diff options
-rw-r--r-- | src/mainboard/facebook/fbg1701/romstage.c | 6 | ||||
-rw-r--r-- | src/security/tpm/tspi/tspi.c | 18 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-1.2/tss.c | 10 | ||||
-rw-r--r-- | src/security/tpm/tss/tcg-2.0/tss.c | 52 | ||||
-rw-r--r-- | src/security/tpm/tss/vendor/cr50/cr50.c | 28 | ||||
-rw-r--r-- | src/security/tpm/tss/vendor/cr50/cr50.h | 8 | ||||
-rw-r--r-- | src/security/tpm/tss_errors.h | 75 | ||||
-rw-r--r-- | src/security/vboot/secdata_tpm.c | 28 | ||||
-rw-r--r-- | src/security/vboot/tpm_common.c | 2 | ||||
-rw-r--r-- | src/security/vboot/vboot_logic.c | 2 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/mboot/mboot.c | 22 | ||||
-rw-r--r-- | src/vendorcode/eltan/security/verified_boot/vboot_check.c | 2 | ||||
-rw-r--r-- | src/vendorcode/google/chromeos/cr50_enable_update.c | 4 |
13 files changed, 135 insertions, 122 deletions
diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c index 19cf867e79..c3d817b73b 100644 --- a/src/mainboard/facebook/fbg1701/romstage.c +++ b/src/mainboard/facebook/fbg1701/romstage.c @@ -63,8 +63,8 @@ void mainboard_after_memory_init(void) * * @param[in] activePcr bitmap of the support * - * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_SUCCESS Operation completed successfully. + * @retval TPM_IOERROR Unexpected device behavior. */ static const uint8_t crtm_version[] = @@ -73,7 +73,7 @@ static const uint8_t crtm_version[] = int mb_crtm(void) { - int rc = TPM_E_IOERROR; + int rc = TPM_IOERROR; TCG_PCR_EVENT2_HDR tcgEventHdr; /* Use FirmwareVersion string to represent CRTM version. */ diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 22383d4027..aee1cf4709 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -45,7 +45,7 @@ static uint32_t tpm1_invoke_state_machine(void) } deactivated = !deactivated; - rc = TPM_E_MUST_REBOOT; + rc = TPM_CB_MUST_REBOOT; } return rc; @@ -61,7 +61,7 @@ static uint32_t tpm_setup_s3_helper(void) case TPM_SUCCESS: break; - case TPM_E_INVALID_POSTINIT: + case TPM_INVALID_POSTINIT: /* * We're on a platform where the TPM maintains power * in S3, so it's already initialized. @@ -151,7 +151,7 @@ uint32_t tpm_setup(int s3flag) rc = tlcl_startup(); if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT) - && rc == TPM_E_INVALID_POSTINIT) { + && rc == TPM_INVALID_POSTINIT) { printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n"); rc = TPM_SUCCESS; } @@ -224,7 +224,7 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo, uint32_t rc; if (!digest) - return TPM_E_IOERROR; + return TPM_IOERROR; if (tspi_tpm_is_setup()) { rc = tlcl_lib_init(); @@ -262,14 +262,14 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, struct vb2_digest_context ctx; if (!rdev || !rname) - return TPM_E_INVALID_ARG; + return TPM_CB_INVALID_ARG; digest_len = vb2_digest_size(TPM_MEASURE_ALGO); assert(digest_len <= sizeof(digest)); if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), TPM_MEASURE_ALGO, region_device_sz(rdev))) { printk(BIOS_ERR, "TPM: Error initializing hash.\n"); - return TPM_E_HASH_ERROR; + return TPM_CB_HASH_ERROR; } /* * Though one can mmap the full needed region on x86 this is not the @@ -281,16 +281,16 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr, if (rdev_readat(rdev, buf, offset, len) < 0) { printk(BIOS_ERR, "TPM: Not able to read region %s.\n", rname); - return TPM_E_READ_FAILURE; + return TPM_CB_READ_FAILURE; } if (vb2_digest_extend(&ctx, buf, len)) { printk(BIOS_ERR, "TPM: Error extending hash.\n"); - return TPM_E_HASH_ERROR; + return TPM_CB_HASH_ERROR; } } if (vb2_digest_finalize(&ctx, digest, digest_len)) { printk(BIOS_ERR, "TPM: Error finalizing hash.