
1.8.3.1
