diff options
author | Shawn Nematbakhsh <shawnn@chromium.org> | 2013-07-22 13:33:46 -0700 |
---|---|---|
committer | ChromeBot <chrome-bot@google.com> | 2013-07-22 23:14:11 -0700 |
commit | 964144bf2f3befe8c8a010000439cb5e5dccf00d (patch) | |
tree | 13fe4fab0d1099ea17030b7720e7d60c4a8e1006 /firmware | |
parent | 42c08cb2dac102509491810361e239fbde52b9e0 (diff) | |
download | vboot-964144bf2f3befe8c8a010000439cb5e5dccf00d.tar.gz |
rollback_index: Add recovery parameter to RollbackKernelLock.stabilize-4443.B
RollbackKernelLock previously checked a global to determine recovery
mode state. Since we have two copies of vboot_reference in firmware
(in coreboot and depthcharge), this creates a problem with
synchronization. Remove the global entirely and instead pass the
recovery state to RollbackKernelLock.
BUG=chrome-os-partner:20913.
TEST=Manual. Boot factory install shim in recovery mode and verify TPM
clear operations succeed. Boot in dev mode and verify "Lock physical
presence" print on UART.
BRANCH=FalcoPeppy.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I4e751d4a9ca60cd57c5c662ce86eba595fb22ba2
Reviewed-on: https://gerrit.chromium.org/gerrit/62874
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/lib/include/rollback_index.h | 2 | ||||
-rw-r--r-- | firmware/lib/mocked_rollback_index.c | 2 | ||||
-rw-r--r-- | firmware/lib/rollback_index.c | 12 | ||||
-rw-r--r-- | firmware/lib/vboot_api_kernel.c | 2 | ||||
-rw-r--r-- | firmware/linktest/main.c | 2 |
5 files changed, 7 insertions, 13 deletions
diff --git a/firmware/lib/include/rollback_index.h b/firmware/lib/include/rollback_index.h index 748dce97..386ad77f 100644 --- a/firmware/lib/include/rollback_index.h +++ b/firmware/lib/include/rollback_index.h @@ -117,7 +117,7 @@ uint32_t RollbackKernelWrite(uint32_t version); /** * Lock must be called. Internally, it's ignored in recovery mode. */ -uint32_t RollbackKernelLock(void); +uint32_t RollbackKernelLock(int recovery_mode); /****************************************************************************/ diff --git a/firmware/lib/mocked_rollback_index.c b/firmware/lib/mocked_rollback_index.c index e866f137..6f026a33 100644 --- a/firmware/lib/mocked_rollback_index.c +++ b/firmware/lib/mocked_rollback_index.c @@ -49,7 +49,7 @@ uint32_t RollbackFirmwareWrite(uint32_t version) { } -uint32_t RollbackFirmwareLock(void) { +uint32_t RollbackFirmwareLock(int recovery_mode) { return TPM_SUCCESS; } diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index 3744f4bb..619ba013 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -38,8 +38,6 @@ uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk); #undef DISABLE_ROLLBACK_TPM #endif -static int g_rollback_recovery_mode = 0; - #define RETURN_ON_FAILURE(tpm_command) do { \ uint32_t result_; \ if ((result_ = (tpm_command)) != TPM_SUCCESS) { \ @@ -355,10 +353,6 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode, VBDEBUG(("TPM: SetupTPM(r%d, d%d)\n", recovery_mode, developer_mode)); - /* Global variables are usable in recovery mode */ - if (recovery_mode) - g_rollback_recovery_mode = 1; - RETURN_ON_FAILURE(TlclLibInit()); #ifdef TEGRA_SOFT_REBOOT_WORKAROUND @@ -540,7 +534,7 @@ uint32_t RollbackKernelWrite(uint32_t version) return TPM_SUCCESS; } -uint32_t RollbackKernelLock(void) +uint32_t RollbackKernelLock(int recovery_mode) { return TPM_SUCCESS; } @@ -635,9 +629,9 @@ uint32_t RollbackKernelWrite(uint32_t version) return WriteSpaceKernel(&rsk); } -uint32_t RollbackKernelLock(void) +uint32_t RollbackKernelLock(int recovery_mode) { - if (g_rollback_recovery_mode) + if (recovery_mode) return TPM_SUCCESS; else return TlclLockPhysicalPresence(); diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 895a81d4..f253e92d 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -970,7 +970,7 @@ VbError_t VbSelectAndLoadKernel(VbCommonParams *cparams, sizeof(kparams->partition_guid)); /* Lock the kernel versions. Ignore errors in recovery mode. */ - tpm_status = RollbackKernelLock(); + tpm_status = RollbackKernelLock(shared->recovery_reason); if (0 != tpm_status) { VBDEBUG(("Error locking kernel versions.\n")); if (!shared->recovery_reason) { diff --git a/firmware/linktest/main.c b/firmware/linktest/main.c index 2a55248c..abbc165b 100644 --- a/firmware/linktest/main.c +++ b/firmware/linktest/main.c @@ -36,7 +36,7 @@ int main(void) RollbackFirmwareLock(); RollbackKernelRead(0); RollbackKernelWrite(0); - RollbackKernelLock(); + RollbackKernelLock(0); /* tpm_bootmode.c */ SetTPMBootModeState(0, 0, 0); |