diff options
author | Duncan Laurie <dlaurie@chromium.org> | 2016-03-14 09:32:08 -0700 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-03-29 23:35:03 +0200 |
commit | a613a311b230d4ecfabd8860d207c286347f9393 (patch) | |
tree | 3397d8fbc999b22f177fd0ecc3ce4214e10af820 /src/vendorcode/google/chromeos | |
parent | fe4983e5aa0a9d3228d3634116be88e361ec23c3 (diff) |
vboot: Handle S3 resume path for TPM initialization
When doing verification of memory init code in verstage vboot
should issue a TPM_Startup(ST_STATE) instead of TPM_Startup(ST_CLEAR)
in order to preserve the flags in TPM_STCLEAR_FLAGS which include
things like physical presence. In doing so we can also skip the rest
of the TPM init work in this function in the S3 resume path.
BUG=chrome-os-partner:50633
BRANCH=glados
TEST=S3 resume on chell and ensure TPM is resumed instead of being
cleared and that 'tpmc getvf|getpf|getf' does not show any difference
in flags between boot and resume.
Change-Id: I7a48eaf7f57d2bc6ebc182178cbe60ceb2ad8863
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: f059f39a0f5c2f21e564b9554efacf26a41ad794
Original-Change-Id: I647869202d2f04328764155d3de4cad9edf10ae4
Original-Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Original-Previous-Reviewed-on: https://chromium-review.googlesource.com/332434
Original-(cherry picked from commit 5fc7792e4104523569140cd84ce313da721ec34b)
Original-Reviewed-on: https://chromium-review.googlesource.com/332542
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-on: https://review.coreboot.org/14107
Tested-by: build bot (Jenkins)
Reviewed-by: Martin Roth <martinroth@google.com>
Diffstat (limited to 'src/vendorcode/google/chromeos')
-rw-r--r-- | src/vendorcode/google/chromeos/vboot2/antirollback.c | 8 | ||||
-rw-r--r-- | src/vendorcode/google/chromeos/vboot2/vboot_logic.c | 14 |
2 files changed, 15 insertions, 7 deletions
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c index 654fd3438f..fbc6d42a18 100644 --- a/src/vendorcode/google/chromeos/vboot2/antirollback.c +++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c @@ -249,6 +249,14 @@ uint32_t setup_tpm(struct vb2_context *ctx) RETURN_ON_FAILURE(tlcl_lib_init()); + /* Handle special init for S3 resume path */ + if (ctx->flags & VB2_CONTEXT_S3_RESUME) { + result = tlcl_resume(); + if (result == TPM_E_INVALID_POSTINIT) + printk(BIOS_DEBUG, "TPM: Already initialized.\n"); + return TPM_SUCCESS; + } + #ifdef TEGRA_SOFT_REBOOT_WORKAROUND result = tlcl_startup(); if (result == TPM_E_INVALID_POSTINIT) { diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c index d43fb276d0..a81a9c2892 100644 --- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c +++ b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c @@ -304,13 +304,6 @@ void verstage_main(void) /* Read nvdata from a non-volatile storage */ read_vbnv(ctx.nvdata); - /* Read secdata from TPM. Initialize TPM if secdata not found. We don't - * check the return value here because vb2api_fw_phase1 will catch - * invalid secdata and tell us what to do (=reboot). */ - timestamp_add_now(TS_START_TPMINIT); - antirollback_read_space_firmware(&ctx); - timestamp_add_now(TS_END_TPMINIT); - /* Set S3 resume flag if vboot should behave differently when selecting * which slot to boot. This is only relevant to vboot if the platform * does verification of memory init and thus must ensure it resumes with @@ -320,6 +313,13 @@ void verstage_main(void) vboot_platform_is_resuming()) ctx.flags |= VB2_CONTEXT_S3_RESUME; + /* Read secdata from TPM. Initialize TPM if secdata not found. We don't + * check the return value here because vb2api_fw_phase1 will catch + * invalid secdata and tell us what to do (=reboot). */ + timestamp_add_now(TS_START_TPMINIT); + antirollback_read_space_firmware(&ctx); + timestamp_add_now(TS_END_TPMINIT); + if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) && get_developer_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; |