GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security
History
Keith Short e0f3400547 coreboot: check Cr50 PM mode on normal boot 
Under some scenarios the key ladder on the Cr50 can get disabled.  If
this state is detected, trigger a reboot of the Cr50 to restore full
TPM functionality.

BUG=b:121463033
BRANCH=none
TEST=Built coreboot on sarien and grunt platforms.
TEST=Ran 'gsctool -a -m disable' and reboot. Verified coreboot sends
VENDOR_CC_IMMEDIATE_RESET command to Cr50 and that the Cr50 resets and
then the platform boots normally.
TEST=Performed Cr50 rollback to 0.0.22 which does not support the
VENDOR_CC_TPM_MODE command, confirmed that platform boots normally and
the coreboot log captures the unsupported command.
Tested-by: Keith Short <keithshort@chromium.org>

Change-Id: I70e012efaf1079d43890e909bc6b5015bef6835a
Signed-off-by: Keith Short <keithshort@chromium.org>
Reviewed-on: https://review.coreboot.org/c/31260
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2019-02-13 13:03:33 +00:00
..
tpm coreboot: check Cr50 PM mode on normal boot 2019-02-13 13:03:33 +00:00
vboot vboot: Makefile: Also apply CPPFLAGS include path fixups to ccopts 2019-01-28 13:38:16 +00:00
Kconfig security/tpm: Move tpm TSS and TSPI layer to security section 2018-01-18 01:35:31 +00:00
Makefile.inc security/tpm: Move tpm TSS and TSPI layer to security section 2018-01-18 01:35:31 +00:00