summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFurquan Shaikh <furquan@google.com>2015-09-17 12:40:23 -0700
committerPatrick Georgi <pgeorgi@google.com>2015-10-28 22:28:28 +0100
commit6fecb7106ef6846e7f75cff59b8d2f9d7ed1109a (patch)
tree4f1bfe9d984a93de979f0e4c7d3c701bfba22a47
parent5dba15c180e9bd4e4e24cf59fdaaee9293a009bc (diff)
vboot2: Fix flows for TPM_E_MUST_REBOOT
While migrating from vboot1 to vboot2, the tpm_init was moved out of vboot library and implemented in coreboot. However, while doing this, the initial factory flow was missed. We need to ensure following flow for tpm_init: 1. Perform tpm_init 2. If tpm_init fails, set secdata_context flag to indicate to vboot that tpm needs reboot. 3. Call vb2_api_phase1 4. If vb2_api_phase1 returns error code saying boot into recovery, continue booting into recovery. For all other error codes, save context if required and reboot. [pg: everything but step 2 was already done, so this upstream commit is quite minimal] CQ-DEPEND=CL:300572 BUG=chrome-os-partner:45462 BRANCH=None TEST=Verified behavior on smaug. Steps to test: 1. Reboot into recovery 2. tpmc clear 3. Reboot device Expected Behavior: Device should reboot after Enabling TPM. Should not enter recovery Confirmed that the device behaves as expected. Change-Id: I72f08d583b744bd77accadd06958c61ade298dfb Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 85ac93137f3cfb28668dcfa18dfc773bf910d44e Original-Change-Id: I38ab9b9d6c2a718ccc8641377508ffc93fef2ba1 Original-Signed-off-by: Furquan Shaikh <furquan@google.com> Original-Reviewed-on: https://chromium-review.googlesource.com/300570 Original-Commit-Ready: Furquan Shaikh <furquan@chromium.org> Original-Tested-by: Furquan Shaikh <furquan@chromium.org> Original-Reviewed-by: Randall Spangler <rspangler@chromium.org> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-on: http://review.coreboot.org/12205 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Tested-by: build bot (Jenkins)
-rw-r--r--src/vendorcode/google/chromeos/vboot2/antirollback.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index 407b19cecd..654fd3438f 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -257,6 +257,7 @@ uint32_t setup_tpm(struct vb2_context *ctx)
* reset. We do a hard reset to get around this.
*/
VBDEBUG("TPM: soft reset detected\n", result);
+ ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
return TPM_E_MUST_REBOOT;
} else if (result != TPM_SUCCESS) {
VBDEBUG("TPM: tlcl_startup returned %08x\n", result);
@@ -304,6 +305,7 @@ uint32_t setup_tpm(struct vb2_context *ctx)
RETURN_ON_FAILURE(tlcl_set_enable());
RETURN_ON_FAILURE(tlcl_set_deactivated(0));
VBDEBUG("TPM: Must reboot to re-enable\n");
+ ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
return TPM_E_MUST_REBOOT;
}