drivers/intel/fsp2_0: fix TPM setup and MRC cache hash logic

When VBOOT_STARTS_IN_BOOTBLOCK is selected, the tpm_setup call in memory_init.c is not used. When VBOOT_STARTS_IN_ROMSTAGE is selected, the tpm_setup call in memory_init.c is triggered. However, when verstage runs, tpm_setup is called yet again, and an error is triggered from the multiple initialization calls. Since there are currently no boards using VBOOT_STARTS_IN_ROMSTAGE + FSP2_0_USES_TPM_MRC_HASH, disable this combination via Kconfig, and remove the tpm_setup call from Intel FSP memory initializion code. * VBOOT=y VBOOT_STARTS_IN_BOOTBLOCK=y vboot is enabled, and TPM is setup prior to Intel FSP memory initialization. Allow FSP2_0_USES_TPM_MRC_HASH option. * VBOOT=y VBOOT_STARTS_IN_BOOTBLOCK=n vboot is enabled, but TPM is setup in romstage, after Intel FSP memory initialization. Disallow FSP2_0_USES_TPM_MRC_HASH option. * VBOOT=n vboot is disabled. Disallow FSP2_0_USES_TPM_MRC_HASH option. See bug for more information: https://bugs.chromium.org/p/chromium/issues/detail?id=940377 BUG=chromium:940377 TEST=util/lint/checkpatch.pl -g origin/master..HEAD TEST=util/abuild/abuild -B -e -y -c 50 -p none -x TEST=make clean && make test-abuild BRANCH=none Change-Id: I4ba91c275c33245be61041cb592e52f861dbafe6 Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/31837 Reviewed-by: Furquan Shaikh <furquan@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
2019-03-11 17:47:24 +08:00 · 2019-03-11 17:47:24 +08:00 · 2c8243cf6d
parent 6e401cf7e6
commit 2c8243cf6d
2 changed files with 15 additions and 9 deletions
--- a/src/drivers/intel/fsp2_0/Kconfig
+++ b/src/drivers/intel/fsp2_0/Kconfig
@ -159,10 +159,19 @@ config DISPLAY_FSP_VERSION_INFO
 config FSP2_0_USES_TPM_MRC_HASH
 	bool
 	depends on TPM1 || TPM2
-	depends on VBOOT
+	depends on VBOOT && VBOOT_STARTS_IN_BOOTBLOCK
 	default y if HAS_RECOVERY_MRC_CACHE
 	default n
 	select VBOOT_HAS_REC_HASH_SPACE
 	help
 	  Store hash of trained recovery MRC cache in NVRAM space in TPM.
 	  Use the hash to validate recovery MRC cache before using it.
 	  This hash needs to be updated every time recovery mode training
 	  is recomputed, or if the hash does not match recovery MRC cache.
 	  Selecting this option requires that TPM already be setup by this
 	  point in time.  Thus it is only compatible when the option
 	  VBOOT_STARTS_IN_BOOTBLOCK is selected, which causes verstage and
 	  TPM setup to occur prior to memory initialization.
 config FSP_PLATFORM_MEMORY_SETTINGS_VERSIONS
 	bool
--- a/src/drivers/intel/fsp2_0/memory_init.c
+++ b/src/drivers/intel/fsp2_0/memory_init.c
@ -33,6 +33,11 @@
 #include <vb2_api.h>
 #include <fsp/memory_init.h>
 /* TPM MRC hash functionality depends on vboot starting before memory init. */
 _Static_assert(!CONFIG(FSP2_0_USES_TPM_MRC_HASH) ||
 	       CONFIG(VBOOT_STARTS_IN_BOOTBLOCK),
 	       "for TPM MRC hash functionality, vboot must start in bootblock");
 static void save_memory_training_data(bool s3wake, uint32_t fsp_version)
 {
 	size_t  mrc_data_size;
@ -92,14 +97,6 @@ static void do_fsp_post_memory_init(bool s3wake, uint32_t fsp_version)
 	/* Create romstage handof information */
 	romstage_handoff_init(s3wake);
 	/*
 	 * Initialize the TPM, unless the TPM was already initialized
 	 * in verstage and used to verify romstage.
 	 */
 	if ((CONFIG(TPM1) || CONFIG(TPM2)) &&
 	    !CONFIG(VBOOT_STARTS_IN_BOOTBLOCK))
 		tpm_setup(s3wake);
 }
 static void fsp_fill_mrc_cache(FSPM_ARCH_UPD *arch_upd, uint32_t fsp_version)