| From foo@baz Sat Nov 10 11:24:34 PST 2018 |
| From: Javier Martinez Canillas <javierm@redhat.com> |
| Date: Thu, 30 Aug 2018 16:40:05 +0200 |
| Subject: tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated |
| |
| From: Javier Martinez Canillas <javierm@redhat.com> |
| |
| [ Upstream commit 0d6d0d62d9505a9816716aa484ebd0b04c795063 ] |
| |
| For TPM 1.2 chips the system setup utility allows to set the TPM device in |
| one of the following states: |
| |
| * Active: Security chip is functional |
| * Inactive: Security chip is visible, but is not functional |
| * Disabled: Security chip is hidden and is not functional |
| |
| When choosing the "Inactive" state, the TPM 1.2 device is enumerated and |
| registered, but sending TPM commands fail with either TPM_DEACTIVATED or |
| TPM_DISABLED depending if the firmware deactivated or disabled the TPM. |
| |
| Since these TPM 1.2 error codes don't have special treatment, inactivating |
| the TPM leads to a very noisy kernel log buffer that shows messages like |
| the following: |
| |
| tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) |
| tpm tpm0: A TPM error (6) occurred attempting to read a pcr value |
| tpm tpm0: TPM is disabled/deactivated (0x6) |
| tpm tpm0: A TPM error (6) occurred attempting get random |
| tpm tpm0: A TPM error (6) occurred attempting to read a pcr value |
| ima: No TPM chip found, activating TPM-bypass! (rc=6) |
| tpm tpm0: A TPM error (6) occurred attempting get random |
| tpm tpm0: A TPM error (6) occurred attempting get random |
| tpm tpm0: A TPM error (6) occurred attempting get random |
| tpm tpm0: A TPM error (6) occurred attempting get random |
| |
| Let's just suppress error log messages for the TPM_{DEACTIVATED,DISABLED} |
| return codes, since this is expected when the TPM 1.2 is set to Inactive. |
| |
| In that case the kernel log is cleaner and less confusing for users, i.e: |
| |
| tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) |
| tpm tpm0: TPM is disabled/deactivated (0x6) |
| ima: No TPM chip found, activating TPM-bypass! (rc=6) |
| |
| Reported-by: Hans de Goede <hdegoede@redhat.com> |
| Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> |
| Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> |
| Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/char/tpm/tpm-interface.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/char/tpm/tpm-interface.c |
| +++ b/drivers/char/tpm/tpm-interface.c |
| @@ -420,7 +420,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip |
| header = cmd; |
| |
| err = be32_to_cpu(header->return_code); |
| - if (err != 0 && desc) |
| + if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED |
| + && desc) |
| dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, |
| desc); |
| |