mount-encrypted: handle missing TPM on Chrome OS

While not having a TPM was supported for non-Chrome devices, it was not expected for Chrome devices. This adds logic to fail the TPM calls before making them when the TPM is missing. The tpm_lite library doesn't handle the TPM being missing, so we have to do this ourselves. BUG=chrome-os-partner:15192 TEST=parrot build, verified operation after "mv /dev/tpm0 /dev/tpm0.bak" BRANCH=none Change-Id: I2f625305dce7fa698fcad33e412ee37c60da9bc2 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/35440 Reviewed-by: Luigi Semenzato <semenzato@chromium.org> Reviewed-by: Will Drewry <wad@chromium.org>
2025-12-24 08:47:06 +00:00 · 2012-10-12 12:41:35 -07:00
parent 9bf0d535fe
commit adc6764229
2 changed files with 14 additions and 3 deletions
--- a/firmware/include/tss_constants.h
+++ b/firmware/include/tss_constants.h
@@ -37,6 +37,7 @@
 #define TPM_E_CORRUPTED_STATE        ((uint32_t)0x00005003)  /* vboot local */
 #define TPM_E_COMMUNICATION_ERROR    ((uint32_t)0x00005004)  /* vboot local */
 #define TPM_E_RESPONSE_TOO_LARGE     ((uint32_t)0x00005005)  /* vboot local */
+#define TPM_E_NO_DEVICE              ((uint32_t)0x00005006)  /* vboot local */

 #define TPM_NV_INDEX0 ((uint32_t)0x00000000)
 #define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)