\n"); - return TPM_E_HASH_ERROR; + return TPM_CB_HASH_ERROR; } return tpm_extend_pcr(pcr, TPM_MEASURE_ALGO, digest, digest_len, rname); } diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c index 9c19f7f3cb..b6527a6482 100644 --- a/src/security/tpm/tss/tcg-1.2/tss.c +++ b/src/security/tpm/tss/tcg-1.2/tss.c @@ -108,7 +108,7 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response, max_length); /* If the command fails because the self test has not completed, try it * again after attempting to ensure that the self test has completed. */ - if (rc == TPM_E_NEEDS_SELFTEST || rc == TPM_E_DOING_SELFTEST) { + if (rc == TPM_NEEDS_SELFTEST || rc == TPM_DOING_SELFTEST) { rc = tlcl_continue_self_test(); if (rc != TPM_SUCCESS) return rc; @@ -125,7 +125,7 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response, do { rc = tlcl_send_receive_no_retry(request, response, max_length); - } while (rc == TPM_E_DOING_SELFTEST); + } while (rc == TPM_DOING_SELFTEST); #endif } return rc; @@ -238,7 +238,7 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength; from_tpm_uint32(nv_read_cursor, &result_length); if (result_length > length) - return TPM_E_IOERROR; + return TPM_IOERROR; nv_read_cursor += sizeof(uint32_t); memcpy(data, nv_read_cursor, result_length); } @@ -301,7 +301,7 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags) return rc; from_tpm_uint32(response + kTpmResponseHeaderLength, &size); if (size != sizeof(TPM_PERMANENT_FLAGS)) - return TPM_E_IOERROR; + return TPM_IOERROR; memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size), sizeof(TPM_PERMANENT_FLAGS)); return rc; @@ -338,7 +338,7 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength]; if (digest_algo != VB2_HASH_SHA1) - return TPM_E_INVALID_ARG; + return TPM_CB_INVALID_ARG; memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd)); to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num); diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index d228c7f6a8..5b9aab82bf 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -57,7 +57,7 @@ static uint32_t tlcl_send_startup(TPM_SU type) /* IO error, tpm2_response pointer is empty. */ if (!response) { printk(BIOS_ERR, "%s: TPM communication error\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } printk(BIOS_INFO, "%s: Startup return code is %x\n", @@ -66,13 +66,13 @@ static uint32_t tlcl_send_startup(TPM_SU type) switch (response->hdr.tpm_code) { case TPM_RC_INITIALIZE: /* TPM already initialized. */ - return TPM_E_INVALID_POSTINIT; + return TPM_INVALID_POSTINIT; case TPM2_RC_SUCCESS: return TPM_SUCCESS; } - /* Collapse any other errors into TPM_E_IOERROR. */ - return TPM_E_IOERROR; + /* Collapse any other errors into TPM_IOERROR. */ + return TPM_IOERROR; } uint32_t tlcl_resume(void) @@ -91,7 +91,7 @@ static uint32_t tlcl_send_shutdown(TPM_SU type) /* IO error, tpm2_response pointer is empty. */ if (!response) { printk(BIOS_ERR, "%s: TPM communication error\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } printk(BIOS_INFO, "%s: Shutdown return code is %x\n", @@ -100,8 +100,8 @@ static uint32_t tlcl_send_shutdown(TPM_SU type) if (response->hdr.tpm_code == TPM2_RC_SUCCESS) return TPM_SUCCESS; - /* Collapse any other errors into TPM_E_IOERROR. */ - return TPM_E_IOERROR; + /* Collapse any other errors into TPM_IOERROR. */ + return TPM_IOERROR; } uint32_t tlcl_save_state(void) @@ -144,7 +144,7 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, alg = tpmalg_from_vb2_hash(digest_type); if (alg == TPM_ALG_ERROR) - return TPM_E_HASH_ERROR; + return TPM_CB_HASH_ERROR; pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num; pcr_ext_cmd.digests.count = 1; @@ -158,7 +158,7 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data, printk(BIOS_INFO, "%s: response is %x\n", __func__, response ? response->hdr.tpm_code : -1); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR; return TPM_SUCCESS; } @@ -179,7 +179,7 @@ uint32_t tlcl_force_clear(void) __func__, response ? response->hdr.tpm_code : -1); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR; return TPM_SUCCESS; } @@ -196,7 +196,7 @@ uint32_t tlcl_clear_control(bool disable) __func__, response ? response->hdr.tpm_code : -1); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR; return TPM_SUCCESS; } @@ -244,7 +244,7 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) /* Need to map tpm error codes into internal values. */ if (!response) - return TPM_E_READ_FAILURE; + return TPM_CB_READ_FAILURE; printk(BIOS_INFO, "%s:%d index %#x return code %x\n", __FILE__, __LINE__, index, response->hdr.tpm_code); @@ -259,20 +259,20 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length) * hasn't been defined. */ case TPM_RC_CR50_NV_UNDEFINED: - return TPM_E_BADINDEX; + return TPM_BADINDEX; case TPM_RC_NV_RANGE: - return TPM_E_RANGE; + return TPM_CB_RANGE; default: - return TPM_E_READ_FAILURE; + return TPM_CB_READ_FAILURE; } if (length > response->nvr.buffer.t.size) - return TPM_E_RESPONSE_TOO_LARGE; + return TPM_CB_RESPONSE_TOO_LARGE; if (length < response->nvr.buffer.t.size) - return TPM_E_READ_EMPTY; + return TPM_CB_READ_EMPTY; memcpy(data, response->nvr.buffer.t.buffer, length); @@ -306,7 +306,7 @@ uint32_t tlcl_lock_nv_write(uint32_t index) __func__, response ? response->hdr.tpm_code : -1); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR; return TPM_SUCCESS; } @@ -334,7 +334,7 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length) /* Need to map tpm error codes into internal values. */ if (!response || response->hdr.tpm_code) - return TPM_E_WRITE_FAILURE; + return TPM_CB_WRITE_FAILURE; return TPM_SUCCESS; } @@ -357,7 +357,7 @@ uint32_t tlcl_set_bits(uint32_t index, uint64_t bits) /* Need to map tpm error codes into internal values. */ if (!response || response->hdr.tpm_code) - return TPM_E_WRITE_FAILURE; + return TPM_CB_WRITE_FAILURE; return TPM_SUCCESS; } @@ -392,16 +392,16 @@ uint32_t tlcl_define_space(uint32_t space_index, size_t space_size, response ? response->hdr.tpm_code : -1); if (!response) - return TPM_E_NO_DEVICE; + return TPM_CB_NO_DEVICE; /* Map TPM2 return codes into common vboot representation. */ switch (response->hdr.tpm_code) { case TPM2_RC_SUCCESS: return TPM_SUCCESS; case TPM2_RC_NV_DEFINED: - return TPM_E_NV_DEFINED; + return TPM_CB_NV_DEFINED; default: - return TPM_E_INTERNAL_INCONSISTENCY; + return TPM_CB_INTERNAL_INCONSISTENCY; } } @@ -448,7 +448,7 @@ uint32_t tlcl_disable_platform_hierarchy(void) response = tpm_process_command(TPM2_Hierarchy_Control, &hc); if (!response || response->hdr.tpm_code) - return TPM_E_INTERNAL_INCONSISTENCY; + return TPM_CB_INTERNAL_INCONSISTENCY; return TPM_SUCCESS; } @@ -467,14 +467,14 @@ uint32_t tlcl_get_capability(TPM_CAP capability, uint32_t property, if (property_count > 1) { printk(BIOS_ERR, "%s: property_count more than one not " "supported yet\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } response = tpm_process_command(TPM2_GetCapability, &cmd); if (!response) { printk(BIOS_ERR, "%s: Command Failed\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } memcpy(capability_data, &response->gc.cd, sizeof(TPMS_CAPABILITY_DATA)); diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c index 57d0b61a24..5dbf0148bb 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.c +++ b/src/security/tpm/tss/vendor/cr50/cr50.c @@ -24,7 +24,7 @@ uint32_t tlcl_cr50_enable_nvcommits(void) response->hdr.tpm_code); else printk(BIOS_INFO, "%s: failed\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } return TPM_SUCCESS; } @@ -42,7 +42,7 @@ uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms, response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR; *num_restored_headers = response->vcr.num_restored_headers; return TPM_SUCCESS; @@ -58,7 +58,7 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state) response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR; *recovery_button_state = response->vcr.recovery_button_state; return TPM_SUCCESS; @@ -75,7 +75,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command); if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR; if (response->hdr.tpm_code == VENDOR_RC_INTERNAL_ERROR) { /* @@ -83,7 +83,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) * is disabled. The Cr50 requires a reboot to re-enable the key * ladder. */ - return TPM_E_MUST_REBOOT; + return TPM_CB_MUST_REBOOT; } if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || @@ -91,12 +91,12 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode) /* * Explicitly inform caller when command is not supported */ - return TPM_E_NO_SUCH_COMMAND; + return TPM_CB_NO_SUCH_COMMAND; } if (response->hdr.tpm_code) { /* Unexpected return code from Cr50 */ - return TPM_E_IOERROR; + return TPM_IOERROR; } /* TPM command completed without error */ @@ -115,16 +115,16 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode) response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command); if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR; if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) /* Explicitly inform caller when command is not supported */ - return TPM_E_NO_SUCH_COMMAND; + return TPM_CB_NO_SUCH_COMMAND; if (response->hdr.tpm_code) /* Unexpected return code from Cr50 */ - return TPM_E_IOERROR; + return TPM_IOERROR; *boot_mode = response->vcr.boot_mode; @@ -145,7 +145,7 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms) &reset_command_body); if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR; return TPM_SUCCESS; } @@ -160,16 +160,16 @@ uint32_t tlcl_cr50_reset_ec(void) response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &reset_cmd); if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR; if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) /* Explicitly inform caller when command is not supported */ - return TPM_E_NO_SUCH_COMMAND; + return TPM_CB_NO_SUCH_COMMAND; if (response->hdr.tpm_code) /* Unexpected return code from Cr50 */ - return TPM_E_IOERROR; + return TPM_IOERROR; printk(BIOS_DEBUG, "EC reset coming up...\n"); halt(); diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h index 0028e80b3c..ee6b30f6d5 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.h +++ b/src/security/tpm/tss/vendor/cr50/cr50.h @@ -72,9 +72,9 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state); * * Returns TPM_SUCCESS if TPM mode command completed, the Cr50 does not need a * reboot, and the tpm_mode parameter is set to the current TPM mode. - * Returns TPM_E_MUST_REBOOT if TPM mode command completed, but the Cr50 + * Returns TPM_CB_MUST_REBOOT if TPM mode command completed, but the Cr50 * requires a reboot. - * Returns TPM_E_NO_SUCH_COMMAND if the Cr50 does not support the command. + * Returns TPM_CB_NO_SUCH_COMMAND if the Cr50 does not support the command. * Other returns value indicate a failure accessing the TPM. */ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode); @@ -83,7 +83,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode); * CR50 specific TPM command sequence to query the current boot mode. * * Returns TPM_SUCCESS if boot mode is successfully retrieved. - * Returns TPM_E_* for errors. + * Returns TPM_* for errors. */ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode); @@ -99,7 +99,7 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms); /** * CR50 specific TPM command sequence to issue an EC reset. * - * Returns TPM_E_* for errors. + * Returns TPM_* for errors. * On Success, this function invokes halt() and does not return. */ uint32_t tlcl_cr50_reset_ec(void); diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h index b28210cb88..3545f04110 100644 --- a/src/security/tpm/tss_errors.h +++ b/src/security/tpm/tss_errors.h @@ -12,36 +12,49 @@ #include <stdint.h> -#define TPM_E_BASE 0x0 -#define TPM_E_NON_FATAL 0x800 - -#define TPM_SUCCESS ((uint32_t)0x00000000) -#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c) -#define TPM_E_BADINDEX ((uint32_t)0x00000002) -#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d) -#define TPM_E_IOERROR ((uint32_t)0x0000001f) -#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026) -#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048) -#define TPM_E_OWNER_SET ((uint32_t)0x00000014) - -#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1)) -#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2)) - -#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */ -#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */ -#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */ -#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */ -#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */ -#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */ -#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */ -#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */ -#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */ -#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */ -#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */ -#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */ -#define TPM_E_INVALID_ARG ((uint32_t)0x0000500c) -#define TPM_E_HASH_ERROR ((uint32_t)0x0000500d) -#define TPM_E_NO_SUCH_COMMAND ((uint32_t)0x0000500e) -#define TPM_E_RANGE ((uint32_t)0x0000500f) +typedef uint32_t tpm_result_t; +#define TPM_Vendor_Specific32 0x400 + +#define TPM_BASE 0x0 + +#define TPM_NON_FATAL 0x800 +#define TPM_CB_ERROR TPM_Vendor_Specific32 + +#define TPM_SUCCESS ((tpm_result_t) (TPM_BASE + 0x00)) +#define TPM_BADINDEX ((tpm_result_t) (TPM_BASE + 0x02)) +#define TPM_OWNER_SET ((tpm_result_t) (TPM_BASE + 0x14)) +#define TPM_IOERROR ((tpm_result_t) (TPM_BASE + 0x1F)) +#define TPM_INVALID_POSTINIT ((tpm_result_t) (TPM_BASE + 0x26)) +#define TPM_BAD_PRESENCE ((tpm_result_t) (TPM_BASE + 0x2D)) +#define TPM_AREA_LOCKED ((tpm_result_t) (TPM_BASE + 0x3C)) +#define TPM_MAXNVWRITES ((tpm_result_t) (TPM_BASE + 0x48)) + +#define TPM_NEEDS_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x01)) +#define TPM_DOING_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x02)) + +/* The following values are defind at the offset 0x480 which is a combination + * of the 32-bit vendor specific value from the TCG standard(0x400) and an + * offset of 0x80 to assist in identifying these return values when the 8-bit + * truncated value is used. + * + * Valid offset range is 128-255(0x80-0xFF) +*/ + +#define TPM_CB_ALREADY_INITIALIZED ((tpm_result_t) (TPM_CB_ERROR + 0x80)) +#define TPM_CB_INTERNAL_INCONSISTENCY ((tpm_result_t) (TPM_CB_ERROR + 0x81)) +#define TPM_CB_MUST_REBOOT ((tpm_result_t) (TPM_CB_ERROR + 0x82)) +#define TPM_CB_CORRUPTED_STATE ((tpm_result_t) (TPM_CB_ERROR + 0x83)) +#define TPM_CB_COMMUNICATION_ERROR ((tpm_result_t) (TPM_CB_ERROR + 0x84)) +#define TPM_CB_RESPONSE_TOO_LARGE ((tpm_result_t) (TPM_CB_ERROR + 0x85)) +#define TPM_CB_NO_DEVICE ((tpm_result_t) (TPM_CB_ERROR + 0x86)) +#define TPM_CB_INPUT_TOO_SMALL ((tpm_result_t) (TPM_CB_ERROR + 0x87)) +#define TPM_CB_WRITE_FAILURE ((tpm_result_t) (TPM_CB_ERROR + 0x88)) +#define TPM_CB_READ_EMPTY ((tpm_result_t) (TPM_CB_ERROR + 0x89)) +#define TPM_CB_READ_FAILURE ((tpm_result_t) (TPM_CB_ERROR + 0x8A)) +#define TPM_CB_NV_DEFINED ((tpm_result_t) (TPM_CB_ERROR + 0x8B)) +#define TPM_CB_INVALID_ARG ((tpm_result_t) (TPM_CB_ERROR + 0x8C)) +#define TPM_CB_HASH_ERROR ((tpm_result_t) (TPM_CB_ERROR + 0x8D)) +#define TPM_CB_NO_SUCH_COMMAND ((tpm_result_t) (TPM_CB_ERROR + 0x8E)) +#define TPM_CB_RANGE ((tpm_result_t) (TPM_CB_ERROR + 0x8F)) #endif /* TSS_ERRORS_H_ */ diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 27d16e1776..fdf98cc41c 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -46,7 +46,7 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx) if (perms != TPM_NV_PER_PPWRITE) { printk(BIOS_ERR, "TPM: invalid secdata_kernel permissions\n"); - return TPM_E_CORRUPTED_STATE; + return TPM_CB_CORRUPTED_STATE; } } @@ -55,7 +55,7 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx) /* Start with the version 1.0 size used by all modern Cr50/Ti50 boards. */ rc = tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size); - if (rc == TPM_E_RANGE) { + if (rc == TPM_CB_RANGE) { /* Fallback to version 0.2(minimum) size and re-read. */ VBDEBUG("Antirollback: NV read out of range, trying min size\n"); size = VB2_SECDATA_KERNEL_MIN_SIZE; @@ -210,11 +210,11 @@ static uint32_t define_space(const char *name, uint32_t index, uint32_t length, rc = tlcl_define_space(index, length, nv_attributes, nv_policy, nv_policy_size); - if (rc == TPM_E_NV_DEFINED) { + if (rc == TPM_CB_NV_DEFINED) { /* * Continue with writing: it may be defined, but not written * to. In that case a subsequent tlcl_read() would still return - * TPM_E_BADINDEX on TPM 2.0. The cases when some non-firmware + * TPM_BADINDEX on TPM 2.0. The cases when some non-firmware * space is defined while the firmware space is not there * should be rare (interrupted initialization), so no big harm * in writing once again even if it was written already. @@ -439,7 +439,7 @@ uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE, size); - return TPM_E_READ_FAILURE; + return TPM_CB_READ_FAILURE; } return read_space_mrc_hash(index, data); } @@ -453,11 +453,11 @@ uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE, size); - return TPM_E_WRITE_FAILURE; + return TPM_CB_WRITE_FAILURE; } rc = read_space_mrc_hash(index, spc_data); - if (rc == TPM_E_BADINDEX) { + if (rc == TPM_BADINDEX) { /* * If space is not defined already for hash, define * new space. @@ -489,7 +489,7 @@ uint32_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size) VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", VBIOS_CACHE_NV_INDEX, HASH_NV_SIZE, size); - return TPM_E_READ_FAILURE; + return TPM_CB_READ_FAILURE; } return read_space_vbios_hash(data); } @@ -503,11 +503,11 @@ uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size) VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", VBIOS_CACHE_NV_INDEX, HASH_NV_SIZE, size); - return TPM_E_WRITE_FAILURE; + return TPM_CB_WRITE_FAILURE; } rc = read_space_vbios_hash(spc_data); - if (rc == TPM_E_BADINDEX) { + if (rc == TPM_BADINDEX) { /* * If space is not defined already for hash, define * new space. @@ -535,7 +535,7 @@ uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size) static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) { uint32_t rc = tlcl_write(index, data, length); - if (rc == TPM_E_MAXNVWRITES) { + if (rc == TPM_MAXNVWRITES) { RETURN_ON_FAILURE(tpm_clear_and_reenable()); return tlcl_write(index, data, length); } else { @@ -552,7 +552,7 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size) { uint32_t rc = tlcl_define_space(index, perm, size); - if (rc == TPM_E_MAXNVWRITES) { + if (rc == TPM_MAXNVWRITES) { RETURN_ON_FAILURE(tpm_clear_and_reenable()); return tlcl_define_space(index, perm, size); } else { @@ -669,13 +669,13 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) uint32_t rc; rc = tlcl_read(FIRMWARE_NV_INDEX, ctx->secdata_firmware, VB2_SECDATA_FIRMWARE_SIZE); - if (rc == TPM_E_BADINDEX) { + if (rc == TPM_BADINDEX) { /* This seems the first time we've run. Initialize the TPM. */ VBDEBUG("TPM: Not initialized yet\n"); RETURN_ON_FAILURE(factory_initialize_tpm(ctx)); } else if (rc != TPM_SUCCESS) { printk(BIOS_ERR, "TPM: Failed to read firmware space: %#x\n", rc); - return TPM_E_CORRUPTED_STATE; + return TPM_CB_CORRUPTED_STATE; } return TPM_SUCCESS; diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index 1f86f87685..a2e9bb45cd 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -14,7 +14,7 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx) uint32_t rc; rc = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME); - if (rc == TPM_E_MUST_REBOOT) + if (rc == TPM_CB_MUST_REBOOT) ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT; return rc; diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 213ebcce99..69cfaf8047 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -214,7 +214,7 @@ static void check_boot_mode(struct vb2_context *ctx) rc = tlcl_cr50_get_boot_mode(&boot_mode); switch (rc) { - case TPM_E_NO_SUCH_COMMAND: + case TPM_CB_NO_SUCH_COMMAND: printk(BIOS_WARNING, "GSC does not support GET_BOOT_MODE.