[tboot-devel] [PATCH 3 of 3] Disable TPR support in ACM capabilities (TXT Heap/OsSinitData)

Mon, 19 Jan 2026 11:08:44 -0800 

# HG changeset patch
# User Michal Camacho Romero <[email protected]>
# Date 1767800720 -3600
#      Wed Jan 07 16:45:20 2026 +0100
# Node ID f24ac8c37095e6a0ffb2f781ad2202656a249caa
# Parent  f26f17cb735a0c2e814728b852e701778c800406
Disable TPR support in ACM capabilities (TXT Heap/OsSinitData)

diff -r f26f17cb735a -r f24ac8c37095 tboot/common/tboot.c
--- a/tboot/common/tboot.c      Wed Jan 07 16:14:51 2026 +0100
+++ b/tboot/common/tboot.c      Wed Jan 07 16:45:20 2026 +0100
@@ -352,7 +352,6 @@
 void begin_launch(void *addr, uint32_t magic)
 {
     tb_error_t err;
-    bool force_pmrs = false;
 
     if (g_ldr_ctx->type == 0)        
         determine_loader_type(addr, magic);
@@ -456,11 +455,9 @@
            apply_policy(TB_ERR_ACMOD_VERIFY_FAILED);
     }
 
-    force_pmrs = get_tboot_force_pmrs();
-
     //We need to have g_sinit point to SINIT ACM before we can run 
is_tpr_supported
     //This global variable decides whether PMR or TPR is used
-    g_tpr_support = is_tpr_supported(force_pmrs);
+    g_tpr_support = is_tpr_supported(get_tboot_force_pmrs());
 
     /* make TPM ready for measured launch */
     if (!tpm_detect())
diff -r f26f17cb735a -r f24ac8c37095 tboot/txt/txt.c
--- a/tboot/txt/txt.c   Wed Jan 07 16:14:51 2026 +0100
+++ b/tboot/txt/txt.c   Wed Jan 07 16:45:20 2026 +0100
@@ -111,6 +111,8 @@
                                                        TBOOT_BASE_ADDR,
 };
 
+static bool g_force_pmrs = false;
+
 /*
  * counts of APs going into wait-for-sipi
  */
@@ -667,6 +669,14 @@
         printk(TBOOT_ERR"SINIT capabilities are incompatible (0x%x)\n", 
sinit_caps._raw);
         return NULL;
     }
+
+    if (g_tpr_support == false && g_force_pmrs == true)
+    {
+        os_sinit_data->capabilities.tpr_support = 0;
+        printk(TBOOT_INFO"TPR Support disabled in the ACM capabilities "
+                         "(OsSinitData).\n");
+    }
+
     if ( get_evtlog_type() == EVTLOG_TPM2_TCG ) {
         printk(TBOOT_INFO"SINIT ACM supports TCG compliant TPM 2.0 event log 
format, tcg_event_log_format = %d \n", 
               sinit_caps.tcg_event_log_format);
@@ -830,6 +840,7 @@
     // Disable TPR support, if "force_pmrs" cmdline option was set
     if (force_pmrs)
     {
+        g_force_pmrs = true;
         g_mle_hdr.capabilities.tpr_support = 0;
         printk(TBOOT_INFO"TPR Support disabled in the MLE capabilities.\n");
     }



_______________________________________________
tboot-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to