diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2022-02-22 19:16:03 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2022-02-23 06:05:42 +0000 |
| commit | aa7815dcfe09549c2b680e7ed604040b932c11e6 (patch) | |
| tree | 0a84449022ade7710309495b0058ef7bd542c81f /board/cr50/tpm2/platform.c | |
| parent | 1a1168ed6db553356b8c02d4fa0f086d69f8e502 (diff) | |
| download | chrome-ec-aa7815dcfe09549c2b680e7ed604040b932c11e6.tar.gz | |
cr50: fix nvmem logic in u2f_gen_kek_seed()stabilize-14536.B-cr50_stabstabilize-14532.B-cr50_stab
The problem is in the below chain invoked on processing TPM Clear command:
_plat__OwnerClearCallback()
u2f_gen_kek_seed()
u2f_get_state()
u2f_load_or_create_state()
write_tpm_nvmem_hidden()
NvCommit()
This chain is executed only if U2F data do not exist in the NVMEM.
The end result is write_tpm_nvmem_hidden() invoking nvmem_commit()
which removes the lock, which in turn causes the error when tmp command
processor tries to commit nvmem in the end of processing the command.
This is why the problem happens only once, after the first time U2F data
is present and the above chain is not traversed.
In the fix we avoid calling u2f_get_state() from u2f_gen_kek_seed() by
updating U2F state in memory if it is loaded and in nvmem directly.
Also discovered and fixing bug that resulted in platform owner
not being properly cleaned due incorrect error checking.
_plat__OwnerClearCallback() modified to print error status.
However, this fix doesn't address a case when tpm_test.py fails first
time on TPM2_Startup.
BUG=b:199981251
TEST=tcg tests now passes without errors from clean TPM state,
test/tpm_test/tpmtest.py passes U2F tests.
in CCD with CRYPTO_TEST=1
fips kek works after initial fw upload.
fips u2f
fips kek works with U2F state.
----------------------- Test Environment -------------------------------
Test Suite Version: 2.1a
Operating System: Linux
Processor Information: Intel(R) Core(TM) i9-10885H CPU @ 2.40GHz
TDDL Version: SocketTDDL
-------------------------- Test Object ---------------------------------
TPM Vendor: CROS
TPM Firmware Version: a77bf07 2
TPM Spec Version: 1.16
Vendor Specific Info: xCG , fTPM, ,
Tested Spec Version: 1.16
---------------------- Test Result Summary -----------------------------
Test executed on: Tue Feb 22 19:07:53 2022
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I452129bd696c5207dbef22ef1489fdab924677eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482484
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'board/cr50/tpm2/platform.c')
| -rw-r--r-- | board/cr50/tpm2/platform.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c index 25d7bffcc5..42e3a95b53 100644 --- a/board/cr50/tpm2/platform.c +++ b/board/cr50/tpm2/platform.c @@ -7,6 +7,7 @@ #include "TPM_Types.h" #include "ccd_config.h" +#include "console.h" #include "pinweaver.h" #include "tpm_nvmem.h" #include "dcrypto.h" @@ -14,6 +15,8 @@ #include "util.h" #include "version.h" +#define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ## args) + uint16_t _cpri__GenerateRandom(size_t random_size, uint8_t *buffer) { @@ -94,6 +97,10 @@ BOOL _plat__ShallSurviveOwnerClear(uint32_t index) void _plat__OwnerClearCallback(void) { + enum ec_error_list rv; + /* Invalidate existing u2f registrations. */ - u2f_gen_kek_seed(0 /* commit */); + rv = u2f_gen_kek_seed(); + if (rv != EC_SUCCESS) + CPRINTF("%s: failed (%d)\n", __func__, rv); } |