mount-encrypted: report numeric results on TPM failure

To help identify the specific failure conditions encountered when the TPM goes weird, report them any time they are encountered. BUG=chrome-os-partner:15960 TEST=daisy build, manual testing BRANCH=none Change-Id: I80b3bd23c88c19d807cbcafe8ea2736fe000e1d6 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/38468 Reviewed-by: Darren Krahn <dkrahn@chromium.org>
2025-11-27 03:33:50 +00:00 · 2012-11-21 11:06:24 -08:00
parent 0bbc17c69a
commit b08c46a0da
1 changed files with 4 additions and 3 deletions
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -301,7 +301,8 @@ static int get_nvram_key(uint8_t *digest, int *migrate)
 	/* Ignore unowned TPM's NVRAM area. */
 	result = tpm_owned(&owned);
 	if (result != TPM_SUCCESS) {
-		INFO("Could not read TPM Permanent Flags.");
+		INFO("Could not read TPM Permanent Flags: error 0x%02x.",
 		     result);
 		return 0;
 	}
 	if (!owned) {
@@ -324,7 +325,7 @@ static int get_nvram_key(uint8_t *digest, int *migrate)
 		result = _read_nvram(value, sizeof(value), kLockboxIndex, size);
 		if (result != TPM_SUCCESS) {
 			/* No NVRAM area at all. */
-			INFO("No NVRAM area defined.");
+			INFO("No NVRAM area defined: error 0x%02x", result);
 			return 0;
 		}
 		/* Legacy NVRAM area. */
@@ -440,7 +441,7 @@ static int get_random_bytes_tpm(unsigned char *buffer, int wanted)
 		result = TlclGetRandom(buffer + (wanted - remaining),
 				       remaining, &size);
 		if (result != TPM_SUCCESS || size > remaining) {
-			ERROR("TPM GetRandom failed.");
+			ERROR("TPM GetRandom failed: error 0x%02x.", result);
 			return 0;
 		}
 		remaining -= size;