cr50: modify tpm_endorse() error reporting logicstabilize-9765.7.B

Using zero to represent success make it cleaner when processing return values of this function. Also, let's report different failures using different error values. Note that nobody checks this function's return value yet. BRANCH=cr50 BUG=b:63686091 TEST=none Change-Id: If25d30e637701f6c37f3ce75e5a5d5315e0e86e9 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/579583 Reviewed-by: Marius Schilder <mschilder@chromium.org> Reviewed-by: Nick Sanders <nsanders@chromium.org>
author: Vadim Bendebury <vbendeb@chromium.org> 2017-07-20 09:40:23 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2017-07-20 19:25:56 -0700
commit: 3e6c71ea2740a4a1c4c156e43e4fc81a2587ceb5 (patch)
tree: 2396f72118bbd84b873b680d7575f73d9d9c299b
parent: 4e3970529b9f672b983c478a49dbd337140b7e4d (diff)
download: chrome-ec-stabilize-9765.7.B.tar.gz
2 files changed, 30 insertions, 10 deletions
diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c
index dc0e09a789..23a9f3539a 100644
--- a/board/cr50/tpm2/endorsement.c
+++ b/board/cr50/tpm2/endorsement.c
@@ -517,7 +517,7 @@ static int handle_cert(
 	return 1;
 }
 
-int tpm_endorse(void)
+enum manufacturing_status tpm_endorse(void)
 {
 	struct ro_cert_response {
 		uint8_t key_id[4];
@@ -541,7 +541,7 @@ int tpm_endorse(void)
 	const uint32_t *c = (const uint32_t *) RO_CERTS_START_ADDR;
 	const struct ro_cert *rsa_cert;
 	const struct ro_cert *ecc_cert;
-	int result = 0;
+	enum manufacturing_status result;
 	uint8_t eps[PRIMARY_SEED_SIZE];
 
 	LITE_HMAC_CTX hmac;
@@ -550,11 +550,11 @@ int tpm_endorse(void)
 
 	/* First boot, certs not yet installed. */
 	if (*c == 0xFFFFFFFF)
-		return 0;
+		return mnf_no_certs;
 
 	if (!get_decrypted_eps(eps)) {
 		CPRINTF("%s(): failed to read eps\n", __func__);
-		return 0;
+		return mnf_eps_decr;
 	}
 
 	/* Unpack rsa cert struct. */
@@ -562,7 +562,7 @@ int tpm_endorse(void)
 	/* Sanity check cert region contents. */
 	if ((2 * sizeof(struct ro_cert)) +
 		rsa_cert->cert_response.cert_len > RO_CERTS_REGION_SIZE)
-		return 0;
+		return mnf_bad_rsa_size;
 
 	/* Unpack ecc cert struct. */
 	ecc_cert = (const struct ro_cert *) (p + sizeof(struct ro_cert) +
@@ -571,16 +571,16 @@ int tpm_endorse(void)
 	if ((2 * sizeof(struct ro_cert)) +
 		rsa_cert->cert_response.cert_len +
 		ecc_cert->cert_response.cert_len > RO_CERTS_REGION_SIZE)
-		return 0;
+		return mnf_bad_total_size;
 
 	/* Verify expected component types. */
 	if (rsa_cert->cert_info.component_type !=
 		CROS_PERSO_COMPONENT_TYPE_RSA_CERT) {
-		return 0;
+		return mnf_bad_rsa_type;
 	}
 	if (ecc_cert->cert_info.component_type !=
 		CROS_PERSO_COMPONENT_TYPE_P256_CERT) {
-		return 0;
+		return mnf_bad_ecc_type;
 	}
 
 	do {
@@ -617,6 +617,7 @@ int tpm_endorse(void)
 			/* TODO(ngm): is this state considered
 			 * endorsement failure?
 			 */
+			result = mnf_hmac_mismatch;
 			break;
 		}
 
@@ -625,6 +626,7 @@ int tpm_endorse(void)
 				(struct cros_perso_certificate_response_v0 *)
 				&rsa_cert->cert_response, eps)) {
 			CPRINTF("%s: Failed to process RSA cert\n", __func__);
+			result = mnf_rsa_proc;
 			break;
 		}
 		CPRINTF("%s: RSA cert install success\n", __func__);
@@ -634,6 +636,7 @@ int tpm_endorse(void)
 				(struct cros_perso_certificate_response_v0 *)
 				&ecc_cert->cert_response, eps)) {
 			CPRINTF("%s: Failed to process ECC cert\n", __func__);
+			result = mnf_ecc_proc;
 			break;
 		}
 		CPRINTF("%s: ECC cert install success\n", __func__);
@@ -641,6 +644,7 @@ int tpm_endorse(void)
 		/* Copy EPS from INFO1 to flash data region. */
 		if (!store_eps(eps)) {
 			CPRINTF("%s(): eps storage failed\n", __func__);
+			result = mnf_store;
 			break;
 		}
 
@@ -648,7 +652,7 @@ int tpm_endorse(void)
 		endorsement_complete();
 
 		/* Chip has been marked as manufactured. */
-		result = 1;
+		result = mnf_success;
 	} while (0);
 
 	always_memset(eps, 0, sizeof(eps));
diff --git a/include/tpm_manufacture.h b/include/tpm_manufacture.h
index f43fd9ec13..f12db82bf9 100644
--- a/include/tpm_manufacture.h
+++ b/include/tpm_manufacture.h
@@ -13,6 +13,22 @@
 
 /* Returns non-zero if the TPM manufacture steps have been completed. */
 int tpm_manufactured(void);
-int tpm_endorse(void);
+
+/* Codes for success and various manufacturing error conditions. */
+enum manufacturing_status {
+	mnf_success = 0,
+	mnf_no_certs = 1,
+	mnf_eps_decr = 2,
+	mnf_bad_rsa_size = 3,
+	mnf_bad_total_size = 4,
+	mnf_bad_rsa_type = 5,
+	mnf_bad_ecc_type = 6,
+	mnf_hmac_mismatch = 7,
+	mnf_rsa_proc = 8,
+	mnf_ecc_proc = 9,
+	mnf_store = 10,
+};
+
+enum manufacturing_status tpm_endorse(void);
 
 #endif	/* __CROS_EC_TPM_MANUFACTURE_H */
author	Vadim Bendebury <vbendeb@chromium.org>	2017-07-20 09:40:23 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2017-07-20 19:25:56 -0700
commit	3e6c71ea2740a4a1c4c156e43e4fc81a2587ceb5 (patch)
tree	2396f72118bbd84b873b680d7575f73d9d9c299b
parent	4e3970529b9f672b983c478a49dbd337140b7e4d (diff)
download	chrome-ec-stabilize-9765.7.B.tar.gz