tpm2: Log command that put TPM 2 into failure mode

Once we detect that the TPM 2 was put into failure mode, log the command that did it. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2026-01-03 07:14:35 +00:00 · 2018-12-04 16:39:32 -05:00 · 2018-12-04 16:39:32 -05:00 · bc4aab3613
commit bc4aab3613
parent b1832e9fed
3 changed files with 38 additions and 1 deletions
--- a/src/tpm_library.c
+++ b/src/tpm_library.c
@ -546,6 +546,33 @@ void TPMLIB_LogPrintfA(unsigned int indent, const char *format, ...)
    va_end(args);
 }

+/*
+ * TPMLIB_LogArray: Display an array of data
+ *
+ * @indent: how many spaces to indent; indent of ~0 forces logging
+ *          with indent 0 even if not debug_level is set
+ * @data: the data to print
+ * @datalen: length of the data
+ */
+void TPMLIB_LogArray(unsigned int indent, const unsigned char *data,
+                     size_t datalen)
+{
+    char line[80];
+    size_t i, o = 0;
+
+    for (i = 0; i < datalen; i++) {
+        snprintf(&line[o], sizeof(line) - o, "%02x ", data[i]);
+        o += 3;
+        if (o >= 16 * 3) {
+            TPMLIB_LogPrintfA(indent, "%s\n", line);
+            o = 0;
+        }
+    }
+    if (o > 0) {
+        TPMLIB_LogPrintfA(indent, "%s\n", line);
+    }
+}
+
 void ClearCachedState(enum TPMLIB_StateType st)
 {
    free(cached_blobs[st].buffer);
--- a/src/tpm_library_intern.h
+++ b/src/tpm_library_intern.h
@ -103,7 +103,8 @@ TPM_RESULT TPM12_IO_TpmEstablished_Reset(void);
 int TPMLIB_LogPrintf(const char *format, ...);
 void TPMLIB_LogPrintfA(unsigned int indent, const char *format, ...) \
     ATTRIBUTE_FORMAT(2, 3);
-
+void TPMLIB_LogArray(unsigned int indent, const unsigned char *data,
+                     size_t datalen);

 #define TPMLIB_LogError(format, ...) \
     TPMLIB_LogPrintfA(~0, "libtpms: "format, __VA_ARGS__)
--- a/src/tpm_tpm2_interface.c
+++ b/src/tpm_tpm2_interface.c
@ -66,6 +66,7 @@
 #include "tpm_nvfilename.h"

 extern BOOL      g_inFailureMode;
+static BOOL      reportedFailureCommand;

 /*
 * Check whether the main NVRAM file exists. Return TRUE if it doesn, FALSE otherwise
@ -97,6 +98,7 @@ TPM_RESULT TPM2_MainInit(void)
    bool has_cached_state;

    g_inFailureMode = FALSE;
+    reportedFailureCommand = FALSE;

 #ifdef TPM_LIBTPMS_CALLBACKS
    struct libtpms_callbacks *cbs = TPMLIB_GetCallbacks();
@ -200,6 +202,13 @@ TPM_RESULT TPM2_Process(unsigned char **respbuffer, uint32_t *resp_size,

    *resp_size = resp.BufferSize;

+    if (g_inFailureMode && !reportedFailureCommand) {
+        reportedFailureCommand = TRUE;
+        TPMLIB_LogTPM2Error("%s: Entered failure mode through command:\n",
+                            __func__);
+        TPMLIB_LogArray(~0, command, command_size);
+    }
+
    return TPM_SUCCESS;
 }