tpm2: Initialize RuntimeProfile on first TPM_Manufacture()

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-12-31 20:04:03 +00:00 · 2022-06-14 17:17:32 -04:00 · 2022-06-14 17:17:32 -04:00 · 96f5dc28fd
commit 96f5dc28fd
parent 31dc25a92c
3 changed files with 17 additions and 4 deletions
--- a/src/tpm2/Manufacture.c
+++ b/src/tpm2/Manufacture.c
@ -80,14 +80,21 @@
 /* 1 manufacturing process previously performed */
 LIB_EXPORT int
 TPM_Manufacture(
-		int             firstTime       // IN: indicates if this is the first call from
+		int             firstTime,      // IN: indicates if this is the first call from
 						// main()
+		const char *    profile		// libtpms: optional profile to use
 		)
 {
    TPM_SU          orderlyShutdown;

    // Initialize the context slot mask for UINT16
-    s_ContextSlotMask = 0xffff;	// libtpms added
+    s_ContextSlotMask = 0xffff;						// libtpms added begin
+    if (firstTime) {
+	RuntimeProfileInit(&g_RuntimeProfile);
+	/* profile was tested before in SetProfile, so this should always work */
+	if (RuntimeProfileSet(&g_RuntimeProfile, profile, true) != TPM_RC_SUCCESS)
+	    return -1;
+    }									// libtpms added end
 #if RUNTIME_SIZE_CHECKS
    // Call the function to verify the sizes of values that result from different
    // compile options.
@ -193,6 +200,7 @@ TPM_TearDown(
 	     void
 	     )
 {
+    RuntimeProfileFree(&g_RuntimeProfile);	// libtpms added
    g_manufactured = FALSE;
    return 0;
 }
--- a/src/tpm2/Manufacture_fp.h
+++ b/src/tpm2/Manufacture_fp.h
@ -81,8 +81,9 @@
 #define MANUF_FIRST_TIME    1
 #define MANUF_REMANUFACTURE 0
 LIB_EXPORT int TPM_Manufacture(
-			       int firstTime  // IN: indicates if this is the first call from
+			       int firstTime, // IN: indicates if this is the first call from
 			       //     main()
+			       const char     *profile	// libtpms added
 			       );

 //*** TPM_TearDown()
--- a/src/tpm_tpm2_interface.c
+++ b/src/tpm_tpm2_interface.c
@ -69,6 +69,7 @@

 extern BOOL      g_inFailureMode;
 static BOOL      reportedFailureCommand;
+static char     *g_profile;

 /*
 * Check whether the main NVRAM file exists. Return TRUE if it doesn, FALSE otherwise
@ -136,7 +137,7 @@ static TPM_RESULT TPM2_MainInit(void)
                TPMLIB_LogTPM2Error(
                    "%s: _plat__NVEnable(NULL) failed: %d\n",
                    __func__, ret);
-            if (TPM_Manufacture(TRUE) < 0 || g_inFailureMode) {
+            if (TPM_Manufacture(TRUE, g_profile) < 0 || g_inFailureMode) {
                TPMLIB_LogTPM2Error("%s: TPM_Manufacture(TRUE) failed or TPM in "
                                    "failure mode\n", __func__);
                reportedFailureCommand = TRUE;
@ -171,6 +172,9 @@ static void TPM2_Terminate(void)

    _rpc__Signal_PowerOff();
    ExpDCacheFree();
+
+    free(g_profile);
+    g_profile = NULL;
 }

 static TPM_RESULT TPM2_Process(unsigned char **respbuffer, uint32_t *resp_size,