vboot_reference: crossystem: add the "tpm_attack" command

This commands reads/sets a bit in the kernel-reserved area
of the vboot context nvram.  The bit can also be set by the
driver during execution of a TPM command, to check if the
command is interrupted by a panic or power loss.  Under
some circumstances, this correlates with the TPM assuming
it is under attack.

BUG=chromium:431360
TEST=try "crossystem tpm_attack" and variations
BRANCH=none

Change-Id: I87215d5a0becfb5c01e0b69867a339bfe6fd0b68
Reviewed-on: https://chromium-review.googlesource.com/261339
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/utility/crossystem.c b/utility/crossystem.c
index adc828d7..3eaeaae0 100644
--- a/utility/crossystem.c
+++ b/utility/crossystem.c
@@ -85,6 +85,7 @@ const Param sys_param_list[] = {
   {"savedmem_size", 0, "RAM debug data area size in bytes"},
   {"sw_wpsw_boot", 0,
    "Firmware write protect software setting enabled at boot"},
+  {"tpm_attack", CAN_WRITE, "TPM was interrupted since this flag was cleared"},
   {"tpm_fwver", 0, "Firmware version stored in TPM", "0x%08x"},
   {"tpm_kernver", 0, "Kernel version stored in TPM", "0x%08x"},
   {"tried_fwb", 0, "Tried firmware B before A this boot"},
@@ -291,9 +292,12 @@ int main(int argc, char* argv[]) {
 
     if (i > 1)
       printf(" ");  /* Output params space-delimited */
-    if (has_set)
+    if (has_set) {
       retval = SetParam(p, value);
-    else if (has_expect)
+      if (retval) {
+        fprintf(stderr, "Parameter %s is read-only\n", name);
+      }
+    } else if (has_expect)
       retval = CheckParam(p, value);
     else
       retval = PrintParam(p);