diff options
| author | Sergii Dmytruk <sergii.dmytruk@3mdeb.com> | 2022-11-02 00:50:03 +0200 |
|---|---|---|
| committer | Martin L Roth <gaumless@gmail.com> | 2024-03-28 15:18:04 +0000 |
| commit | 47e9e8cde1810ee9f249027b14ee9f82a7a52d84 (patch) | |
| tree | 77771e49f8121bebb1b5904940ff7abf2714dccb /src/vendorcode | |
| parent | 094a051732341d20e82c349ea10f85faea6e58d1 (diff) | |
security/tpm: replace CONFIG(TPMx) checks with runtime check
This prepares the code for enabling both CONFIG_TPM1 and CONFIG_TPM2
during compilation, in which case actual TPM family in use can be
determined at runtime.
In some places both compile-time and runtime checks are necessary.
Yet in places like probe functions runtime state checks don't make sense
as runtime state is defined by results of probing.
Change-Id: Id9cc25aad8d1d7bfad12b7a92059b1b3641bbfa9
Ticket: https://ticket.coreboot.org/issues/433
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/69161
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/vendorcode')
| -rw-r--r-- | src/vendorcode/google/chromeos/cse_board_reset.c | 5 | ||||
| -rw-r--r-- | src/vendorcode/google/chromeos/tpm2.c | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/src/vendorcode/google/chromeos/cse_board_reset.c b/src/vendorcode/google/chromeos/cse_board_reset.c index e7cb878b68..f3369483e3 100644 --- a/src/vendorcode/google/chromeos/cse_board_reset.c +++ b/src/vendorcode/google/chromeos/cse_board_reset.c @@ -19,6 +19,11 @@ void cse_board_reset(void) if (CONFIG(CSE_RESET_CLEAR_EC_AP_IDLE_FLAG)) google_chromeec_clear_ec_ap_idle(); + /* + * Assuming that if particular TPM implementation is enabled at compile + * time, it's the one being used. This isn't generic code, so can + * probably get away with it. + */ if (CONFIG(TPM2) && CONFIG(TPM_GOOGLE_CR50)) { /* Initialize TPM and get the cr50 firmware version. */ rc = tlcl_lib_init(); diff --git a/src/vendorcode/google/chromeos/tpm2.c b/src/vendorcode/google/chromeos/tpm2.c index 31c28c9d2a..8823978de4 100644 --- a/src/vendorcode/google/chromeos/tpm2.c +++ b/src/vendorcode/google/chromeos/tpm2.c @@ -22,6 +22,10 @@ static void disable_platform_hierarchy(void *unused) return; } + /* In case both families are enabled, but TPM1 is in use. */ + if (tlcl_get_family() != TPM_2) + return; + rc = tlcl2_disable_platform_hierarchy(); if (rc != TPM_SUCCESS) printk(BIOS_ERR, "Platform hierarchy disablement failed: %#x\n", |