summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/mainboard/facebook/fbg1701/romstage.c6
-rw-r--r--src/security/tpm/tspi/tspi.c18
-rw-r--r--src/security/tpm/tss/tcg-1.2/tss.c10
-rw-r--r--src/security/tpm/tss/tcg-2.0/tss.c52
-rw-r--r--src/security/tpm/tss/vendor/cr50/cr50.c28
-rw-r--r--src/security/tpm/tss/vendor/cr50/cr50.h8
-rw-r--r--src/security/tpm/tss_errors.h75
-rw-r--r--src/security/vboot/secdata_tpm.c28
-rw-r--r--src/security/vboot/tpm_common.c2
-rw-r--r--src/security/vboot/vboot_logic.c2
-rw-r--r--src/vendorcode/eltan/security/mboot/mboot.c22
-rw-r--r--src/vendorcode/eltan/security/verified_boot/vboot_check.c2
-rw-r--r--src/vendorcode/google/chromeos/cr50_enable_update.c4
13 files changed, 135 insertions, 122 deletions
diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c
index 19cf867e79..c3d817b73b 100644
--- a/src/mainboard/facebook/fbg1701/romstage.c
+++ b/src/mainboard/facebook/fbg1701/romstage.c
@@ -63,8 +63,8 @@ void mainboard_after_memory_init(void)
*
* @param[in] activePcr bitmap of the support
*
- * @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_SUCCESS Operation completed successfully.
+ * @retval TPM_IOERROR Unexpected device behavior.
*/
static const uint8_t crtm_version[] =
@@ -73,7 +73,7 @@ static const uint8_t crtm_version[] =
int mb_crtm(void)
{
- int rc = TPM_E_IOERROR;
+ int rc = TPM_IOERROR;
TCG_PCR_EVENT2_HDR tcgEventHdr;
/* Use FirmwareVersion string to represent CRTM version. */
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 22383d4027..aee1cf4709 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -45,7 +45,7 @@ static uint32_t tpm1_invoke_state_machine(void)
}
deactivated = !deactivated;
- rc = TPM_E_MUST_REBOOT;
+ rc = TPM_CB_MUST_REBOOT;
}
return rc;
@@ -61,7 +61,7 @@ static uint32_t tpm_setup_s3_helper(void)
case TPM_SUCCESS:
break;
- case TPM_E_INVALID_POSTINIT:
+ case TPM_INVALID_POSTINIT:
/*
* We're on a platform where the TPM maintains power
* in S3, so it's already initialized.
@@ -151,7 +151,7 @@ uint32_t tpm_setup(int s3flag)
rc = tlcl_startup();
if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT)
- && rc == TPM_E_INVALID_POSTINIT) {
+ && rc == TPM_INVALID_POSTINIT) {
printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n");
rc = TPM_SUCCESS;
}
@@ -224,7 +224,7 @@ uint32_t tpm_extend_pcr(int pcr, enum vb2_hash_algorithm digest_algo,
uint32_t rc;
if (!digest)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
if (tspi_tpm_is_setup()) {
rc = tlcl_lib_init();
@@ -262,14 +262,14 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
struct vb2_digest_context ctx;
if (!rdev || !rname)
- return TPM_E_INVALID_ARG;
+ return TPM_CB_INVALID_ARG;
digest_len = vb2_digest_size(TPM_MEASURE_ALGO);
assert(digest_len <= sizeof(digest));
if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), TPM_MEASURE_ALGO,
region_device_sz(rdev))) {
printk(BIOS_ERR, "TPM: Error initializing hash.\n");
- return TPM_E_HASH_ERROR;
+ return TPM_CB_HASH_ERROR;
}
/*
* Though one can mmap the full needed region on x86 this is not the
@@ -281,16 +281,16 @@ uint32_t tpm_measure_region(const struct region_device *rdev, uint8_t pcr,
if (rdev_readat(rdev, buf, offset, len) < 0) {
printk(BIOS_ERR, "TPM: Not able to read region %s.\n",
rname);
- return TPM_E_READ_FAILURE;
+ return TPM_CB_READ_FAILURE;
}
if (vb2_digest_extend(&ctx, buf, len)) {
printk(BIOS_ERR, "TPM: Error extending hash.\n");
- return TPM_E_HASH_ERROR;
+ return TPM_CB_HASH_ERROR;
}
}
if (vb2_digest_finalize(&ctx, digest, digest_len)) {
printk(BIOS_ERR, "TPM: Error finalizing hash.\n");
