GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vboot: Handle S3 resume path for TPM initialization 

When doing verification of memory init code in verstage vboot
should issue a TPM_Startup(ST_STATE) instead of TPM_Startup(ST_CLEAR)
in order to preserve the flags in TPM_STCLEAR_FLAGS which include
things like physical presence.  In doing so we can also skip the rest
of the TPM init work in this function in the S3 resume path.

BUG=chrome-os-partner:50633
BRANCH=glados
TEST=S3 resume on chell and ensure TPM is resumed instead of being
cleared and that 'tpmc getvf|getpf|getf' does not show any difference
in flags between boot and resume.

Change-Id: I7a48eaf7f57d2bc6ebc182178cbe60ceb2ad8863
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: f059f39a0f5c2f21e564b9554efacf26a41ad794
Original-Change-Id: I647869202d2f04328764155d3de4cad9edf10ae4
Original-Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Original-Previous-Reviewed-on: https://chromium-review.googlesource.com/332434
Original-(cherry picked from commit 5fc7792e4104523569140cd84ce313da721ec34b)
Original-Reviewed-on: https://chromium-review.googlesource.com/332542
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/14107
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
This commit is contained in:
Duncan Laurie 2016-03-14 09:32:08 -07:00 committed by Martin Roth
parent fe4983e5aa
commit a613a311b2
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/vendorcode/google/chromeos/vboot2/antirollback.c
View File

@ -249,6 +249,14 @@ uint32_t setup_tpm(struct vb2_context *ctx)
RETURN_ON_FAILURE(tlcl_lib_init()); RETURN_ON_FAILURE(tlcl_lib_init());
/* Handle special init for S3 resume path */
if (ctx->flags & VB2_CONTEXT_S3_RESUME) {
result = tlcl_resume();
if (result == TPM_E_INVALID_POSTINIT)
printk(BIOS_DEBUG, "TPM: Already initialized.\n");
return TPM_SUCCESS;
}
#ifdef TEGRA_SOFT_REBOOT_WORKAROUND #ifdef TEGRA_SOFT_REBOOT_WORKAROUND
result = tlcl_startup(); result = tlcl_startup();
if (result == TPM_E_INVALID_POSTINIT) { if (result == TPM_E_INVALID_POSTINIT) {

14
src/vendorcode/google/chromeos/vboot2/vboot_logic.c
View File

@ -304,13 +304,6 @@ void verstage_main(void)
/* Read nvdata from a non-volatile storage */ /* Read nvdata from a non-volatile storage */
read_vbnv(ctx.nvdata); read_vbnv(ctx.nvdata);
/* Read secdata from TPM. Initialize TPM if secdata not found. We don't
* check the return value here because vb2api_fw_phase1 will catch
* invalid secdata and tell us what to do (=reboot). */
timestamp_add_now(TS_START_TPMINIT);
antirollback_read_space_firmware(&ctx);
timestamp_add_now(TS_END_TPMINIT);
/* Set S3 resume flag if vboot should behave differently when selecting /* Set S3 resume flag if vboot should behave differently when selecting
* which slot to boot. This is only relevant to vboot if the platform * which slot to boot. This is only relevant to vboot if the platform
* does verification of memory init and thus must ensure it resumes with * does verification of memory init and thus must ensure it resumes with
@ -320,6 +313,13 @@ void verstage_main(void)
vboot_platform_is_resuming()) vboot_platform_is_resuming())
ctx.flags |= VB2_CONTEXT_S3_RESUME; ctx.flags |= VB2_CONTEXT_S3_RESUME;
/* Read secdata from TPM. Initialize TPM if secdata not found. We don't
* check the return value here because vb2api_fw_phase1 will catch
* invalid secdata and tell us what to do (=reboot). */
timestamp_add_now(TS_START_TPMINIT);
antirollback_read_space_firmware(&ctx);
timestamp_add_now(TS_END_TPMINIT);
if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) && if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) &&
get_developer_mode_switch()) get_developer_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;