From 3393104984064dcc3eacaa87880fbc6840374396 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 10 Jul 2023 12:20:33 +0200
Subject: [PATCH 1/2] tpm2-util: Check for dlopen() when calculating tpm2
 support

---
 src/creds/creds.c      | 6 ++++--
 src/shared/tpm2-util.c | 4 ++++
 src/shared/tpm2-util.h | 3 ++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/creds/creds.c b/src/creds/creds.c
index 51efe27616..679b0750de 100644
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -636,11 +636,13 @@ static int verb_has_tpm2(int argc, char **argv, void *userdata) {
                 printf("%sfirmware\n"
                        "%sdriver\n"
                        "%ssystem\n"
-                       "%ssubsystem\n",
+                       "%ssubsystem\n"
+                       "%slibraries\n",
                        plus_minus(s & TPM2_SUPPORT_FIRMWARE),
                        plus_minus(s & TPM2_SUPPORT_DRIVER),
                        plus_minus(s & TPM2_SUPPORT_SYSTEM),
-                       plus_minus(s & TPM2_SUPPORT_SUBSYSTEM));
+                       plus_minus(s & TPM2_SUPPORT_SUBSYSTEM),
+                       plus_minus(s & TPM2_SUPPORT_LIBRARIES));
         }
 
         /* Return inverted bit flags. So that TPM2_SUPPORT_FULL becomes EXIT_SUCCESS and the other values
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index c991109f72..9166b6593f 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -4195,6 +4195,10 @@ Tpm2Support tpm2_support(void) {
 
 #if HAVE_TPM2
         support |= TPM2_SUPPORT_SYSTEM;
+
+        r = dlopen_tpm2();
+        if (r >= 0)
+                support |= TPM2_SUPPORT_LIBRARIES;
 #endif
 
         return support;
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index c34239854b..ad867b9d1d 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -183,7 +183,8 @@ typedef enum Tpm2Support {
         TPM2_SUPPORT_DRIVER    = 1 << 1,  /* the kernel has a driver loaded for it */
         TPM2_SUPPORT_SYSTEM    = 1 << 2,  /* we support it ourselves */
         TPM2_SUPPORT_SUBSYSTEM = 1 << 3,  /* the kernel has the tpm subsystem enabled */
-        TPM2_SUPPORT_FULL      = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM,
+        TPM2_SUPPORT_LIBRARIES = 1 << 4,  /* we can dlopen the tpm2 libraries */
+        TPM2_SUPPORT_FULL      = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_LIBRARIES,
 } Tpm2Support;
 
 enum {

From ed4a1e0b273970502aaa08cd603a604a42b6676b Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 10 Jul 2023 12:49:52 +0200
Subject: [PATCH 2/2] analyze-pcrs: Fix typo

---
 src/analyze/analyze-pcrs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c
index b9a6ac144a..df678ab935 100644
--- a/src/analyze/analyze-pcrs.c
+++ b/src/analyze/analyze-pcrs.c
@@ -97,7 +97,7 @@ int verb_pcrs(int argc, char *argv[], void *userdata) {
         int r;
 
         if (tpm2_support() != TPM2_SUPPORT_FULL)
-                log_notice("System has not TPM2 support, not showing PCR state.");
+                log_notice("System lacks full TPM2 support, not showing PCR state.");
         else {
                 r = get_pcr_alg(&alg);
                 if (r < 0)