Tlcl: allow OS failures to bubble up to caller

If there were any errors communicating with the TPM at the OS layer
(open, read, write failures), the library would immediately exit, not
allowing the caller to make any decisions about how to handle it. This
introduces a way to initialize the library so that errors will get passed
back up to the caller instead of unceremoniously exiting.

Setting the environment variable "TPM_NO_EXIT=1" enables the feature. To
avoid needing to implement supporting functions in all backends, the
feature is currently limited to just the Tlcl stub implementation.

In the case of mount-encrypted, it can now survive the kernel returning
read/write failures. In the past it had only worked around having open
fail, but that has now been replaced with more sensible logic instead of
the environment variable trickiness.

TEST=daisy built with an always-failing kernel driver, u-boot builds too

Change-Id: Ic7b217017537980f9c239d678067398613045676
Signed-off-by: Kees Cook <>
Reviewed-by: Luigi Semenzato <>
4 files changed