diff options
| author | Mary Ruthven <mruthven@chromium.org> | 2023-03-23 12:06:48 -0500 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-04-17 22:07:26 +0000 |
| commit | 058ae2bf2a86fd45abe219a443619035f8fdcfdc (patch) | |
| tree | e5e546547253c20df3eda94fb0645e635377b1e8 | |
| parent | e7976477ffaf388e90cebeeafb48e499d5d3b6b3 (diff) | |
| download | chrome-ec-058ae2bf2a86fd45abe219a443619035f8fdcfdc.tar.gz | |
cr50: add update fwmp policies hook
Update the FWMP WP policies whenever the fwmp is written or whenever the
AP comes out of reset. Add a board_fwmp_update_policies function that is
when TPM_RST_L is deasserted and called _plat__NvInformIndexDataChanged
shows the FWMP is written.
BUG=b:268352167
TEST=make buildall -j
Change-Id: Ia00a356b88a36fb879c208b248da08825f21abca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367524
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rw-r--r-- | board/cr50/board.c | 2 | ||||
| -rw-r--r-- | board/cr50/board.h | 1 | ||||
| -rw-r--r-- | board/cr50/tpm2/NVMem.c | 3 | ||||
| -rw-r--r-- | board/cr50/wp.c | 7 |
4 files changed, 13 insertions, 0 deletions
diff --git a/board/cr50/board.c b/board/cr50/board.c index dff0b7bfac..d099442965 100644 --- a/board/cr50/board.c +++ b/board/cr50/board.c @@ -1147,6 +1147,8 @@ static void deferred_tpm_rst_isr(void) * then. */ if (!reboot_request_posted || other_rw_is_inactive()) { + /* Update fwmp policies each boot. */ + board_fwmp_update_policies(); /* Reset TPM, no need to wait for completion. */ tpm_reset_request(0, 0); return; diff --git a/board/cr50/board.h b/board/cr50/board.h index add2fb9e6a..139a30ee70 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -396,6 +396,7 @@ void power_button_release_enable_interrupt(int enable); int board_battery_is_present(void); int board_fwmp_allows_boot_policy_update(void); int board_fwmp_allows_unlock(void); +void board_fwmp_update_policies(void); int board_vboot_dev_mode_enabled(void); void board_reboot_ap(void); void board_reboot_ec(void); diff --git a/board/cr50/tpm2/NVMem.c b/board/cr50/tpm2/NVMem.c index 54958a3045..9ea2c83926 100644 --- a/board/cr50/tpm2/NVMem.c +++ b/board/cr50/tpm2/NVMem.c @@ -17,6 +17,7 @@ #include "TPM_Types.h" #include "TpmError.h" #include "assert.h" +#include "ccd_config.h" #include "ec_comm.h" #include "nvmem.h" #include "tpm_nvmem.h" @@ -194,6 +195,8 @@ void _plat__ClearNvAvail(void) void _plat__NvInformIndexDataChanged(unsigned int handle) { + if (handle == (HR_NV_INDEX + FWMP_NV_INDEX)) + board_fwmp_update_policies(); if (handle == (HR_NV_INDEX + KERNEL_NV_INDEX)) ec_efs_refresh(); } diff --git a/board/cr50/wp.c b/board/cr50/wp.c index fe0dc2da29..54dc17318c 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -496,6 +496,13 @@ int board_fwmp_allows_boot_policy_update(void) return fwmp_allows(BOOT_POLICY_UPDATE); } +void board_fwmp_update_policies(void) +{ +#ifdef CR50_DEV + CPRINTS("Update fwmp policies."); +#endif +} + int board_vboot_dev_mode_enabled(void) { struct RollbackSpaceFirmware fw; |