diff options
| author | Hung-Te Lin <hungte@chromium.org> | 2016-11-22 09:41:38 +0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2016-11-25 06:21:25 +0000 |
| commit | 59cafc2f7ad3700e3ecf4c7828f22a4ab27efc67 (patch) | |
| tree | c8cad3b73431cff3b43cb2ce459fff3df6dadc20 | |
| parent | 3bbb0c53867d2a3c0b4ea0dc07cd4a07edffe9f9 (diff) | |
| download | vboot-factory-gru-8652.B.tar.gz | |
utility: Allow chromeos-tpm-recovery to return failure.factory-gru-8652.B
When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.
However, there are few known issues:
- 0x1009 is not needed in TPM2.
- The space is not created in TPM2.
- tlcl does not support define spaces with policies yet (crosbug.com/p/59594).
As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.
This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.
BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
build_image --board $BOARD factory_install;
Boot factory install shim, select 'I' and get TPM recovered.
Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit c66cbc3440b03440d591274b188ea62b2de7af80)
Reviewed-on: https://chromium-review.googlesource.com/414790
| -rwxr-xr-x | utility/chromeos-tpm-recovery | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/utility/chromeos-tpm-recovery b/utility/chromeos-tpm-recovery index e7959d2c..bcb1819f 100755 --- a/utility/chromeos-tpm-recovery +++ b/utility/chromeos-tpm-recovery @@ -14,6 +14,8 @@ crossystem=${USR_BIN}/crossystem dot_recovery=${DOT_RECOVERY:=/mnt/stateful_partition/.recovery} awk=/usr/bin/awk initctl=/sbin/initctl +daemon_was_running= +err=0 tpm2_target() { # This is not an ideal way to tell if we are running on a tpm2 target, but @@ -41,6 +43,16 @@ log_tryfix() { log "$*: attempting to fix" } +log_error() { + err=$((err + 1)) + log "ERROR: $*" +} + + +log_warn() { + log "WARNING: $*" +} + tpm_clear_and_reenable () { $tpmc clear @@ -75,7 +87,7 @@ reset_space () { } restart_daemon_if_needed() { - if [ $daemon_was_running != 0 ]; then + if [ "$daemon_was_running" = 1 ]; then log "Restarting ${DAEMON}..." $initctl start "${DAEMON}" >/dev/null fi @@ -150,13 +162,15 @@ tpm_clear_and_reenable # Reset firmware and kernel spaces to default (rollback version 1/1) reset_space 0x1007 0x8001 0xa "02 00 01 00 01 00 00 00 00 4f" || \ - log "could not fix firmware space" + log_error "could not fix firmware space" reset_space 0x1008 0x1 0xd "02 4c 57 52 47 01 00 01 00 00 00 00 55" || \ - log "could not fix kernel space" -# Don't need valid data in backup space, vboot can reset it as long as it exists -reset_space 0x1009 0x1 0x10 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" || \ - log "could not fix backup space" + log_error "could not fix kernel space" restart_daemon_if_needed -log "TPM has successfully been reset to factory defaults" +if [ "$err" -eq 0 ]; then + log "TPM has successfully been reset to factory defaults" +else + log_error "TPM was not fully recovered." + exit 1 +fi |