diff options
author | Andrey Pronin <apronin@google.com> | 2016-07-22 19:33:07 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-07-26 23:54:27 -0700 |
commit | c37f0f82056adca65de7b99419663dff437365c1 (patch) | |
tree | 85b1d7a8539aeea78b463357dea24ee7cdf0b4fc /firmware | |
parent | 98263a1b17397032b3f7d747d48f8fd914217237 (diff) | |
download | vboot-c37f0f82056adca65de7b99419663dff437365c1.tar.gz |
tlcl: automatically detect if platform hierarchy is disabled
Instead of passing a special flag when 'tpmc' starts, auto-detect
if platform hierarchy is disabled in TlclLibInit(). See discussion
in https://chromium-review.googlesource.com/#/c/362520/.
BRANCH=none
BUG=chrome-os-partner:55210
BUG=chrome-os-partner:55250
TEST=boot on kevin, verify that 'tpmc read 0x1008 0xd' works
Change-Id: Id94e7faadf835f7ea58a944e914163d6849e85c1
Reviewed-on: https://chromium-review.googlesource.com/362771
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/include/tlcl.h | 6 | ||||
-rw-r--r-- | firmware/lib/tpm2_lite/tlcl.c | 39 | ||||
-rw-r--r-- | firmware/lib/tpm_lite/tlcl.c | 4 |
3 files changed, 31 insertions, 18 deletions
diff --git a/firmware/include/tlcl.h b/firmware/include/tlcl.h index 31347eba..53731200 100644 --- a/firmware/include/tlcl.h +++ b/firmware/include/tlcl.h @@ -28,12 +28,6 @@ uint32_t TlclLibInit(void); */ uint32_t TlclLibClose(void); -/** - * Indicate that we access tlcl with user privileges from OS userland - * as opposed to from firmware. May affect required NVRAM read authorization. - */ -void TlclLibAccessAsUser(void); - /* Low-level operations */ /** diff --git a/firmware/lib/tpm2_lite/tlcl.c b/firmware/lib/tpm2_lite/tlcl.c index 9d7e1dfb..a03125d3 100644 --- a/firmware/lib/tpm2_lite/tlcl.c +++ b/firmware/lib/tpm2_lite/tlcl.c @@ -10,6 +10,7 @@ #include "rollback_index.h" #include "tpm2_marshaling.h" #include "utility.h" +#include "tlcl.h" static struct tpm2_response *tpm_process_command(TPM_CC command, void *command_body) @@ -42,19 +43,40 @@ static struct tpm2_response *tpm_process_command(TPM_CC command, return response; } -uint32_t TlclLibInit(void) +static uint32_t tlcl_read_ph_disabled(void) { - return VbExTpmInit(); + uint32_t rv; + TPM_STCLEAR_FLAGS flags; + + rv = TlclGetSTClearFlags(&flags); + if (rv != TPM_SUCCESS) + return rv; + + tpm_set_ph_disabled(!flags.phEnable); + + return TPM_SUCCESS; } -uint32_t TlclLibClose(void) +uint32_t TlclLibInit(void) { - return VbExTpmClose(); + uint32_t rv; + + rv = VbExTpmInit(); + if (rv != TPM_SUCCESS) + return rv; + + rv = tlcl_read_ph_disabled(); + if (rv != TPM_SUCCESS) { + TlclLibClose(); + return rv; + } + + return TPM_SUCCESS; } -void TlclLibAccessAsUser(void) +uint32_t TlclLibClose(void) { - tpm_set_ph_disabled(1); + return VbExTpmClose(); } uint32_t TlclSendReceive(const uint8_t *request, uint8_t *response, @@ -100,7 +122,7 @@ uint32_t TlclContinueSelfTest(void) return TPM_SUCCESS; } -int32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) +uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) { VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); return TPM_SUCCESS; @@ -250,6 +272,7 @@ static uint32_t tlcl_disable_platform_hierarchy(void) if (!response || response->hdr.tpm_code) return TPM_E_INTERNAL_INCONSISTENCY; + tpm_set_ph_disabled(1); return TPM_SUCCESS; } @@ -334,7 +357,7 @@ uint32_t TlclWrite(uint32_t index, const void *data, uint32_t length) return TPM_SUCCESS; } -int32_t TlclPCRRead(uint32_t index, void *data, uint32_t length) +uint32_t TlclPCRRead(uint32_t index, void *data, uint32_t length) { VBDEBUG(("%s called, NOT YET IMPLEMENTED\n", __func__)); return TPM_SUCCESS; diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index 181b516a..bf2d27f9 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -152,10 +152,6 @@ uint32_t TlclLibClose(void) { return VbExTpmClose(); } -void TlclLibAccessAsUser(void) { - /* no-op for TPM1.2 */ -} - uint32_t TlclStartup(void) { VBDEBUG(("TPM: Startup\n")); return Send(tpm_startup_cmd.buffer); |