vboot: Move TPM disabling call to depthchargefirmware-cherry-14454.B

Introduce a new vboot context flag VB2_CONTEXT_DISABLE_TPM to indicate
whether TPM should be disabled before jumping to kernel. This allows us
to move the vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED) call from vboot to
depthcharge. See CL:3653659 for details.

BUG=b:223662000, b:232743820
TEST=make runtests
TEST=emerge-cherry depthcharge
BRANCH=cherry

Cq-Depend: chromium:3653659
Change-Id: Ie7bcc3c7bf01346a3bc1f9e14b30017a4c3148ac
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653207
Reviewed-by: Julius Werner <jwerner@chromium.org>
(cherry picked from commit d14e1c4b4ec45c8d23adf88aaff460d758275d66)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3655399
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
Commit-Queue: Hung-Te Lin <hungte@chromium.org>

5 files changed, 14 insertions, 23 deletions

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 14301111..8c8f0f0d 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -257,6 +257,12 @@ enum vb2_context_flags {
 	 * nvdata, FWMP or GBB flags.
 	 */
 	VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED = (1 << 27),
+
+	/*
+	 * If this is set after kernel verification, caller should disable the
+	 * TPM before jumping to kernel.
+	 */
+	VB2_CONTEXT_DISABLE_TPM = (1 << 28),
 };
 
 /* Boot mode decided in vb2api_fw_phase1.
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 85a8f4b4..81fb838a 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -143,6 +143,7 @@ static vb2_error_t VbTryLoadKernelImpl(struct vb2_context *ctx,
 test_mockable
 vb2_error_t VbTryLoadKernel(struct vb2_context *ctx, uint32_t disk_flags)
 {
+	ctx->flags &= ~VB2_CONTEXT_DISABLE_TPM;
 	return VbTryLoadKernelImpl(ctx, disk_flags, 0, 0);
 }
 
@@ -150,7 +151,9 @@ test_mockable
 vb2_error_t VbTryLoadMiniOsKernel(struct vb2_context *ctx,
 				  uint32_t minios_flags)
 {
-	return VbTryLoadKernelImpl(ctx, VB_DISK_FLAG_FIXED, 1, minios_flags);
+	VB2_TRY(VbTryLoadKernelImpl(ctx, VB_DISK_FLAG_FIXED, 1, minios_flags));
+	ctx->flags |= VB2_CONTEXT_DISABLE_TPM;
+	return VB2_SUCCESS;
 }
 
 vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx,
diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c
index 1edf4a55..44bcf295 100644
--- a/firmware/lib/vboot_kernel.c
+++ b/firmware/lib/vboot_kernel.c
@@ -593,12 +593,6 @@ vb2_error_t LoadMiniOsKernel(struct vb2_context *ctx,
 	if (rv)
 		rv = try_minios_sector_region(ctx, params, disk_info,
 					      !end_region_first);
-	if (rv)
-		return rv;
-
-	rv = vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED);
-	if (rv)
-		VB2_DEBUG("Failed to disable TPM\n");
 
 	return rv;
 }
diff --git a/tests/vboot_api_kernel_tests.c b/tests/vboot_api_kernel_tests.c
index b66c4320..b2d4236e 100644
--- a/tests/vboot_api_kernel_tests.c
+++ b/tests/vboot_api_kernel_tests.c
@@ -602,6 +602,8 @@ static void VbTryLoadKernelTest(void)
 				    "  load disk");
 		}
 		TEST_EQ(got_external_mismatch, 0, "  external GPT errors");
+		TEST_EQ(!!(ctx->flags & VB2_CONTEXT_DISABLE_TPM), 0,
+			"  ctx flag disable_tpm");
 	}
 	TEST_EQ(lk_normal_calls, load_kernel_calls, "  LoadKernel called");
 	TEST_EQ(lk_minios_calls, 0, "  LoadMiniOsKernel not called");
@@ -627,6 +629,8 @@ static void VbTryLoadMiniOsKernelTest(void)
 				    "  load disk");
 		}
 		TEST_EQ(got_external_mismatch, 0, "  external GPT errors");
+		TEST_EQ(!!(ctx->flags & VB2_CONTEXT_DISABLE_TPM), 1,
+			"  ctx flag disable_tpm");
 	}
 	TEST_EQ(lk_normal_calls, 0, "  LoadKernel not called");
 	TEST_EQ(lk_minios_calls, load_kernel_calls,
diff --git a/tests/vboot_kernel2_tests.c b/tests/vboot_kernel2_tests.c
index 5fc66f14..bbebf386 100644
--- a/tests/vboot_kernel2_tests.c
+++ b/tests/vboot_kernel2_tests.c
@@ -59,8 +59,6 @@ static struct mock_kernel kernels[MAX_MOCK_KERNELS];
 static int kernel_count;
 static struct mock_kernel *cur_kernel;
 
-static int mock_tpm_set_mode_calls;
-
 static void add_mock_kernel(uint64_t sector, vb2_error_t rv)
 {
 	if (kernel_count >= ARRAY_SIZE(kernels)) {
@@ -118,8 +116,6 @@ static void reset_common_data(void)
 	memset(&kernels, 0, sizeof(kernels));
 	kernel_count = 0;
 	cur_kernel = NULL;
-
-	mock_tpm_set_mode_calls = 0;
 }
 
 /* Mocks */
@@ -248,12 +244,6 @@ vb2_error_t vb2_digest_buffer(const uint8_t *buf, uint32_t size,
 	return cur_kernel->rv;
 }
 
-vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val)
-{
-	mock_tpm_set_mode_calls++;
-	return VB2_SUCCESS;
-}
-
 /* Make sure nothing tested here ever calls this directly. */
 void vb2api_fail(struct vb2_context *c, uint8_t reason, uint8_t subcode)
 {
@@ -270,16 +260,12 @@ static void load_minios_kernel_tests(void)
 	add_mock_kernel(0, VB2_SUCCESS);
 	TEST_SUCC(LoadMiniOsKernel(ctx, &lkp, &disk_info, 0),
 		  "{valid kernel}");
-	TEST_EQ(mock_tpm_set_mode_calls, 1,
-		"  TPM disabled");
 
 	reset_common_data();
 	disk_info.bytes_per_lba = KBUF_SIZE;
 	disk_info.lba_count = 1;
 	TEST_EQ(LoadMiniOsKernel(ctx, &lkp, &disk_info, 0),
 		VB2_ERROR_LK_NO_KERNEL_FOUND, "{no kernel}");
-	TEST_EQ(mock_tpm_set_mode_calls, 0,
-		"  TPM not disabled");
 
 	reset_common_data();
 	disk_info.bytes_per_lba = KBUF_SIZE;
@@ -306,8 +292,6 @@ static void load_minios_kernel_tests(void)
 	TEST_EQ(LoadMiniOsKernel(ctx, &lkp, &disk_info, 0),
 		VB2_ERROR_LK_NO_KERNEL_FOUND,
 		"{invalid kernel, invalid kernel}");
-	TEST_EQ(mock_tpm_set_mode_calls, 0,
-		"  TPM not disabled");
 
 	reset_common_data();
 	disk_info.bytes_per_lba = KBUF_SIZE;