From 14966e718a07906ff389ecdda063fd16b22baab9 Mon Sep 17 00:00:00 2001
From: Noel Georgi <git@frezbo.dev>
Date: Tue, 18 Jul 2023 12:58:45 +0530
Subject: [PATCH] fix: skip over tpm2 1.2 devices

For rng seed and pcr extend, let's ignore if the device is not TPM2.0
based. Seal/Unseal operations would still error out since it's
explicitly user enabled feature.

Signed-off-by: Noel Georgi <git@frezbo.dev>
---
 internal/pkg/rng/tpm.go             | 4 +++-
 internal/pkg/secureboot/tpm2/pcr.go | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/pkg/rng/tpm.go b/internal/pkg/rng/tpm.go
index 7b6353364..8fa4ef5ab 100644
--- a/internal/pkg/rng/tpm.go
+++ b/internal/pkg/rng/tpm.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/google/go-tpm/tpm2"
@@ -20,7 +21,8 @@ import (
 func TPMSeed() error {
 	t, err := transport.OpenTPM()
 	if err != nil {
-		if os.IsNotExist(err) {
+		// if the TPM is not available or not a TPM 2.0, we can skip the PCR extension
+		if os.IsNotExist(err) || strings.Contains(err.Error(), "device is not a TPM 2.0") {
 			log.Printf("TPM device is not available")
 
 			return nil
diff --git a/internal/pkg/secureboot/tpm2/pcr.go b/internal/pkg/secureboot/tpm2/pcr.go
index 308275563..70d49e011 100644
--- a/internal/pkg/secureboot/tpm2/pcr.go
+++ b/internal/pkg/secureboot/tpm2/pcr.go
@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 
 	"github.com/google/go-tpm/tpm2"
 	"github.com/google/go-tpm/tpm2/transport"
@@ -66,7 +67,8 @@ func ReadPCR(t transport.TPM, pcr int) ([]byte, error) {
 func PCRExtent(pcr int, data []byte) error {
 	t, err := transport.OpenTPM()
 	if err != nil {
-		if os.IsNotExist(err) {
+		// if the TPM is not available or not a TPM 2.0, we can skip the PCR extension
+		if os.IsNotExist(err) || strings.Contains(err.Error(), "device is not a TPM 2.0") {
 			log.Printf("TPM device is not available, skipping PCR extension")
 
 			return nil