On 2/8/19 3:10 PM, Liam Merwick wrote:
From staring at the code, I do have one other question - why does the
check of the lower localities below only check 'l < locty - 1' before
setting s->loc[locty] - it seems like s->loc[locty - 1] is skipped.
627 /* cancel any seize by a lower locality */
628 for (l = 0; l < locty - 1; l++) {
629 s->loc[l].access &= ~TPM_TIS_ACCESS_SEIZE;
630 }
Uuuh. The loop is clearing the SEIZE flag on localities lower than the
current one. This works fine for locty >= 1, but not for locty = 0. I
think there's a bug here.