diff options
| author | Jon Murphy <jpmurphy@google.com> | 2023-09-05 11:43:14 -0600 |
|---|---|---|
| committer | Raul Rangel <rrangel@chromium.org> | 2023-09-28 16:55:03 +0000 |
| commit | a2f08aa5c4420053d80ca23992b9e61888976f7c (patch) | |
| tree | ec265453e1f5548edc98efcdd765fa56f7ee6cde | |
| parent | db4e93ba1a927527f4a095aa8395c31c87d2438d (diff) | |
drivers/tpm: Add tpm failure handling
Add additional failure mode logic for the TPM to enable an
automated recovery mode for GSC hangs.
BUG=b:296439237
TEST=Force the error by hard coding the return code and observe the
device entering hibernate.
BRANCH=None
Change-Id: Ieec7e9227d538130354dea8b772d0306cdda1237
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77667
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
| -rw-r--r-- | src/security/tpm/Kconfig | 9 | ||||
| -rw-r--r-- | src/security/vboot/vboot_logic.c | 17 |
2 files changed, 25 insertions, 1 deletions
diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig index 39134c1c71..c06150dacd 100644 --- a/src/security/tpm/Kconfig +++ b/src/security/tpm/Kconfig @@ -172,3 +172,12 @@ config PCR_RUNTIME_DATA default 3 endmenu # Trusted Platform Module (tpm) + +config TPM_SETUP_HIBERNATE_ON_ERR + bool + depends on EC_GOOGLE_CHROMEEC + help + Select this to force a device to hibernate on the next AP shutdown when a TPM + setup error occurs. This will cause a cold boot of the system and offer an + opportunity to recover the TPM should it be hung. This is only effective if + the Z-State brings the power rail down. diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index ab38085f48..11983b9e1e 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -4,6 +4,7 @@ #include <assert.h> #include <console/console.h> #include <bootmode.h> +#include <ec/google/chromeec/ec.h> #include <fmap.h> #include <security/tpm/tspi/crtm.h> #include <security/tpm/tss/vendor/cr50/cr50.h> @@ -271,9 +272,23 @@ void verstage_main(void) * check the return value here because vb2api_fw_phase1 will catch * invalid secdata and tell us what to do (=reboot). */ timestamp_add_now(TS_TPMINIT_START); - if (vboot_setup_tpm(ctx) == TPM_SUCCESS) { + rv = vboot_setup_tpm(ctx); + if (rv == TPM_SUCCESS) { antirollback_read_space_firmware(ctx); antirollback_read_space_kernel(ctx); + } else { + vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_S_ERROR, rv); + if (CONFIG(TPM_SETUP_HIBERNATE_ON_ERR) && + rv == TPM_CB_COMMUNICATION_ERROR) { + printk(BIOS_ERR, "Failed to communicate with TPM\n" + "Next reboot will hibernate to reset TPM"); + /* Command the EC to hibernate on next AP shutdown */ + if (google_chromeec_reboot( + EC_REBOOT_HIBERNATE, + EC_REBOOT_FLAG_ON_AP_SHUTDOWN)) { + printk(BIOS_ERR, "Failed to get EC to schedule hibernate"); + } + } } timestamp_add_now(TS_TPMINIT_END); |