\n"); /* Proceed to legacy boot model. */ return; diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c index 5fe2060191..ac7ce4be8e 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.c +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -73,7 +73,7 @@ EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void) * @param[out] Pcrs The Pcr Selection * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR The command was unsuccessful. + * @retval TPM_IOERROR The command was unsuccessful. */ int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) { @@ -113,7 +113,7 @@ int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) * @param[in] eventLog description of the event. * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog) @@ -130,7 +130,7 @@ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLe } else { struct vb2_hash tmp; if (vb2_hash_calculate(false, hashData, hashDataLen, VB2_HASH_SHA256, &tmp)) - return TPM_E_IOERROR; + return TPM_IOERROR; memcpy(digest->digest.sha256, tmp.sha256, sizeof(tmp.sha256)); } @@ -225,7 +225,7 @@ void mboot_print_buffer(uint8_t *buffer, uint32_t bufferSize) * @param[in] event_msg description of the event. * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, TCG_EVENTTYPE eventType, const char *event_msg) @@ -268,7 +268,7 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, * @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. **/ __weak int mb_entry(int wake_from_s3) @@ -279,7 +279,7 @@ __weak int mb_entry(int wake_from_s3) printk(BIOS_DEBUG, "%s: tlcl_lib_init\n", __func__); if (tlcl_lib_init() != VB2_SUCCESS) { printk(BIOS_ERR, "%s: TPM driver initialization failed.\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } if (wake_from_s3) { @@ -312,7 +312,7 @@ __weak int mb_entry(int wake_from_s3) * @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ __weak int mb_measure(int wake_from_s3) @@ -355,7 +355,7 @@ __weak int mb_measure(int wake_from_s3) * @param[in] none * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ __weak int mb_measure_log_start(void) { @@ -365,7 +365,7 @@ __weak int mb_measure_log_start(void) if ((tpm2_get_active_pcrs() & EFI_TCG2_BOOT_HASH_ALG_SHA256) == 0x0) { printk(BIOS_DEBUG, "%s: SHA256 PCR Bank not active in TPM.\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } rc = mb_crtm(); @@ -412,7 +412,7 @@ static const uint8_t crtm_version[] = * function with the same name there. * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. **/ __weak int mb_crtm(void) { @@ -440,7 +440,7 @@ __weak int mb_crtm(void) rc = get_intel_me_hash(hash); if (rc) { printk(BIOS_DEBUG, "get_intel_me_hash returned 0x%x\n", rc); - rc = TPM_E_IOERROR; + rc = TPM_IOERROR; return rc; } diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 649adc285d..a8c6cb537b 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -113,7 +113,7 @@ fail: * @param[in] eventType Event type to use when logging * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ static int measure_item(uint32_t pcr, uint8_t *hashData, uint32_t hashDataLen, int8_t *event_msg, TCG_EVENTTYPE eventType) diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c index 155769f545..aea804f026 100644 --- a/src/vendorcode/google/chromeos/cr50_enable_update.c +++ b/src/vendorcode/google/chromeos/cr50_enable_update.c @@ -30,14 +30,14 @@ static int cr50_is_reset_needed(void) rc = tlcl_cr50_get_tpm_mode(&tpm_mode); - if (rc == TPM_E_NO_SUCH_COMMAND) { + if (rc == TPM_CB_NO_SUCH_COMMAND) { printk(BIOS_INFO, "Cr50 does not support TPM mode command\n"); /* Older Cr50 firmware, assume no Cr50 reset is required */ return 0; } - if (rc == TPM_E_MUST_REBOOT) { + if (rc == TPM_CB_MUST_REBOOT) { /* * Cr50 indicated a reboot is required to restore TPM * functionality. |