diff options
| author | Matt Delco <delco@google.com> | 2019-02-13 15:54:24 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-20 19:51:14 -0700 |
| commit | 08bf680ff38c345928cf3907d6369d767c3df6ef (patch) | |
| tree | fb11094f87cf986b22d9a28676a961846c182438 | |
| parent | d2b18dfbf91e6631516dfedce8bb4bf8696cc288 (diff) | |
| download | vboot-08bf680ff38c345928cf3907d6369d767c3df6ef.tar.gz | |
2api: add callback for vb2ex_tpm_set_mode
Add vboot2 callback for tpm_set_mode.
This is mostly a cherry-pick of these:
https://chromium-review.googlesource.com/c/1354139
https://chromium-review.googlesource.com/c/1365293
The re-enable of the tpm is now performed by coreboot
so this version doesn't implement tpm_get_mode.
BUG=b:124358784
BRANCH=None
TEST=compile vboot_reference and depthcharge
CQ-DEPEND=CL:1471195
Change-Id: I4168b50650e22f35ad9c66d49f34b689c46a36e1
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470962
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>
| -rw-r--r-- | firmware/2lib/2stub.c | 6 | ||||
| -rw-r--r-- | firmware/2lib/include/2api.h | 30 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 2 |
3 files changed, 38 insertions, 0 deletions
diff --git a/firmware/2lib/2stub.c b/firmware/2lib/2stub.c index 0ff1997e..e3489cf5 100644 --- a/firmware/2lib/2stub.c +++ b/firmware/2lib/2stub.c @@ -60,3 +60,9 @@ int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, { return VB2_ERROR_SHA_FINALIZE_ALGORITHM; /* Should not be called. */ } + +__attribute__((weak)) +int vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val) +{ + return VB2_ERROR_UNKNOWN; +} diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 55753e1e..9bf67727 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -29,6 +29,21 @@ #include "2recovery_reasons.h" #include "2return_codes.h" +/* Modes for vb2ex_tpm_set_mode. */ +enum vb2_tpm_mode { + /* + * TPM is enabled tentatively, and may be set to either + * ENABLED or DISABLED mode. + */ + VB2_TPM_MODE_ENABLED_TENTATIVE = 0, + + /* TPM is enabled, and mode may not be changed. */ + VB2_TPM_MODE_ENABLED = 1, + + /* TPM is disabled, and mode may not be changed. */ + VB2_TPM_MODE_DISABLED = 2, +}; + /* Flags for vb2_context. * * Unless otherwise noted, flags are set by verified boot and may be read (but @@ -697,4 +712,19 @@ int vb2api_digest_buffer(const uint8_t *buf, uint8_t *digest, uint32_t digest_size); +/* + * Set the current TPM mode value, and validate that it was changed. If one + * of the following occurs, the function call fails: + * - TPM does not understand the instruction (old version) + * - TPM has already left the TpmModeEnabledTentative mode + * - TPM responds with a mode other than the requested mode + * - Some other communication error occurs + * Otherwise, the function call succeeds. + * + * @param mode_val Desired TPM mode to set. May be one of ENABLED + * or DISABLED from vb2_tpm_mode enum. + * @returns VB2_SUCCESS, or non-zero error code. + */ +int vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val); + #endif /* VBOOT_2_API_H_ */ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index b60c41a2..3cc01010 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -606,6 +606,8 @@ enum vb2_return_code { /* Hardware crypto engine doesn't support this algorithm (non-fatal) */ VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED, + /* TPM does not understand this command */ + VB2_ERROR_EX_TPM_NO_SUCH_COMMAND, /********************************************************************** * Errors generated by host library (non-firmware) start here. |