Add REQUIRE_TPM flag to treat TPM related errors as critical

Currently TPM related errors are being silently discarded.

Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>

2 files changed, 16 insertions, 2 deletions

diff --git a/Makefile b/Makefile
index 8d40ca6f..9ab19920 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,7 @@ DEBUGINFO	?= $(prefix)/lib/debug/
 DEBUGSOURCE	?= $(prefix)/src/debug/
 OSLABEL		?= $(EFIDIR)
 DEFAULT_LOADER	?= \\\\grub$(ARCH_SUFFIX).efi
+REQUIRE_TPM	?=
 
 ARCH		?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
 OBJCOPY_GTE224	= $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24)
@@ -68,6 +69,10 @@ ifneq ($(origin ENABLE_HTTPBOOT), undefined)
 	CFLAGS	+= -DENABLE_HTTPBOOT
 endif
 
+ifneq ($(origin REQUIRE_TPM), undefined)
+	CFLAGS	+= -DREQUIRE_TPM
+endif
+
 ifeq ($(ARCH),x86_64)
 	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
 		   -maccumulate-outgoing-args -m64 \
diff --git a/shim.c b/shim.c
index 51c58327..90a5ea04 100644
--- a/shim.c
+++ b/shim.c
@@ -1308,7 +1308,12 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
 		return efi_status;
 
 	/* Measure the binary into the TPM */
-	tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, sha1hash, 4);
+	efi_status = tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)data, datasize, sha1hash, 4);
+#ifdef REQUIRE_TPM
+	if (efi_status != EFI_SUCCESS) {
+		return efi_status;
+	}
+#endif
 
 	if (secure_mode ()) {
 		efi_status = verify_buffer(data, datasize, &context,
@@ -1818,7 +1823,11 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
 		goto done;
 
 	/* Measure the binary into the TPM */
-	tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4);
+	status = tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4);
+#ifdef REQUIRE_TPM
+	if (status != EFI_SUCCESS)
+		goto done;
+#endif
 
 	if (!secure_mode())
 		goto done;