1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

tpm2-util: handle TPMs gracefully that do not support ECC and return TPM2_RC_VALUES

If a TPM doesn't do ECC it could either return zero curves when asked
for it, or it could simply fail with TPM2_RC_VALUES because it doesn't
recognize the capability at all.

Handle both cases the same way.

Fixes: #30679
This commit is contained in:
Lennart Poettering 2024-01-02 18:33:37 +01:00
parent 04d4086c22
commit ae17fcb61a

View File

@ -228,11 +228,14 @@ static int tpm2_get_capability(
count,
&more,
&capabilities);
if (rc == TPM2_RC_VALUE)
return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
"Requested TPM2 capability 0x%04" PRIx32 " property 0x%04" PRIx32 " apparently doesn't exist: %s",
capability, property, sym_Tss2_RC_Decode(rc));
if (rc != TSS2_RC_SUCCESS)
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
"Failed to get TPM2 capability 0x%04" PRIx32 " property 0x%04" PRIx32 ": %s",
capability, property, sym_Tss2_RC_Decode(rc));
if (capabilities->capability != capability)
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
"TPM provided wrong capability: 0x%04" PRIx32 " instead of 0x%04" PRIx32 ".",
@ -333,6 +336,8 @@ static int tpm2_cache_capabilities(Tpm2Context *c) {
current_ecc_curve,
TPM2_MAX_ECC_CURVES,
&capability);
if (r == -ENXIO) /* If the TPM doesn't support ECC, it might return TPM2_RC_VALUE rather than capability.eccCurves == 0 */
break;
if (r < 0)
return r;