diff options
| -rw-r--r-- | src/vendorcode/google/chromeos/vboot2/antirollback.c | 8 | ||||
| -rw-r--r-- | src/vendorcode/google/chromeos/vboot2/vboot_logic.c | 14 |
2 files changed, 15 insertions, 7 deletions
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c index 654fd3438f..fbc6d42a18 100644 --- a/src/vendorcode/google/chromeos/vboot2/antirollback.c +++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c @@ -249,6 +249,14 @@ uint32_t setup_tpm(struct vb2_context *ctx) RETURN_ON_FAILURE(tlcl_lib_init()); + /* Handle special init for S3 resume path */ + if (ctx->flags & VB2_CONTEXT_S3_RESUME) { + result = tlcl_resume(); + if (result == TPM_E_INVALID_POSTINIT) + printk(BIOS_DEBUG, "TPM: Already initialized.\n"); + return TPM_SUCCESS; + } + #ifdef TEGRA_SOFT_REBOOT_WORKAROUND result = tlcl_startup(); if (result == TPM_E_INVALID_POSTINIT) { diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c index d43fb276d0..a81a9c2892 100644 --- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c +++ b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c @@ -304,13 +304,6 @@ void verstage_main(void) /* Read nvdata from a non-volatile storage */ read_vbnv(ctx.nvdata); - /* Read secdata from TPM. Initialize TPM if secdata not found. We don't - * check the return value here because vb2api_fw_phase1 will catch - * invalid secdata and tell us what to do (=reboot). */ - timestamp_add_now(TS_START_TPMINIT); - antirollback_read_space_firmware(&ctx); - timestamp_add_now(TS_END_TPMINIT); - /* Set S3 resume flag if vboot should behave differently when selecting * which slot to boot. This is only relevant to vboot if the platform * does verification of memory init and thus must ensure it resumes with @@ -320,6 +313,13 @@ void verstage_main(void) vboot_platform_is_resuming()) ctx.flags |= VB2_CONTEXT_S3_RESUME; + /* Read secdata from TPM. Initialize TPM if secdata not found. We don't + * check the return value here because vb2api_fw_phase1 will catch + * invalid secdata and tell us what to do (=reboot). */ + timestamp_add_now(TS_START_TPMINIT); + antirollback_read_space_firmware(&ctx); + timestamp_add_now(TS_END_TPMINIT); + if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) && get_developer_mode_switch()) ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE; |