- return TPM_E_HASH_ERROR;
+ return TPM_CB_HASH_ERROR;
}
return tpm_extend_pcr(pcr, TPM_MEASURE_ALGO, digest, digest_len, rname);
}
diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c
index 9c19f7f3cb..b6527a6482 100644
--- a/src/security/tpm/tss/tcg-1.2/tss.c
+++ b/src/security/tpm/tss/tcg-1.2/tss.c
@@ -108,7 +108,7 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
max_length);
/* If the command fails because the self test has not completed, try it
* again after attempting to ensure that the self test has completed. */
- if (rc == TPM_E_NEEDS_SELFTEST || rc == TPM_E_DOING_SELFTEST) {
+ if (rc == TPM_NEEDS_SELFTEST || rc == TPM_DOING_SELFTEST) {
rc = tlcl_continue_self_test();
if (rc != TPM_SUCCESS)
return rc;
@@ -125,7 +125,7 @@ uint32_t tlcl_send_receive(const uint8_t *request, uint8_t *response,
do {
rc = tlcl_send_receive_no_retry(request, response,
max_length);
- } while (rc == TPM_E_DOING_SELFTEST);
+ } while (rc == TPM_DOING_SELFTEST);
#endif
}
return rc;
@@ -238,7 +238,7 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength;
from_tpm_uint32(nv_read_cursor, &result_length);
if (result_length > length)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
nv_read_cursor += sizeof(uint32_t);
memcpy(data, nv_read_cursor, result_length);
}
@@ -301,7 +301,7 @@ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags)
return rc;
from_tpm_uint32(response + kTpmResponseHeaderLength, &size);
if (size != sizeof(TPM_PERMANENT_FLAGS))
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size),
sizeof(TPM_PERMANENT_FLAGS));
return rc;
@@ -338,7 +338,7 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
if (digest_algo != VB2_HASH_SHA1)
- return TPM_E_INVALID_ARG;
+ return TPM_CB_INVALID_ARG;
memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num);
diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c
index d228c7f6a8..5b9aab82bf 100644
--- a/src/security/tpm/tss/tcg-2.0/tss.c
+++ b/src/security/tpm/tss/tcg-2.0/tss.c
@@ -57,7 +57,7 @@ static uint32_t tlcl_send_startup(TPM_SU type)
/* IO error, tpm2_response pointer is empty. */
if (!response) {
printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
printk(BIOS_INFO, "%s: Startup return code is %x\n",
@@ -66,13 +66,13 @@ static uint32_t tlcl_send_startup(TPM_SU type)
switch (response->hdr.tpm_code) {
case TPM_RC_INITIALIZE:
/* TPM already initialized. */
- return TPM_E_INVALID_POSTINIT;
+ return TPM_INVALID_POSTINIT;
case TPM2_RC_SUCCESS:
return TPM_SUCCESS;
}
- /* Collapse any other errors into TPM_E_IOERROR. */
- return TPM_E_IOERROR;
+ /* Collapse any other errors into TPM_IOERROR. */
+ return TPM_IOERROR;
}
uint32_t tlcl_resume(void)
@@ -91,7 +91,7 @@ static uint32_t tlcl_send_shutdown(TPM_SU type)
/* IO error, tpm2_response pointer is empty. */
if (!response) {
printk(BIOS_ERR, "%s: TPM communication error\n", __func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
printk(BIOS_INFO, "%s: Shutdown return code is %x\n",
@@ -100,8 +100,8 @@ static uint32_t tlcl_send_shutdown(TPM_SU type)
if (response->hdr.tpm_code == TPM2_RC_SUCCESS)
return TPM_SUCCESS;
- /* Collapse any other errors into TPM_E_IOERROR. */
- return TPM_E_IOERROR;
+ /* Collapse any other errors into TPM_IOERROR. */
+ return TPM_IOERROR;
}
uint32_t tlcl_save_state(void)
@@ -144,7 +144,7 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
alg = tpmalg_from_vb2_hash(digest_type);
if (alg == TPM_ALG_ERROR)
- return TPM_E_HASH_ERROR;
+ return TPM_CB_HASH_ERROR;
pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num;
pcr_ext_cmd.digests.count = 1;
