diff options
| author | Yu-Ping Wu <yupingso@chromium.org> | 2022-05-18 13:55:37 +0800 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-05-21 06:34:38 +0000 |
| commit | d14e1c4b4ec45c8d23adf88aaff460d758275d66 (patch) | |
| tree | 4afd36f50427bc92af643473d3417de63cfd31cb /firmware | |
| parent | fa4c817abb6eb9421bb4296cd137947519c37651 (diff) | |
| download | vboot-d14e1c4b4ec45c8d23adf88aaff460d758275d66.tar.gz | |
vboot: Move TPM disabling call to depthcharge
Introduce a new vboot context flag VB2_CONTEXT_DISABLE_TPM to indicate
whether TPM should be disabled before jumping to kernel. This allows us
to move the vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED) call from vboot to
depthcharge. See CL:3653659 for details.
BUG=b:223662000, b:232743820
TEST=make runtests
TEST=emerge-cherry depthcharge
BRANCH=cherry
Cq-Depend: chromium:3653659
Change-Id: Ie7bcc3c7bf01346a3bc1f9e14b30017a4c3148ac
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/3653207
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'firmware')
| -rw-r--r-- | firmware/2lib/include/2api.h | 6 | ||||
| -rw-r--r-- | firmware/lib/vboot_api_kernel.c | 5 | ||||
| -rw-r--r-- | firmware/lib/vboot_kernel.c | 6 |
3 files changed, 10 insertions, 7 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 3e5ecac3..4b68c81e 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -257,6 +257,12 @@ enum vb2_context_flags { * nvdata, FWMP or GBB flags. */ VB2_CONTEXT_DEV_BOOT_ALTFW_ALLOWED = (1 << 27), + + /* + * If this is set after kernel verification, caller should disable the + * TPM before jumping to kernel. + */ + VB2_CONTEXT_DISABLE_TPM = (1 << 28), }; /* Boot mode decided in vb2api_fw_phase1. diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 9e896208..3029852e 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -143,6 +143,7 @@ static vb2_error_t VbTryLoadKernelImpl(struct vb2_context *ctx, test_mockable vb2_error_t VbTryLoadKernel(struct vb2_context *ctx, uint32_t disk_flags) { + ctx->flags &= ~VB2_CONTEXT_DISABLE_TPM; return VbTryLoadKernelImpl(ctx, disk_flags, 0, 0); } @@ -150,7 +151,9 @@ test_mockable vb2_error_t VbTryLoadMiniOsKernel(struct vb2_context *ctx, uint32_t minios_flags) { - return VbTryLoadKernelImpl(ctx, VB_DISK_FLAG_FIXED, 1, minios_flags); + VB2_TRY(VbTryLoadKernelImpl(ctx, VB_DISK_FLAG_FIXED, 1, minios_flags)); + ctx->flags |= VB2_CONTEXT_DISABLE_TPM; + return VB2_SUCCESS; } vb2_error_t VbSelectAndLoadKernel(struct vb2_context *ctx, diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c index 1edf4a55..44bcf295 100644 --- a/firmware/lib/vboot_kernel.c +++ b/firmware/lib/vboot_kernel.c @@ -593,12 +593,6 @@ vb2_error_t LoadMiniOsKernel(struct vb2_context *ctx, if (rv) rv = try_minios_sector_region(ctx, params, disk_info, !end_region_first); - if (rv) - return rv; - - rv = vb2ex_tpm_set_mode(VB2_TPM_MODE_DISABLED); - if (rv) - VB2_DEBUG("Failed to disable TPM\n"); return rv; } |