GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tpm2: add tlcl_force_clear and use it before factory init 

tlcl_force_clear() needs to be issued each time when the device mode
switches between normal/development/recovery.

This patch adds command implementation using TPM_Clear TPM2 command,
and also invokes it before factory initialization.

BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that TPM_Clear command succeeds at factory startup and
     the boot proceeds normally.

Change-Id: Ia431390870cbe448bc1b6f1755ed17953be9bdf1
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 347ff17b97da45fa4df547ff32f9dd2c8972cefd
Original-Change-Id: I2a0e62527ad46f9dd060afe5e75c7e4d56752849
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358095
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15636
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
This commit is contained in:
Vadim Bendebury 2016-07-03 15:56:41 -07:00 committed by Martin Roth
parent 7ee057c700
commit adfbbde7c9
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/lib/tpm2_tlcl.c
View File

@ -81,7 +81,15 @@ uint32_t tlcl_finalize_physical_presence(void)
uint32_t tlcl_force_clear(void)
{
printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
struct tpm2_response *response;
response = tpm_process_command(TPM2_Clear, NULL);
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
return TPM_E_IOERROR;
return TPM_SUCCESS;
}

1
src/vendorcode/google/chromeos/vboot2/antirollback.c
View File

@ -145,6 +145,7 @@ static uint32_t set_kernel_space(const void *kernel_blob)
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
{
RETURN_ON_FAILURE(tlcl_force_clear());
RETURN_ON_FAILURE(set_firmware_space(ctx->secdata));
RETURN_ON_FAILURE(set_kernel_space(secdata_kernel));
return TPM_SUCCESS;