On Mon, Aug 09, 2021 at 12:38:56PM -0400, Ross Philipson wrote:
> The Secure Launch MLE environment uses PCRs that are only accessible from
> the DRTM locality 2. By default the TPM drivers always initialize the
> locality to 0. When a Secure Launch is in progress, initialize the
> locality to 2.
>
> Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>
> ---
> drivers/char/tpm/tpm-chip.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index ddaeceb..48b9351 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -23,6 +23,7 @@
> #include <linux/major.h>
> #include <linux/tpm_eventlog.h>
> #include <linux/hw_random.h>
> +#include <linux/slaunch.h>
> #include "tpm.h"
>
> DEFINE_IDR(dev_nums_idr);
> @@ -34,12 +35,20 @@
>
> static int tpm_request_locality(struct tpm_chip *chip)
> {
> - int rc;
> + int rc, locality;
int locality;
int rc;
>
> if (!chip->ops->request_locality)
> return 0;
>
> - rc = chip->ops->request_locality(chip, 0);
> + if (slaunch_get_flags() & SL_FLAG_ACTIVE) {
> + dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n");
> + locality = 2;
> + } else {
> + dev_dbg(&chip->dev, "setting TPM locality to 0\n");
> + locality = 0;
> + }
Please, remove dev_dbg()'s.
> +
> + rc = chip->ops->request_locality(chip, locality);
> if (rc < 0)
> return rc;
>
> --
> 1.8.3.1
/Jarkko
