Revert "Cherry-pick: Tolerate lack of TPM reset in common cases."0.13.509.B

Rong tested the soft-reset work fine without this CL. So revert it.

This reverts commit a7d21625a11dc912459efe20b8541e48630bdbd4.

Change-Id: I504d50af7ed1a4c54452a72d8536c57c8c63231b
Reviewed-on: http://gerrit.chromium.org/gerrit/1947
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>

2 files changed, 1 insertions, 64 deletions

diff --git a/firmware/arch/arm/include/biosincludes.h b/firmware/arch/arm/include/biosincludes.h
index b2793d5f..84778e3a 100644
--- a/firmware/arch/arm/include/biosincludes.h
+++ b/firmware/arch/arm/include/biosincludes.h
@@ -43,9 +43,4 @@ extern void debug(const char *format, ...);
 #define UINT64_MAX (UINT64_C(0xffffffffffffffffULL))
 #endif
 
-/* This workaround applies to Kaen prototypes and is not expected to be needed
- * in the final products.  See crosbug.com/15759.
- */
-#define TEGRA_SOFT_REBOOT_WORKAROUND
-
 #endif /*__ARCH_ARM_BIOSINCLUDES_H__ */
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index 27b61650..697bd0e7 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -15,10 +15,6 @@
 
 static int g_rollback_recovery_mode = 0;
 
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
-static int soft_reset = 0;
-#endif
-
 /* disable MSVC warning on const logical expression (as in } while(0);) */
 __pragma(warning (disable: 4127))
 
@@ -51,21 +47,6 @@ static uint32_t SafeWrite(uint32_t index, const void* data, uint32_t length) {
   if (result == TPM_E_MAXNVWRITES) {
     RETURN_ON_FAILURE(TPMClearAndReenable());
     return TlclWrite(index, data, length);
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
-  } else if ((result == TPM_E_BAD_PRESENCE ||
-              result == TPM_E_AREA_LOCKED) &&
-             soft_reset == 1) {
-    /* Ignore writes that failed because the TPM wasn't unlocked.
-     *
-     * This may have security implications.  1. It may delay updating the
-     * version number, therefore widening the window for a rollback attack.
-     * 2. It may prevent noticing transitions between developer mode and normal
-     * mode, in which case the TPM owner will not be cleared when
-     * transitioning.  See crosbug.com/15759.  Note that this code path is not
-     * taken on systems where a CPU reset implies a TPM reset.
-     */
-    return TPM_SUCCESS;
-#endif
   } else {
     return result;
   }
@@ -209,22 +190,7 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode,
 
   RETURN_ON_FAILURE(TlclLibInit());
 
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
-  result = TlclStartup();
-  if (result == TPM_E_INVALID_POSTINIT) {
-    /* Some prototype hardware doesn't reset the TPM on a CPU reset.  We try to
-     * tolerate this failure, which is possible in most cases.
-     */
-    VBDEBUG(("TPM: soft reset detected\n", result));
-    soft_reset = 1;
-  } else if (result != TPM_SUCCESS) {
-    VBDEBUG(("TPM: TlclStartup returned %08x\n", result));
-    return result;
-  }
-#else
   RETURN_ON_FAILURE(TlclStartup());
-#endif
-
   /* Some TPMs start the self test automatically at power on.  In that case we
    * don't need to call ContinueSelfTest.  On some (other) TPMs,
    * ContinueSelfTest may block.  In that case, we definitely don't want to
@@ -244,20 +210,7 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode,
   RETURN_ON_FAILURE(TlclContinueSelfTest());
 #endif
   result = TlclAssertPhysicalPresence();
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
-    /*
-     * If soft_reset is true, the failure to assert PP is expected because the
-     * TPM is locked from a previous boot.  In this case we will never execute
-     * the PhysicalPresenceCMDEnable below, but that's OK because this is a
-     * warm boot and at some point in the past we must have cold-booted with
-     * this firmware (one would hope), so that situation (TPM delivered with PP
-     * disabled) has already been resolved.
-     */
-  if (soft_reset) {
-    result = TPM_SUCCESS;
-  }
-#endif
-  if (result != TPM_SUCCESS) {
+  if (result != 0) {
     /* It is possible that the TPM was delivered with the physical presence
      * command disabled.  This tries enabling it, then tries asserting PP
      * again.
@@ -484,18 +437,7 @@ uint32_t RollbackKernelLock(void) {
   if (g_rollback_recovery_mode) {
     return TPM_SUCCESS;
   } else {
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
-    TPM_STCLEAR_FLAGS flags;
-    uint32_t result = TlclLockPhysicalPresence();
-    if (result == TPM_SUCCESS) {
-      return result;
-    }
-    RETURN_ON_FAILURE(TlclGetSTClearFlags(&flags));
-    /* Ignore PP locking failure if PP is already locked. */
-    return flags.physicalPresenceLock == 1 ? TPM_SUCCESS : result;
-#else
     return TlclLockPhysicalPresence();
-#endif
   }
 }