diff options
author | Randall Spangler <rspangler@chromium.org> | 2011-07-22 14:06:51 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2011-07-25 08:56:05 -0700 |
commit | 4bc713d0df70117a6459fb1ac0ca248eef774c66 (patch) | |
tree | 248df708a16c54c745782dd3625c9819a38f88fc /firmware/lib/rollback_index.c | |
parent | 8e17e5fe43e9407066e7cdf9dabfd3eb637817a7 (diff) | |
download | vboot-4bc713d0df70117a6459fb1ac0ca248eef774c66.tar.gz |
Refactor TPM calls into vboot wrapper
This cleans up the TPM calls inside vboot_reference.
* TPM calls share mode code between boot modes.
* Better handling for TPM_E_MUST_REBOOT, particularly in recovery mode.
* TAB screen shows current TPM versions.
No changes required to the wrapper API; these changes are internal to vboot.
BUG=chromium-os:18084
TEST=make && make runtests; built for both alex and tegra2-seaboard
Change-Id: I2a52066f2889210af83409872b10f9d6380470af
Reviewed-on: http://gerrit.chromium.org/gerrit/4611
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'firmware/lib/rollback_index.c')
-rw-r--r-- | firmware/lib/rollback_index.c | 56 |
1 files changed, 10 insertions, 46 deletions
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index fa9d0d03..e0554ddf 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -8,7 +8,6 @@ #include "rollback_index.h" #include "tlcl.h" -#include "tpm_bootmode.h" #include "tss_constants.h" #include "utility.h" #include "vboot_api.h" @@ -304,10 +303,11 @@ uint32_t RollbackS3Resume(void) { return TPM_SUCCESS; } -uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { +uint32_t RollbackFirmwareSetup(int recovery_mode, int developer_mode, + uint32_t* version) { #ifndef CHROMEOS_ENVIRONMENT - /* Initializes the TPM, but ignores return codes. In ChromeOS - * environment, doesn't even talk to the TPM. */ + /* Initialize the TPM, but ignores return codes. In ChromeOS + * environment, don't even talk to the TPM. */ TlclLibInit(); TlclStartup(); TlclContinueSelfTest(); @@ -329,17 +329,6 @@ uint32_t RollbackFirmwareLock(void) { return TPM_SUCCESS; } -uint32_t RollbackKernelRecovery(int developer_mode) { -#ifndef CHROMEOS_ENVIRONMENT - /* Initializes the TPM, but ignore return codes. In ChromeOS - * environment, doesn't even talk to the TPM. */ - TlclLibInit(); - TlclStartup(); - TlclSelfTestFull(); -#endif - return TPM_SUCCESS; -} - uint32_t RollbackKernelRead(uint32_t* version) { *version = 0; return TPM_SUCCESS; @@ -367,24 +356,16 @@ uint32_t RollbackS3Resume(void) { return result; } - -uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) { +uint32_t RollbackFirmwareSetup(int recovery_mode, int developer_mode, + uint32_t* version) { RollbackSpaceFirmware rsf; - RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf)); - *version = rsf.fw_versions; - VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions)); - return TPM_SUCCESS; -} - -uint32_t RollbackFirmwareRead(uint32_t* version) { - RollbackSpaceFirmware rsf; + /* Set version to 0 in case we fail */ + *version = 0; - RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf)); - VBDEBUG(("TPM: RollbackFirmwareRead %x --> %x\n", (int)rsf.fw_versions, - (int)*version)); + RETURN_ON_FAILURE(SetupTPM(recovery_mode, developer_mode, &rsf)); *version = rsf.fw_versions; - VBDEBUG(("TPM: RollbackFirmwareRead %x\n", (int)rsf.fw_versions)); + VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions)); return TPM_SUCCESS; } @@ -402,23 +383,6 @@ uint32_t RollbackFirmwareLock(void) { return TlclSetGlobalLock(); } -uint32_t RollbackKernelRecovery(int developer_mode) { - uint32_t rvs, rve; - RollbackSpaceFirmware rsf; - - /* In recovery mode we ignore TPM malfunctions or corruptions, and * - * leave the TPM complelely unlocked; we call neither - * TlclSetGlobalLock() nor TlclLockPhysicalPresence(). The recovery - * kernel will fix the TPM (if needed) and lock it ASAP. We leave - * Physical Presence on in either case. */ - rvs = SetupTPM(1, developer_mode, &rsf); - rve = SetTPMBootModeState(developer_mode, - 1, /* Recovery Mode Status. */ - 0); /* In recovery mode, there is no RW firmware - * keyblock flag. */ - return (TPM_SUCCESS == rvs) ? rve : rvs; -} - uint32_t RollbackKernelRead(uint32_t* version) { RollbackSpaceKernel rsk; uint32_t perms; |