@@ -158,7 +158,7 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *digest_data,
printk(BIOS_INFO, "%s: response is %x\n",
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
return TPM_SUCCESS;
}
@@ -179,7 +179,7 @@ uint32_t tlcl_force_clear(void)
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
return TPM_SUCCESS;
}
@@ -196,7 +196,7 @@ uint32_t tlcl_clear_control(bool disable)
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
return TPM_SUCCESS;
}
@@ -244,7 +244,7 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
/* Need to map tpm error codes into internal values. */
if (!response)
- return TPM_E_READ_FAILURE;
+ return TPM_CB_READ_FAILURE;
printk(BIOS_INFO, "%s:%d index %#x return code %x\n",
__FILE__, __LINE__, index, response->hdr.tpm_code);
@@ -259,20 +259,20 @@ uint32_t tlcl_read(uint32_t index, void *data, uint32_t length)
* hasn't been defined.
*/
case TPM_RC_CR50_NV_UNDEFINED:
- return TPM_E_BADINDEX;
+ return TPM_BADINDEX;
case TPM_RC_NV_RANGE:
- return TPM_E_RANGE;
+ return TPM_CB_RANGE;
default:
- return TPM_E_READ_FAILURE;
+ return TPM_CB_READ_FAILURE;
}
if (length > response->nvr.buffer.t.size)
- return TPM_E_RESPONSE_TOO_LARGE;
+ return TPM_CB_RESPONSE_TOO_LARGE;
if (length < response->nvr.buffer.t.size)
- return TPM_E_READ_EMPTY;
+ return TPM_CB_READ_EMPTY;
memcpy(data, response->nvr.buffer.t.buffer, length);
@@ -306,7 +306,7 @@ uint32_t tlcl_lock_nv_write(uint32_t index)
__func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
return TPM_SUCCESS;
}
@@ -334,7 +334,7 @@ uint32_t tlcl_write(uint32_t index, const void *data, uint32_t length)
/* Need to map tpm error codes into internal values. */
if (!response || response->hdr.tpm_code)
- return TPM_E_WRITE_FAILURE;
+ return TPM_CB_WRITE_FAILURE;
return TPM_SUCCESS;
}
@@ -357,7 +357,7 @@ uint32_t tlcl_set_bits(uint32_t index, uint64_t bits)
/* Need to map tpm error codes into internal values. */
if (!response || response->hdr.tpm_code)
- return TPM_E_WRITE_FAILURE;
+ return TPM_CB_WRITE_FAILURE;
return TPM_SUCCESS;
}
@@ -392,16 +392,16 @@ uint32_t tlcl_define_space(uint32_t space_index, size_t space_size,
response ? response->hdr.tpm_code : -1);
if (!response)
- return TPM_E_NO_DEVICE;
+ return TPM_CB_NO_DEVICE;
/* Map TPM2 return codes into common vboot representation. */
switch (response->hdr.tpm_code) {
case TPM2_RC_SUCCESS:
return TPM_SUCCESS;
case TPM2_RC_NV_DEFINED:
- return TPM_E_NV_DEFINED;
+ return TPM_CB_NV_DEFINED;
default:
- return TPM_E_INTERNAL_INCONSISTENCY;
+ return TPM_CB_INTERNAL_INCONSISTENCY;
}
}
@@ -448,7 +448,7 @@ uint32_t tlcl_disable_platform_hierarchy(void)
response = tpm_process_command(TPM2_Hierarchy_Control, &hc);
if (!response || response->hdr.tpm_code)
- return TPM_E_INTERNAL_INCONSISTENCY;
+ return TPM_CB_INTERNAL_INCONSISTENCY;
return TPM_SUCCESS;
}
@@ -467,14 +467,14 @@ uint32_t tlcl_get_capability(TPM_CAP capability, uint32_t property,
if (property_count > 1) {
printk(BIOS_ERR, "%s: property_count more than one not "
"supported yet\n", __func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
response = tpm_process_command(TPM2_GetCapability, &cmd);
if (!response) {
printk(BIOS_ERR, "%s: Command Failed\n", __func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
memcpy(capability_data, &response->gc.cd, sizeof(TPMS_CAPABILITY_DATA));
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c
index 57d0b61a24..5dbf0148bb 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.c
+++ b/src/security/tpm/tss/vendor/cr50/cr50.c
@@ -24,7 +24,7 @@ uint32_t tlcl_cr50_enable_nvcommits(void)
