m/n/core: only warn if no TPM 2.0 has been found Currently the TPM is basically unused. The only user is the generator of node and cluster unlock keys, which get fed with both TPM and local entropy which marginally increases security. This converts a missing TPM 2.0 into a warning and falls back to generating both of those keys purely with Linux entropy, allowing Metropolis to boot on hardware without a TPM 2.0. Change-Id: I910f9768ede554e5ec2c3a35079a6799d1ee9c8c Reviewed-on: https://review.monogon.dev/c/monogon/+/514 Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

commit: 8b786897cc419483fa586fd620c3d725d7bd6a95 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Thu Jan 13 14:21:16 2022 +0100
committer: Lorenz Brun <lorenz@monogon.tech> Thu Jan 13 16:46:06 2022 +0000
tree: 1e4f582b8c2272b73970e4727171175320aeab7c
parent: 57d06a7cfa461f367d4362ccecf4a2d66068a1f9 [diff] [blame]
diff --git a/metropolis/pkg/tpm/tpm.go b/metropolis/pkg/tpm/tpm.go
index f84aac6..de9b0d8 100644
--- a/metropolis/pkg/tpm/tpm.go
+++ b/metropolis/pkg/tpm/tpm.go

@@ -180,6 +180,14 @@
 	return nil
 }
 
+// IsInitialized returns true if Initialize was called an at least one
+// TPM 2.0 was found and initialized. Otherwise it returns false.
+func IsInitialized() bool {
+	lock.Lock()
+	defer lock.Unlock()
+	return !(tpm == nil)
+}
+
 // GenerateSafeKey uses two sources of randomness (Kernel & TPM) to generate
 // the key
 func GenerateSafeKey(size uint16) ([]byte, error) {
commit	8b786897cc419483fa586fd620c3d725d7bd6a95	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Thu Jan 13 14:21:16 2022 +0100
committer	Lorenz Brun <lorenz@monogon.tech>	Thu Jan 13 16:46:06 2022 +0000
tree	1e4f582b8c2272b73970e4727171175320aeab7c
parent	57d06a7cfa461f367d4362ccecf4a2d66068a1f9 [diff] [blame]