Skip to content

Commit b7b98a3

Browse files
liqiqiiiliqiqiii
committed
tested
1 parent ff2eb2b commit b7b98a3

File tree

1 file changed

+20
-14
lines changed

1 file changed

+20
-14
lines changed

SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1429,20 +1429,16 @@ Tcg2SubmitCommand (
14291429

14301430
//
14311431
// Always attempt to submit the command, but if the TPM is already flagged
1432-
// as not present, we expect it to fail.
1432+
// as not present, we expect it to fail other than the capsule update scenario.
14331433
//
1434-
if (!mTcgDxeData.BsCap.TPMPresentFlag) {
1435-
DEBUG ((DEBUG_WARN, "%a: TPMPresentFlag is FALSE. Expecting command to fail.\n", __FUNCTION__));
1436-
}
1437-
14381434
CurrentOutputBlockSize = OutputParameterBlockSize;
1439-
Status = Tpm2SubmitCommand (
1440-
InputParameterBlockSize,
1441-
InputParameterBlock,
1442-
&CurrentOutputBlockSize,
1443-
OutputParameterBlock
1444-
);
1445-
if (EFI_ERROR (Status)) {
1435+
Status = Tpm2SubmitCommand (
1436+
InputParameterBlockSize,
1437+
InputParameterBlock,
1438+
&CurrentOutputBlockSize,
1439+
OutputParameterBlock
1440+
);
1441+
if (EFI_ERROR (Status)) {
14461442
return mTcgDxeData.BsCap.TPMPresentFlag ? Status : EFI_DEVICE_ERROR;
14471443
}
14481444

@@ -1456,13 +1452,23 @@ if (EFI_ERROR (Status)) {
14561452
// The responseCode field is at offset 6 of the response header.
14571453
//
14581454
ResponseCode = SwapBytes32 (ReadUnaligned32 ((UINT32 *)(OutputParameterBlock + 6)));
1459-
1455+
DEBUG ((DEBUG_ERROR, "Response code is %x", ResponseCode));
1456+
// If the response code ever equals to TPM_RC_UPGRADE, it means the TPM is in field
1457+
// upgrade mode, we set both flags to TRUE.
14601458
if (ResponseCode == TPM_RC_UPGRADE) {
14611459
DEBUG ((DEBUG_INFO, "TPM response code TPM_RC_UPDATE received. Setting flag.\n"));
14621460
mTcgDxeData.TpmUpdateFlag = TRUE;
1461+
mTcgDxeData.BsCap.TPMPresentFlag = TRUE;
1462+
}
1463+
1464+
// Now that we have set the TPMPresentFlag, it should be able to reflect the actual TPM presence.
1465+
if (!mTcgDxeData.BsCap.TPMPresentFlag) {
1466+
DEBUG ((DEBUG_WARN, "%a: TPMPresentFlag is FALSE. Expecting command to fail.\n", __FUNCTION__));
1467+
return EFI_DEVICE_ERROR;
14631468
}
14641469

1465-
if (ResponseCode != TPM_RC_SUCCESS) {
1470+
// If the response code is not TPM_RC_SUCCESS and the device is not in field update mode, return error.
1471+
if (ResponseCode != TPM_RC_SUCCESS && mTcgDxeData.TpmUpdateFlag == FALSE) {
14661472
DEBUG ((DEBUG_ERROR, "%a: Command failed with response code 0x%x\n", __FUNCTION__, ResponseCode));
14671473
return EFI_DEVICE_ERROR;
14681474
}

0 commit comments

Comments
 (0)