response->hdr.tpm_code);
else
printk(BIOS_INFO, "%s: failed\n", __func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
return TPM_SUCCESS;
}
@@ -42,7 +42,7 @@ uint32_t tlcl_cr50_enable_update(uint16_t timeout_ms,
response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);
if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
*num_restored_headers = response->vcr.num_restored_headers;
return TPM_SUCCESS;
@@ -58,7 +58,7 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state)
response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);
if (!response || response->hdr.tpm_code)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
*recovery_button_state = response->vcr.recovery_button_state;
return TPM_SUCCESS;
@@ -75,7 +75,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode)
response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command);
if (!response)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
if (response->hdr.tpm_code == VENDOR_RC_INTERNAL_ERROR) {
/*
@@ -83,7 +83,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode)
* is disabled. The Cr50 requires a reboot to re-enable the key
* ladder.
*/
- return TPM_E_MUST_REBOOT;
+ return TPM_CB_MUST_REBOOT;
}
if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND ||
@@ -91,12 +91,12 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode)
/*
* Explicitly inform caller when command is not supported
*/
- return TPM_E_NO_SUCH_COMMAND;
+ return TPM_CB_NO_SUCH_COMMAND;
}
if (response->hdr.tpm_code) {
/* Unexpected return code from Cr50 */
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
/* TPM command completed without error */
@@ -115,16 +115,16 @@ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode)
response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command);
if (!response)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND ||
response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND)
/* Explicitly inform caller when command is not supported */
- return TPM_E_NO_SUCH_COMMAND;
+ return TPM_CB_NO_SUCH_COMMAND;
if (response->hdr.tpm_code)
/* Unexpected return code from Cr50 */
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
*boot_mode = response->vcr.boot_mode;
@@ -145,7 +145,7 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms)
&reset_command_body);
if (!response)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
return TPM_SUCCESS;
}
@@ -160,16 +160,16 @@ uint32_t tlcl_cr50_reset_ec(void)
response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &reset_cmd);
if (!response)
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND ||
response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND)
/* Explicitly inform caller when command is not supported */
- return TPM_E_NO_SUCH_COMMAND;
+ return TPM_CB_NO_SUCH_COMMAND;
if (response->hdr.tpm_code)
/* Unexpected return code from Cr50 */
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
printk(BIOS_DEBUG, "EC reset coming up...\n");
halt();
diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h
index 0028e80b3c..ee6b30f6d5 100644
--- a/src/security/tpm/tss/vendor/cr50/cr50.h
+++ b/src/security/tpm/tss/vendor/cr50/cr50.h
@@ -72,9 +72,9 @@ uint32_t tlcl_cr50_get_recovery_button(uint8_t *recovery_button_state);
*
* Returns TPM_SUCCESS if TPM mode command completed, the Cr50 does not need a
* reboot, and the tpm_mode parameter is set to the current TPM mode.
- * Returns TPM_E_MUST_REBOOT if TPM mode command completed, but the Cr50
+ * Returns TPM_CB_MUST_REBOOT if TPM mode command completed, but the Cr50
* requires a reboot.
