swtpm_setup: Fail --decryption or --allow-signing without --tpm2
The help screen states that --decryption and --allow-signing require
--tpm2. Enforce this now also when checking flag combination since
neither flags would have any effect for a TPM 1.2.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
index 895a09c..bf562b4 100644
--- a/src/swtpm_setup/swtpm_setup.c
+++ b/src/swtpm_setup/swtpm_setup.c
@@ -1547,6 +1547,14 @@
logerr(gl_LOGFILE, "--reconfigure requires --tpm2.\n");
goto error;
}
+ if (flags & SETUP_ALLOW_SIGNING_F) {
+ logerr(gl_LOGFILE, "--allow-signing requires --tpm2.\n");
+ goto error;
+ }
+ if (flags & SETUP_DECRYPTION_F) {
+ logerr(gl_LOGFILE, "--decryption requires --tpm2.\n");
+ goto error;
+ }
}
if (!(flags & SETUP_RECONFIGURE_F)) {