From 10607ab68703a1e2c683ec3c50720aeb681fd590 Mon Sep 17 00:00:00 2001
From: Philip Tricca <flihp@twobit.us>
Date: Mon, 5 May 2014 02:42:09 +0000
Subject: [PATCH] Add patch to cause tboot to boot the kernel if the TXT error
 register has a valid error code set from the previous boot.

---
 .../tboot/files/tboot-no-senter-on-error.diff | 25 +++++++++++++++++++
 recipes-txt/tboot/tboot.inc                   |  1 +
 2 files changed, 26 insertions(+)
 create mode 100644 recipes-txt/tboot/files/tboot-no-senter-on-error.diff

diff --git a/recipes-txt/tboot/files/tboot-no-senter-on-error.diff b/recipes-txt/tboot/files/tboot-no-senter-on-error.diff
new file mode 100644
index 0000000..52c9024
--- /dev/null
+++ b/recipes-txt/tboot/files/tboot-no-senter-on-error.diff
@@ -0,0 +1,25 @@
+This patch causes tboot to launch the kernel very early on if there is a TXT
+error code set on the previous boot. This prevents an infinite boot loop when
+an error occurs. This isn't a security issue (I think) as the TXT hardware
+invalidates dynamic PCRs when the measured launch doesn't succeed.
+
+Signed-off-by: Philip Tricca <flihp@twobit.us>
+
+--- a/tboot/common/tboot.c
++++ b/tboot/common/tboot.c
+@@ -435,10 +435,12 @@ void begin_launch(void *addr, uint32_t m
+ 
+     /* check for error from previous boot */
+     printk(TBOOT_INFO"checking previous errors on the last boot.\n\t");
+-    if ( was_last_boot_error() )
+-        printk(TBOOT_INFO"last boot has error.\n");
+-    else
++    if ( was_last_boot_error() ) {
++        printk(TBOOT_INFO"last boot has error, booting kernel...\n");
++        launch_kernel(false);
++    } else {
+         printk(TBOOT_INFO"last boot has no error.\n");
++    }
+ 
+     if ( !prepare_tpm() )
+         apply_policy(TB_ERR_TPM_NOT_READY);
diff --git a/recipes-txt/tboot/tboot.inc b/recipes-txt/tboot/tboot.inc
index 2f46c2d..f361eec 100644
--- a/recipes-txt/tboot/tboot.inc
+++ b/recipes-txt/tboot/tboot.inc
@@ -12,6 +12,7 @@ SRC_URI += " \
     file://tboot-cross-compile.patch \
     file://tboot-tb_polgen-params-print-type.patch \
     file://no-install-strip.patch \
+    file://tboot-no-senter-on-error.diff \
 "
 
 COMPATIBLE_HOST = '(x86_64|i.86).*-(linux|freebsd.*)'