From c66cbc3440b03440d591274b188ea62b2de7af80 Mon Sep 17 00:00:00 2001
From: Hung-Te Lin <hungte@chromium.org>
Date: Tue, 22 Nov 2016 09:41:38 +0800
Subject: utility: Allow chromeos-tpm-recovery to return failure.

When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.

However, there are few known issues:
 - 0x1009 is not needed in TPM2.
 - The space is not created in TPM2.
 - tlcl does not support define spaces with policies yet (crosbug.com/p/59594).

As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.

This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.

BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
     build_image --board $BOARD factory_install;
     Boot factory install shim, select 'I' and get TPM recovered.

Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
---
 utility/chromeos-tpm-recovery | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/utility/chromeos-tpm-recovery b/utility/chromeos-tpm-recovery
index e7959d2c..bcb1819f 100755
--- a/utility/chromeos-tpm-recovery
+++ b/utility/chromeos-tpm-recovery
@@ -14,6 +14,8 @@ crossystem=${USR_BIN}/crossystem
 dot_recovery=${DOT_RECOVERY:=/mnt/stateful_partition/.recovery}
 awk=/usr/bin/awk
 initctl=/sbin/initctl
+daemon_was_running=
+err=0
 
 tpm2_target() {
   # This is not an ideal way to tell if we are running on a tpm2 target, but
@@ -41,6 +43,16 @@ log_tryfix() {
   log "$*: attempting to fix"
 }
 
+log_error() {
+  err=$((err + 1))
+  log "ERROR: $*"
+}
+
+
+log_warn() {
+  log "WARNING: $*"
+}
+
 tpm_clear_and_reenable () {
   $tpmc clear
 
@@ -75,7 +87,7 @@ reset_space () {
 }
 
 restart_daemon_if_needed() {
-  if [ $daemon_was_running != 0 ]; then
+  if [ "$daemon_was_running" = 1 ]; then
     log "Restarting ${DAEMON}..."
     $initctl start "${DAEMON}" >/dev/null
   fi
@@ -150,13 +162,15 @@ tpm_clear_and_reenable
 
 # Reset firmware and kernel spaces to default (rollback version 1/1)
 reset_space 0x1007 0x8001 0xa "02  00  01 00 01 00  00 00 00  4f" || \
-  log "could not fix firmware space"
+  log_error "could not fix firmware space"
 reset_space 0x1008 0x1 0xd "02  4c 57 52 47  01 00 01 00  00 00 00  55" || \
-  log "could not fix kernel space"
-# Don't need valid data in backup space, vboot can reset it as long as it exists
-reset_space 0x1009 0x1 0x10 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" || \
-  log "could not fix backup space"
+  log_error "could not fix kernel space"
 
 restart_daemon_if_needed
 
-log "TPM has successfully been reset to factory defaults"
+if [ "$err" -eq 0 ]; then
+  log "TPM has successfully been reset to factory defaults"
+else
+  log_error "TPM was not fully recovered."
+  exit 1
+fi
-- 
cgit v1.2.1