vboot: create TPM section in 2api.h

Group TPM-related API functions together in the same section. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: Ic7fb8b90c3c68a568d75f8c98738bf8cea744622 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2282321 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
author: Joel Kitching <kitching@google.com> 2020-07-06 13:35:25 +0800
committer: Commit Bot <commit-bot@chromium.org> 2020-07-07 12:30:10 +0000
commit: 1a2ddae3d9782cbf0f0a1ab27ae3820c90abec54 (patch)
tree: 82e77f6c98187361303fffeeba118a1a365e16d5
parent: 59fd331bfc623d2a403fd4fe90fe6367b85ed13b (diff)
download: vboot-1a2ddae3d9782cbf0f0a1ab27ae3820c90abec54.tar.gz
1 files changed, 42 insertions, 39 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 0a023c6f..e5f69f07 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -63,21 +63,6 @@
  */
 #define VB2_TRY(expr, ...) _VB2_TRY_IMPL(expr, ##__VA_ARGS__, NULL, 0)
 
-/* Modes for vb2ex_tpm_set_mode. */
-enum vb2_tpm_mode {
-	/*
-	 * TPM is enabled tentatively, and may be set to either
-	 * ENABLED or DISABLED mode.
-	 */
-	VB2_TPM_MODE_ENABLED_TENTATIVE = 0,
-
-	/* TPM is enabled, and mode may not be changed. */
-	VB2_TPM_MODE_ENABLED = 1,
-
-	/* TPM is disabled, and mode may not be changed. */
-	VB2_TPM_MODE_DISABLED = 2,
-};
-
 /* Flags for vb2_context.
  *
  * Unless otherwise noted, flags are set by verified boot and may be read (but
@@ -128,7 +113,7 @@ enum vb2_context_flags {
 	/* Wipeout by the app should be requested. */
 	VB2_CONTEXT_FORCE_WIPEOUT_MODE = (1 << 8),
 
-	/* Erase TPM developer mode state if it is enabled. */
+	/* Erase developer mode state if it is enabled. */
 	VB2_CONTEXT_DISABLE_DEVELOPER_MODE = (1 << 9),
 
 	/*
@@ -902,14 +887,6 @@ int vb2api_use_short_dev_screen_delay(struct vb2_context *ctx);
 /* APIs provided by the caller to verified boot */
 
 /**
- * Clear the TPM owner.
- *
- * @param ctx		Vboot context
- * @return VB2_SUCCESS, or error code on error.
- */
-vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx);
-
-/**
  * Read a verified boot resource.
  *
  * @param ctx		Vboot context
@@ -968,21 +945,6 @@ vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
 					   uint32_t digest_size);
 
 /*
- * Set the current TPM mode value, and validate that it was changed.  If one
- * of the following occurs, the function call fails:
- *   - TPM does not understand the instruction (old version)
- *   - TPM has already left the TpmModeEnabledTentative mode
- *   - TPM responds with a mode other than the requested mode
- *   - Some other communication error occurs
- *  Otherwise, the function call succeeds.
- *
- * @param mode_val       Desired TPM mode to set.  May be one of ENABLED
- *                       or DISABLED from vb2_tpm_mode enum.
- * @returns VB2_SUCCESS, or non-zero error code.
- */
-vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val);
-
-/*
  * Abort vboot flow due to a failed assertion or broken assumption.
  *
  * Likely due to caller misusing vboot (e.g. calling API functions
@@ -1008,6 +970,47 @@ void vb2ex_abort(void);
 vb2_error_t vb2ex_commit_data(struct vb2_context *ctx);
 
 /*****************************************************************************/
+/* TPM functionality */
+
+/* Modes for vb2ex_tpm_set_mode. */
+enum vb2_tpm_mode {
+	/*
+	 * TPM is enabled tentatively, and may be set to either
+	 * ENABLED or DISABLED mode.
+	 */
+	VB2_TPM_MODE_ENABLED_TENTATIVE = 0,
+
+	/* TPM is enabled, and mode may not be changed. */
+	VB2_TPM_MODE_ENABLED = 1,
+
+	/* TPM is disabled, and mode may not be changed. */
+	VB2_TPM_MODE_DISABLED = 2,
+};
+
+/*
+ * Set the current TPM mode value, and validate that it was changed.  If one
+ * of the following occurs, the function call fails:
+ *   - TPM does not understand the instruction (old version)
+ *   - TPM has already left the TpmModeEnabledTentative mode
+ *   - TPM responds with a mode other than the requested mode
+ *   - Some other communication error occurs
+ *  Otherwise, the function call succeeds.
+ *
+ * @param mode_val       Desired TPM mode to set.  May be one of ENABLED
+ *                       or DISABLED from vb2_tpm_mode enum.
+ * @returns VB2_SUCCESS, or non-zero error code.
+ */
+vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val);
+
+/**
+ * Clear the TPM owner.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx);
+
+/*****************************************************************************/
 /* Auxiliary firmware (auxfw) */
 
 /**
author	Joel Kitching <kitching@google.com>	2020-07-06 13:35:25 +0800
committer	Commit Bot <commit-bot@chromium.org>	2020-07-07 12:30:10 +0000
commit	1a2ddae3d9782cbf0f0a1ab27ae3820c90abec54 (patch)
tree	82e77f6c98187361303fffeeba118a1a365e16d5
parent	59fd331bfc623d2a403fd4fe90fe6367b85ed13b (diff)
download	vboot-1a2ddae3d9782cbf0f0a1ab27ae3820c90abec54.tar.gz