diff options
author | Randall Spangler <rspangler@chromium.org> | 2011-07-22 12:25:38 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2011-07-22 12:39:13 -0700 |
commit | ad03a439bc97523e03d19aa1dcd568744d60889c (patch) | |
tree | 65d47ab6548c2bb060711bed0174df348cf26402 | |
parent | 1c9577b213a3a7515e91034ee131d3b459559880 (diff) | |
download | vboot-ad03a439bc97523e03d19aa1dcd568744d60889c.tar.gz |
Cleanup and preparation for inside-wrapper TPM refactoring.
Add recovery reason for already in recovery and need to reboot to
recovery to let the TPM init.
Add vboot_struct fields.
Fix type for keyblock flags param to SetTPMBootModeState().
BUG=none
TEST=make && make runtests
Change-Id: I4035bdb377aaebaca03a43799be57977166da739
Reviewed-on: http://gerrit.chromium.org/gerrit/4599
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | firmware/include/vboot_nvstorage.h | 3 | ||||
-rw-r--r-- | firmware/include/vboot_struct.h | 6 | ||||
-rw-r--r-- | firmware/lib/include/tpm_bootmode.h | 2 | ||||
-rw-r--r-- | firmware/lib/mocked_tpm_bootmode.c | 2 | ||||
-rw-r--r-- | firmware/lib/tpm_bootmode.c | 4 | ||||
-rw-r--r-- | firmware/lib/vboot_firmware.c | 2 |
6 files changed, 13 insertions, 6 deletions
diff --git a/firmware/include/vboot_nvstorage.h b/firmware/include/vboot_nvstorage.h index 9472e9c7..f010ddcc 100644 --- a/firmware/include/vboot_nvstorage.h +++ b/firmware/include/vboot_nvstorage.h @@ -91,6 +91,9 @@ typedef enum VbNvParam { /* Firmware boot failure outside of verified boot (RAM init, missing SSD, * etc.). */ #define VBNV_RECOVERY_RO_FIRMWARE 0x20 +/* Recovery mode TPM initialization requires a system reboot. The system was + * already in recovery mode for some other reason when this happened. */ +#define VBNV_RECOVERY_RO_TPM_REBOOT 0x21 /* Unspecified/unknown error in read-only firmware */ #define VBNV_RECOVERY_RO_UNSPECIFIED 0x3F /* User manually requested recovery by pressing a key at developer diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h index 408ca2fe..b9dfb808 100644 --- a/firmware/include/vboot_struct.h +++ b/firmware/include/vboot_struct.h @@ -340,7 +340,7 @@ typedef struct VbSharedDataHeader { * LoadFirmware() or 0xFF if failure */ uint8_t reserved1; /* Reserved for padding */ uint32_t fw_version_tpm_start; /* Firmware TPM version at start of - * LoadFirmware() */ + * VbSelectFirmware() */ uint32_t fw_version_lowest; /* Firmware lowest version found */ /* Debugging information from LoadKernel() */ @@ -359,6 +359,10 @@ typedef struct VbSharedDataHeader { * struct_version >= 2*/ uint8_t recovery_reason; /* Recovery reason for current boot */ uint8_t reserved2[7]; /* Reserved for padding */ + uint64_t fw_keyblock_flags; /* Flags from firmware keyblock */ + uint32_t kernel_version_tpm_start; /* Kernel TPM version at start of + * VbSelectAndLoadKernel() */ + uint32_t kernel_version_lowest; /* Kernel lowest version found */ /* After read-only firmware which uses version 2 is released, any additional * fields must be added below, and the struct version must be increased. diff --git a/firmware/lib/include/tpm_bootmode.h b/firmware/lib/include/tpm_bootmode.h index 6213cfe7..cdc9fcd1 100644 --- a/firmware/lib/include/tpm_bootmode.h +++ b/firmware/lib/include/tpm_bootmode.h @@ -20,6 +20,6 @@ */ uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode, - int fw_keyblock_flags); + uint64_t fw_keyblock_flags); #endif /* VBOOT_REFERENCE_TPM_BOOTMODE_H_ */ diff --git a/firmware/lib/mocked_tpm_bootmode.c b/firmware/lib/mocked_tpm_bootmode.c index 980c3a50..5b34d18d 100644 --- a/firmware/lib/mocked_tpm_bootmode.c +++ b/firmware/lib/mocked_tpm_bootmode.c @@ -11,6 +11,6 @@ uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode, - int fw_keyblock_flags) { + uint64_t fw_keyblock_flags) { return TPM_SUCCESS; } diff --git a/firmware/lib/tpm_bootmode.c b/firmware/lib/tpm_bootmode.c index f9a9beca..0e0e084b 100644 --- a/firmware/lib/tpm_bootmode.c +++ b/firmware/lib/tpm_bootmode.c @@ -91,7 +91,7 @@ const uint8_t kBootInvalidSHA1Digest[] = { /* Given the boot state, return the correct SHA1 digest index for TPMExtend * in kBootStateSHA1Digests[]. */ -int GetBootStateIndex(int dev_mode, int rec_mode, int keyblock_flags) { +int GetBootStateIndex(int dev_mode, int rec_mode, uint64_t keyblock_flags) { int index = 0; /* Convert keyblock flags into keyblock mode which we use to index into @@ -117,7 +117,7 @@ int GetBootStateIndex(int dev_mode, int rec_mode, int keyblock_flags) { } uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode, - int fw_keyblock_flags) { + uint64_t fw_keyblock_flags) { uint32_t result; const uint8_t* in_digest = NULL; uint8_t out_digest[20]; /* For PCR extend output. */ diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c index 7c69cad3..8aae5bed 100644 --- a/firmware/lib/vboot_firmware.c +++ b/firmware/lib/vboot_firmware.c @@ -317,7 +317,7 @@ int LoadFirmware(LoadFirmwareParams* params) { /* At this point, we have a good idea of how we are going to boot. Update the * TPM with this state information. */ - status = SetTPMBootModeState(is_dev, 0, (int)boot_fw_keyblock_flags); + status = SetTPMBootModeState(is_dev, 0, boot_fw_keyblock_flags); if (0 != status) { VBDEBUG(("Unable to update the TPM with boot mode information.\n")); if (status == TPM_E_MUST_REBOOT) |