- * Returns TPM_E_NO_SUCH_COMMAND if the Cr50 does not support the command.
+ * Returns TPM_CB_NO_SUCH_COMMAND if the Cr50 does not support the command.
* Other returns value indicate a failure accessing the TPM.
*/
uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode);
@@ -83,7 +83,7 @@ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode);
* CR50 specific TPM command sequence to query the current boot mode.
*
* Returns TPM_SUCCESS if boot mode is successfully retrieved.
- * Returns TPM_E_* for errors.
+ * Returns TPM_* for errors.
*/
uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
@@ -99,7 +99,7 @@ uint32_t tlcl_cr50_immediate_reset(uint16_t timeout_ms);
/**
* CR50 specific TPM command sequence to issue an EC reset.
*
- * Returns TPM_E_* for errors.
+ * Returns TPM_* for errors.
* On Success, this function invokes halt() and does not return.
*/
uint32_t tlcl_cr50_reset_ec(void);
diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h
index b28210cb88..3545f04110 100644
--- a/src/security/tpm/tss_errors.h
+++ b/src/security/tpm/tss_errors.h
@@ -12,36 +12,49 @@
#include <stdint.h>
-#define TPM_E_BASE 0x0
-#define TPM_E_NON_FATAL 0x800
-
-#define TPM_SUCCESS ((uint32_t)0x00000000)
-#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c)
-#define TPM_E_BADINDEX ((uint32_t)0x00000002)
-#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d)
-#define TPM_E_IOERROR ((uint32_t)0x0000001f)
-#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026)
-#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048)
-#define TPM_E_OWNER_SET ((uint32_t)0x00000014)
-
-#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1))
-#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2))
-
-#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */
-#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */
-#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */
-#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */
-#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */
-#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */
-#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */
-#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */
-#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */
-#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */
-#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */
-#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */
-#define TPM_E_INVALID_ARG ((uint32_t)0x0000500c)
-#define TPM_E_HASH_ERROR ((uint32_t)0x0000500d)
-#define TPM_E_NO_SUCH_COMMAND ((uint32_t)0x0000500e)
-#define TPM_E_RANGE ((uint32_t)0x0000500f)
+typedef uint32_t tpm_result_t;
+#define TPM_Vendor_Specific32 0x400
+
+#define TPM_BASE 0x0
+
+#define TPM_NON_FATAL 0x800
+#define TPM_CB_ERROR TPM_Vendor_Specific32
+
+#define TPM_SUCCESS ((tpm_result_t) (TPM_BASE + 0x00))
+#define TPM_BADINDEX ((tpm_result_t) (TPM_BASE + 0x02))
+#define TPM_OWNER_SET ((tpm_result_t) (TPM_BASE + 0x14))
+#define TPM_IOERROR ((tpm_result_t) (TPM_BASE + 0x1F))
+#define TPM_INVALID_POSTINIT ((tpm_result_t) (TPM_BASE + 0x26))
+#define TPM_BAD_PRESENCE ((tpm_result_t) (TPM_BASE + 0x2D))
+#define TPM_AREA_LOCKED ((tpm_result_t) (TPM_BASE + 0x3C))
+#define TPM_MAXNVWRITES ((tpm_result_t) (TPM_BASE + 0x48))
+
+#define TPM_NEEDS_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x01))
+#define TPM_DOING_SELFTEST ((tpm_result_t) (TPM_NON_FATAL + 0x02))
+
+/* The following values are defind at the offset 0x480 which is a combination
+ * of the 32-bit vendor specific value from the TCG standard(0x400) and an
+ * offset of 0x80 to assist in identifying these return values when the 8-bit
+ * truncated value is used.
