-#ifdef HAVE_TPM2_TSS
-static char *
-tpm_nvread(uint32_t nvindex, size_t *retlen)
-{
- TSS2_RC rc;
- ESYS_CONTEXT *ctx = NULL;
- ESYS_TR primary = ESYS_TR_NONE;
- ESYS_TR session = ESYS_TR_NONE;
- ESYS_TR nvobj = ESYS_TR_NONE;
- TPM2B_NV_PUBLIC *pubData = NULL;
- TPMT_SYM_DEF sym = {
- .algorithm = TPM2_ALG_AES,
- .keyBits = { .aes = 128 },
- .mode = { .aes = TPM2_ALG_CFB }
- };
- char *ret;
- size_t retwant;
-
- rc = Esys_Initialize(&ctx, NULL, NULL);
- if (rc != TSS2_RC_SUCCESS)
- return NULL;
-
- rc = Esys_Startup(ctx, TPM2_SU_CLEAR);
- debug("tpm startup %d\n", rc);
- if (rc != TSS2_RC_SUCCESS)
- goto error;
-
- rc = Esys_StartAuthSession(ctx, ESYS_TR_NONE, ESYS_TR_NONE,
- ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
- NULL, 0,
- &sym, TPM2_ALG_SHA256, &session);
- debug("tpm auth session %d\n", rc);
- if (rc != TSS2_RC_SUCCESS)
- goto error;
-
- rc = Esys_TR_FromTPMPublic(ctx, nvindex, ESYS_TR_NONE,
- ESYS_TR_NONE, ESYS_TR_NONE, &nvobj);
- debug("tpm from public %d\n", rc);
- if (rc != TSS2_RC_SUCCESS)
- goto error;
-
- rc = Esys_NV_ReadPublic(ctx, nvobj, ESYS_TR_NONE,
- ESYS_TR_NONE, ESYS_TR_NONE,
- &pubData, NULL);
- debug("tpm read public %d\n", rc);
- if (rc != TPM2_RC_SUCCESS)
- goto error;
-
- retwant = pubData->nvPublic.dataSize;
- free(pubData);
- *retlen = 0;
- ret = malloc(retwant);
- assert(ret);
- while (*retlen < retwant) {
- size_t want = retwant - *retlen;
- TPM2B_MAX_NV_BUFFER *data = NULL;
- if (want > 1024)
- want = 1024;
- rc = Esys_NV_Read(ctx, ESYS_TR_RH_OWNER, nvobj, session, ESYS_TR_NONE, ESYS_TR_NONE,
- want, *retlen, &data);
- debug("tpm nv read %d\n", rc);
- if (rc != TPM2_RC_SUCCESS) {
- free(ret);
- goto error;
- }
-
- memcpy(ret + *retlen, data->buffer, data->size);
- *retlen += data->size;
- free(data);
- }
-
- return ret;
-
- error:
- if (nvobj != ESYS_TR_NONE)
- Esys_FlushContext(ctx, nvobj);
- if (session != ESYS_TR_NONE)
- Esys_FlushContext(ctx, session);
- if (primary != ESYS_TR_NONE)
- Esys_FlushContext(ctx, primary);
- Esys_Finalize(&ctx);
- *retlen = 0;
- return NULL;
-}
-#else /* ! HAVE_TPM2_TSS */
-static char *
-tpm_nvread(uint32_t nvindex, size_t *retlen)
-{
- return NULL;
-}
-#endif /* ! HAVE_TPM2_TSS */
-