tpmr: Provide reset for both TPM1 and TPM2

tpmr reset now works for both TPM1 and TPM2; bring in TPM1 logic from tpm-reset. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2025-04-07 19:34:26 +00:00 · 2023-03-10 15:07:44 -05:00 · 2023-03-10 15:07:44 -05:00 · 67f3ac5103
commit 67f3ac5103
parent a2e4392497
2 changed files with 20 additions and 16 deletions
--- a/initrd/bin/tpm-reset
+++ b/initrd/bin/tpm-reset
@ -20,19 +20,4 @@ if [ "$key_password" != "$key_password2" ]; then
    die "Key passwords do not match"
 fi

-if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then
-	tpmr reset "$key_password"
-elif [ "$CONFIG_TPM" = "y" ]; then
-    # Make sure the TPM is ready to be reset
-    tpm physicalpresence -s
-    tpm physicalenable
-    tpm physicalsetdeactivated -c
-    tpm forceclear
-    tpm physicalenable
-    tpm takeown -pwdo "$key_password"
-
-    # And now turn it all back on
-    tpm physicalpresence -s
-    tpm physicalenable
-    tpm physicalsetdeactivated -c
-fi
+tpmr reset "$key_password"
--- a/initrd/bin/tpmr
+++ b/initrd/bin/tpmr
@ -508,6 +508,23 @@ tpm2_reset() {
 	tpm2 changeauth -Q -c lockout \
 		"hex:$(dd if=/dev/urandom bs=32 count=1 status=none | xxd -p | tr -d ' \n')"
 }
+tpm1_reset() {
+	TRACE "Under /bin/tpmr:tpm1_reset"
+	key_password="$1"
+
+	# Make sure the TPM is ready to be reset
+	tpm physicalpresence -s
+	tpm physicalenable
+	tpm physicalsetdeactivated -c
+	tpm forceclear
+	tpm physicalenable
+	tpm takeown -pwdo "$key_password"
+
+	# And now turn it all back on
+	tpm physicalpresence -s
+	tpm physicalenable
+	tpm physicalsetdeactivated -c
+}

 # Perform final cleanup before boot and lock the platform heirarchy.
 tpm2_kexec_finalize() {
@ -561,6 +578,8 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then
 			shift; tpm1_seal "$@";;
 		unseal)
 			shift; tpm1_unseal "$@";;
+		reset)
+			shift; tpm1_reset "$@";;
 		kexec_finalize)
 			;;	# Nothing on TPM1.
 		shutdown)