From 058ae2bf2a86fd45abe219a443619035f8fdcfdc Mon Sep 17 00:00:00 2001
From: Mary Ruthven <mruthven@chromium.org>
Date: Thu, 23 Mar 2023 12:06:48 -0500
Subject: cr50: add update fwmp policies hook

Update the FWMP WP policies whenever the fwmp is written or whenever the
AP comes out of reset. Add a board_fwmp_update_policies function that is
when TPM_RST_L is deasserted and called _plat__NvInformIndexDataChanged
shows the FWMP is written.

BUG=b:268352167
TEST=make buildall -j

Change-Id: Ia00a356b88a36fb879c208b248da08825f21abca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4367524
Reviewed-by: Andrey Pronin <apronin@chromium.org>
---
 board/cr50/board.c      | 2 ++
 board/cr50/board.h      | 1 +
 board/cr50/tpm2/NVMem.c | 3 +++
 board/cr50/wp.c         | 7 +++++++
 4 files changed, 13 insertions(+)

diff --git a/board/cr50/board.c b/board/cr50/board.c
index dff0b7bfac..d099442965 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -1147,6 +1147,8 @@ static void deferred_tpm_rst_isr(void)
 		 * then.
 		 */
 		if (!reboot_request_posted || other_rw_is_inactive()) {
+			/* Update fwmp policies each boot. */
+			board_fwmp_update_policies();
 			/* Reset TPM, no need to wait for completion. */
 			tpm_reset_request(0, 0);
 			return;
diff --git a/board/cr50/board.h b/board/cr50/board.h
index add2fb9e6a..139a30ee70 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -396,6 +396,7 @@ void power_button_release_enable_interrupt(int enable);
 int board_battery_is_present(void);
 int board_fwmp_allows_boot_policy_update(void);
 int board_fwmp_allows_unlock(void);
+void board_fwmp_update_policies(void);
 int board_vboot_dev_mode_enabled(void);
 void board_reboot_ap(void);
 void board_reboot_ec(void);
diff --git a/board/cr50/tpm2/NVMem.c b/board/cr50/tpm2/NVMem.c
index 54958a3045..9ea2c83926 100644
--- a/board/cr50/tpm2/NVMem.c
+++ b/board/cr50/tpm2/NVMem.c
@@ -17,6 +17,7 @@
 #include "TPM_Types.h"
 #include "TpmError.h"
 #include "assert.h"
+#include "ccd_config.h"
 #include "ec_comm.h"
 #include "nvmem.h"
 #include "tpm_nvmem.h"
@@ -194,6 +195,8 @@ void _plat__ClearNvAvail(void)
 
 void _plat__NvInformIndexDataChanged(unsigned int handle)
 {
+	if (handle == (HR_NV_INDEX + FWMP_NV_INDEX))
+		board_fwmp_update_policies();
 	if (handle == (HR_NV_INDEX + KERNEL_NV_INDEX))
 		ec_efs_refresh();
 }
diff --git a/board/cr50/wp.c b/board/cr50/wp.c
index fe0dc2da29..54dc17318c 100644
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -496,6 +496,13 @@ int board_fwmp_allows_boot_policy_update(void)
 	return fwmp_allows(BOOT_POLICY_UPDATE);
 }
 
+void board_fwmp_update_policies(void)
+{
+#ifdef CR50_DEV
+	CPRINTS("Update fwmp policies.");
+#endif
+}
+
 int board_vboot_dev_mode_enabled(void)
 {
 	struct RollbackSpaceFirmware fw;
-- 
cgit v1.2.1