From 11740ea761ac5a1eb84c865edbdcd750f2a8b04f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Renaud=20M=C3=A9trich?= Date: Wed, 8 Sep 2021 14:02:07 +0200 Subject: [PATCH] Don't make shim abort when TPM log event fails (RHBZ #2002265) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Dell hardware booted in UEFI with option TPM 1.2 "On without Pre-Boot Measurements", it appears that `tpm_log_event()` fails with Unsupported, which causes Shim to abort due to believing it couldn't set up the MokListRT, MokListXRT and SbatLevelRT variables. This patch ignore the error when trying to write to the TPM and sets the TPM as 'defective' to not try to write to it anymore. Signed-off-by: Renaud Métrich --- tpm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tpm.c b/tpm.c index 5af5f173e..41f36651e 100644 --- a/tpm.c +++ b/tpm.c @@ -10,6 +10,7 @@ typedef struct { UINTN measuredcount = 0; VARIABLE_RECORD *measureddata = NULL; +static BOOLEAN tpm_defective = FALSE; static BOOLEAN tpm_present(efi_tpm_protocol_t *tpm) { @@ -18,6 +19,9 @@ static BOOLEAN tpm_present(efi_tpm_protocol_t *tpm) UINT32 flags; EFI_PHYSICAL_ADDRESS eventlog, lastevent; + if (tpm_defective) + return FALSE; + caps.Size = (UINT8)sizeof(caps); efi_status = tpm->status_check(tpm, &caps, &flags, &eventlog, &lastevent); @@ -192,6 +196,12 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size, (UINT64)size, TPM_ALG_SHA, event, &eventnum, &lastevent); } + if (efi_status == EFI_UNSUPPORTED) { + perror(L"Could not write TPM event: %r. Considering " + "the TPM as defective.\n", efi_status); + tpm_defective = TRUE; + efi_status = EFI_SUCCESS; + } FreePool(event); return efi_status; }