efi_loader: efi_tcg2_register returns appropriate error This commit modify efi_tcg2_register() to return the appropriate error. With this fix, sandbox will not boot because efi_tcg2_register() fails due to some missing feature in GetCapabilities. So disable sandbox if EFI_TCG2_PROTOCOL is enabled. UEFI secure boot variable measurement is not directly related to TCG2 protocol installation, tcg2_measure_secure_boot_variable() is moved to the separate function. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

commit: 54bec17f6b0326bbc22f993d28170d4c4df4ceed [log] [tgz]
author: Masahisa Kojima <masahisa.kojima@linaro.org> Tue Dec 07 14:15:31 2021 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Thu Dec 09 11:43:25 2021 -0800
tree: 8abef9e20ff7c5496c62ee7f730590733b77c6e3
parent: 446266b024c971a6afa4eb256b2995a245d4eb49 [diff] [blame]
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 700dc83..24f9a2b 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig

@@ -308,6 +308,8 @@
 	bool "EFI_TCG2_PROTOCOL support"
 	default y
 	depends on TPM_V2
+	# Sandbox TPM currently fails on GetCapabilities needed for TCG2
+	depends on !SANDBOX
 	select SHA1
 	select SHA256
 	select SHA384
commit	54bec17f6b0326bbc22f993d28170d4c4df4ceed	[log] [tgz]
author	Masahisa Kojima <masahisa.kojima@linaro.org>	Tue Dec 07 14:15:31 2021 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Thu Dec 09 11:43:25 2021 -0800
tree	8abef9e20ff7c5496c62ee7f730590733b77c6e3
parent	446266b024c971a6afa4eb256b2995a245d4eb49 [diff] [blame]