From 964144bf2f3befe8c8a010000439cb5e5dccf00d Mon Sep 17 00:00:00 2001 From: Shawn Nematbakhsh Date: Mon, 22 Jul 2013 13:33:46 -0700 Subject: rollback_index: Add recovery parameter to RollbackKernelLock. RollbackKernelLock previously checked a global to determine recovery mode state. Since we have two copies of vboot_reference in firmware (in coreboot and depthcharge), this creates a problem with synchronization. Remove the global entirely and instead pass the recovery state to RollbackKernelLock. BUG=chrome-os-partner:20913. TEST=Manual. Boot factory install shim in recovery mode and verify TPM clear operations succeed. Boot in dev mode and verify "Lock physical presence" print on UART. BRANCH=FalcoPeppy. Signed-off-by: Shawn Nematbakhsh Change-Id: I4e751d4a9ca60cd57c5c662ce86eba595fb22ba2 Reviewed-on: https://gerrit.chromium.org/gerrit/62874 Reviewed-by: Aaron Durbin Reviewed-by: Randall Spangler --- firmware/lib/include/rollback_index.h | 2 +- firmware/lib/mocked_rollback_index.c | 2 +- firmware/lib/rollback_index.c | 12 +++--------- firmware/lib/vboot_api_kernel.c | 2 +- firmware/linktest/main.c | 2 +- tests/rollback_index2_tests.c | 6 +++--- tests/rollback_index3_tests.c | 2 +- tests/vboot_api_kernel4_tests.c | 2 +- 8 files changed, 12 insertions(+), 18 deletions(-) diff --git a/firmware/lib/include/rollback_index.h b/firmware/lib/include/rollback_index.h index 748dce97..386ad77f 100644 --- a/firmware/lib/include/rollback_index.h +++ b/firmware/lib/include/rollback_index.h @@ -117,7 +117,7 @@ uint32_t RollbackKernelWrite(uint32_t version); /** * Lock must be called. Internally, it's ignored in recovery mode. */ -uint32_t RollbackKernelLock(void); +uint32_t RollbackKernelLock(int recovery_mode); /****************************************************************************/ diff --git a/firmware/lib/mocked_rollback_index.c b/firmware/lib/mocked_rollback_index.c index e866f137..6f026a33 100644 --- a/firmware/lib/mocked_rollback_index.c +++ b/firmware/lib/mocked_rollback_index.c @@ -49,7 +49,7 @@ uint32_t RollbackFirmwareWrite(uint32_t version) { } -uint32_t RollbackFirmwareLock(void) { +uint32_t RollbackFirmwareLock(int recovery_mode) { return TPM_SUCCESS; } diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index 3744f4bb..619ba013 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -38,8 +38,6 @@ uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk); #undef DISABLE_ROLLBACK_TPM #endif -static int g_rollback_recovery_mode = 0; - #define RETURN_ON_FAILURE(tpm_command) do { \ uint32_t result_; \ if ((result_ = (tpm_command)) != TPM_SUCCESS) { \ @@ -355,10 +353,6 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode, VBDEBUG(("TPM: SetupTPM(r%d, d%d)\n", recovery_mode, developer_mode)); - /* Global variables are usable in recovery mode */ - if (recovery_mode) - g_rollback_recovery_mode = 1; - RETURN_ON_FAILURE(TlclLibInit()); #ifdef TEGRA_SOFT_REBOOT_WORKAROUND @@ -540,7 +534,7 @@ uint32_t RollbackKernelWrite(uint32_t version) return TPM_SUCCESS; } -uint32_t RollbackKernelLock(void) +uint32_t RollbackKernelLock(int recovery_mode) { return TPM_SUCCESS; } @@ -635,9 +629,9 @@ uint32_t RollbackKernelWrite(uint32_t version) return WriteSpaceKernel(&rsk); } -uint32_t RollbackKernelLock(void) +uint32_t RollbackKernelLock(int recovery_mode) { - if (g_rollback_recovery_mode) + if (recovery_mode) return TPM_SUCCESS; else return TlclLockPhysicalPresence(); diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c index 895a81d4..f253e92d 100644 --- a/firmware/lib/vboot_api_kernel.c +++ b/firmware/lib/vboot_api_kernel.c @@ -970,7 +970,7 @@ VbError_t VbSelectAndLoadKernel(VbCommonParams *cparams, sizeof(kparams->partition_guid)); /* Lock the kernel versions. Ignore errors in recovery mode. */ - tpm_status = RollbackKernelLock(); + tpm_status = RollbackKernelLock(shared->recovery_reason); if (0 != tpm_status) { VBDEBUG(("Error locking kernel versions.\n")); if (!shared->recovery_reason) { diff --git a/firmware/linktest/main.c b/firmware/linktest/main.c index 2a55248c..abbc165b 100644 --- a/firmware/linktest/main.c +++ b/firmware/linktest/main.c @@ -36,7 +36,7 @@ int main(void) RollbackFirmwareLock(); RollbackKernelRead(0); RollbackKernelWrite(0); - RollbackKernelLock(); + RollbackKernelLock(0); /* tpm_bootmode.c */ SetTPMBootModeState(0, 0, 0); diff --git a/tests/rollback_index2_tests.c b/tests/rollback_index2_tests.c index 1a07cb02..384895fb 100644 --- a/tests/rollback_index2_tests.c +++ b/tests/rollback_index2_tests.c @@ -938,19 +938,19 @@ static void RollbackKernelTest(void) /* Test lock (recovery off) */ ResetMocks(0, 0); - TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock()"); + TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()"); TEST_STR_EQ(mock_calls, "TlclLockPhysicalPresence()\n", "tlcl calls"); ResetMocks(1, TPM_E_IOERROR); - TEST_EQ(RollbackKernelLock(), TPM_E_IOERROR, + TEST_EQ(RollbackKernelLock(0), TPM_E_IOERROR, "RollbackKernelLock() error"); /* Test lock with recovery on; shouldn't lock PP */ SetupTPM(1, 0, 0, 0, &rsf); ResetMocks(0, 0); - TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock() in recovery"); + TEST_EQ(RollbackKernelLock(1), 0, "RollbackKernelLock() in recovery"); TEST_STR_EQ(mock_calls, "", "no tlcl calls"); } diff --git a/tests/rollback_index3_tests.c b/tests/rollback_index3_tests.c index 9434a5a7..2fc1f059 100644 --- a/tests/rollback_index3_tests.c +++ b/tests/rollback_index3_tests.c @@ -37,7 +37,7 @@ int main(int argc, char* argv[]) TEST_EQ(version, 0, "rkr version"); TEST_EQ(RollbackKernelWrite(0), 0, "RollbackKernelWrite()"); - TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock()"); + TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()"); return gTestSuccess ? 0 : 255; } diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c index 81628a44..e2155f56 100644 --- a/tests/vboot_api_kernel4_tests.c +++ b/tests/vboot_api_kernel4_tests.c @@ -94,7 +94,7 @@ uint32_t RollbackKernelWrite(uint32_t version) return rkw_retval; } -uint32_t RollbackKernelLock(void) +uint32_t RollbackKernelLock(int recovery_mode) { return rkl_retval; } -- cgit v1.2.1