+ *
+ * Valid offset range is 128-255(0x80-0xFF)
+*/
+
+#define TPM_CB_ALREADY_INITIALIZED ((tpm_result_t) (TPM_CB_ERROR + 0x80))
+#define TPM_CB_INTERNAL_INCONSISTENCY ((tpm_result_t) (TPM_CB_ERROR + 0x81))
+#define TPM_CB_MUST_REBOOT ((tpm_result_t) (TPM_CB_ERROR + 0x82))
+#define TPM_CB_CORRUPTED_STATE ((tpm_result_t) (TPM_CB_ERROR + 0x83))
+#define TPM_CB_COMMUNICATION_ERROR ((tpm_result_t) (TPM_CB_ERROR + 0x84))
+#define TPM_CB_RESPONSE_TOO_LARGE ((tpm_result_t) (TPM_CB_ERROR + 0x85))
+#define TPM_CB_NO_DEVICE ((tpm_result_t) (TPM_CB_ERROR + 0x86))
+#define TPM_CB_INPUT_TOO_SMALL ((tpm_result_t) (TPM_CB_ERROR + 0x87))
+#define TPM_CB_WRITE_FAILURE ((tpm_result_t) (TPM_CB_ERROR + 0x88))
+#define TPM_CB_READ_EMPTY ((tpm_result_t) (TPM_CB_ERROR + 0x89))
+#define TPM_CB_READ_FAILURE ((tpm_result_t) (TPM_CB_ERROR + 0x8A))
+#define TPM_CB_NV_DEFINED ((tpm_result_t) (TPM_CB_ERROR + 0x8B))
+#define TPM_CB_INVALID_ARG ((tpm_result_t) (TPM_CB_ERROR + 0x8C))
+#define TPM_CB_HASH_ERROR ((tpm_result_t) (TPM_CB_ERROR + 0x8D))
+#define TPM_CB_NO_SUCH_COMMAND ((tpm_result_t) (TPM_CB_ERROR + 0x8E))
+#define TPM_CB_RANGE ((tpm_result_t) (TPM_CB_ERROR + 0x8F))
#endif /* TSS_ERRORS_H_ */
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 27d16e1776..fdf98cc41c 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -46,7 +46,7 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
if (perms != TPM_NV_PER_PPWRITE) {
printk(BIOS_ERR,
"TPM: invalid secdata_kernel permissions\n");
- return TPM_E_CORRUPTED_STATE;
+ return TPM_CB_CORRUPTED_STATE;
}
}
@@ -55,7 +55,7 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
/* Start with the version 1.0 size used by all modern Cr50/Ti50 boards. */
rc = tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
- if (rc == TPM_E_RANGE) {
+ if (rc == TPM_CB_RANGE) {
/* Fallback to version 0.2(minimum) size and re-read. */
VBDEBUG("Antirollback: NV read out of range, trying min size\n");
size = VB2_SECDATA_KERNEL_MIN_SIZE;
@@ -210,11 +210,11 @@ static uint32_t define_space(const char *name, uint32_t index, uint32_t length,
rc = tlcl_define_space(index, length, nv_attributes, nv_policy,
nv_policy_size);
- if (rc == TPM_E_NV_DEFINED) {
+ if (rc == TPM_CB_NV_DEFINED) {
/*
* Continue with writing: it may be defined, but not written
* to. In that case a subsequent tlcl_read() would still return
- * TPM_E_BADINDEX on TPM 2.0. The cases when some non-firmware
+ * TPM_BADINDEX on TPM 2.0. The cases when some non-firmware
* space is defined while the firmware space is not there
* should be rare (interrupted initialization), so no big harm
* in writing once again even if it was written already.
@@ -439,7 +439,7 @@ uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_
VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
"(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
size);
- return TPM_E_READ_FAILURE;
+ return TPM_CB_READ_FAILURE;
}
return read_space_mrc_hash(index, data);
}
@@ -453,11 +453,11 @@ uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data,
VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
"(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
size);
- return TPM_E_WRITE_FAILURE;
+ return TPM_CB_WRITE_FAILURE;
}
rc = read_space_mrc_hash(index, spc_data);
- if (rc == TPM_E_BADINDEX) {
+ if (rc == TPM_BADINDEX) {
/*
* If space is not defined already for hash, define
* new space.
