| Aaron Durbin | f56c778 | 2017-01-10 17:44:42 -0600 | [diff] [blame] | 1 | /* |
| 2 | * This file is part of the coreboot project. |
| 3 | * |
| 4 | * Copyright 2017 Google Inc. |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; version 2 of the License. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | */ |
| 15 | |
| 16 | #include <bootstate.h> |
| 17 | #include <console/console.h> |
| Philipp Deppenwiese | d88fb36 | 2017-10-18 20:26:18 +0200 | [diff] [blame] | 18 | #include <security/tpm/tss.h> |
| Aaron Durbin | f56c778 | 2017-01-10 17:44:42 -0600 | [diff] [blame] | 19 | #include <vb2_api.h> |
| 20 | |
| 21 | static void disable_platform_hierarchy(void *unused) |
| 22 | { |
| 23 | int ret; |
| 24 | |
| 25 | if (!IS_ENABLED(CONFIG_TPM2)) |
| 26 | return; |
| 27 | |
| 28 | if (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT)) |
| 29 | return; |
| 30 | |
| 31 | ret = tlcl_lib_init(); |
| 32 | |
| 33 | if (ret != VB2_SUCCESS) { |
| 34 | printk(BIOS_ERR, "tlcl_lib_init() failed: %x\n", ret); |
| 35 | return; |
| 36 | } |
| 37 | |
| 38 | ret = tlcl_disable_platform_hierarchy(); |
| 39 | if (ret != TPM_SUCCESS) |
| 40 | printk(BIOS_ERR, "Platform hierarchy disablement failed: %x\n", |
| 41 | ret); |
| 42 | } |
| 43 | |
| 44 | BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, disable_platform_hierarchy, |
| 45 | NULL); |