@@ -489,7 +489,7 @@ uint32_t antirollback_read_space_vbios_hash(uint8_t *data, uint32_t size)
VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
"(Expected=0x%x Actual=0x%x).\n", VBIOS_CACHE_NV_INDEX, HASH_NV_SIZE,
size);
- return TPM_E_READ_FAILURE;
+ return TPM_CB_READ_FAILURE;
}
return read_space_vbios_hash(data);
}
@@ -503,11 +503,11 @@ uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
"(Expected=0x%x Actual=0x%x).\n", VBIOS_CACHE_NV_INDEX, HASH_NV_SIZE,
size);
- return TPM_E_WRITE_FAILURE;
+ return TPM_CB_WRITE_FAILURE;
}
rc = read_space_vbios_hash(spc_data);
- if (rc == TPM_E_BADINDEX) {
+ if (rc == TPM_BADINDEX) {
/*
* If space is not defined already for hash, define
* new space.
@@ -535,7 +535,7 @@ uint32_t antirollback_write_space_vbios_hash(const uint8_t *data, uint32_t size)
static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
{
uint32_t rc = tlcl_write(index, data, length);
- if (rc == TPM_E_MAXNVWRITES) {
+ if (rc == TPM_MAXNVWRITES) {
RETURN_ON_FAILURE(tpm_clear_and_reenable());
return tlcl_write(index, data, length);
} else {
@@ -552,7 +552,7 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
{
uint32_t rc = tlcl_define_space(index, perm, size);
- if (rc == TPM_E_MAXNVWRITES) {
+ if (rc == TPM_MAXNVWRITES) {
RETURN_ON_FAILURE(tpm_clear_and_reenable());
return tlcl_define_space(index, perm, size);
} else {
@@ -669,13 +669,13 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx)
uint32_t rc;
rc = tlcl_read(FIRMWARE_NV_INDEX, ctx->secdata_firmware, VB2_SECDATA_FIRMWARE_SIZE);
- if (rc == TPM_E_BADINDEX) {
+ if (rc == TPM_BADINDEX) {
/* This seems the first time we've run. Initialize the TPM. */
VBDEBUG("TPM: Not initialized yet\n");
RETURN_ON_FAILURE(factory_initialize_tpm(ctx));
} else if (rc != TPM_SUCCESS) {
printk(BIOS_ERR, "TPM: Failed to read firmware space: %#x\n", rc);
- return TPM_E_CORRUPTED_STATE;
+ return TPM_CB_CORRUPTED_STATE;
}
return TPM_SUCCESS;
diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c
index 1f86f87685..a2e9bb45cd 100644
--- a/src/security/vboot/tpm_common.c
+++ b/src/security/vboot/tpm_common.c
@@ -14,7 +14,7 @@ uint32_t vboot_setup_tpm(struct vb2_context *ctx)
uint32_t rc;
rc = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME);
- if (rc == TPM_E_MUST_REBOOT)
+ if (rc == TPM_CB_MUST_REBOOT)
ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
return rc;
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index 213ebcce99..69cfaf8047 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c
@@ -214,7 +214,7 @@ static void check_boot_mode(struct vb2_context *ctx)
rc = tlcl_cr50_get_boot_mode(&boot_mode);
switch (rc) {
- case TPM_E_NO_SUCH_COMMAND:
+ case TPM_CB_NO_SUCH_COMMAND:
printk(BIOS_WARNING, "GSC does not support GET_BOOT_MODE.\n");
/* Proceed to legacy boot model. */
return;
diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c
index 5fe2060191..ac7ce4be8e 100644
--- a/src/vendorcode/eltan/security/mboot/mboot.c
+++ b/src/vendorcode/eltan/security/mboot/mboot.c
@@ -73,7 +73,7 @@ EFI_TCG2_EVENT_ALGORITHM_BITMAP tpm2_get_active_pcrs(void)
* @param[out] Pcrs The Pcr Selection
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR The command was unsuccessful.
+ * @retval TPM_IOERROR The command was unsuccessful.
*/
int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs)
{
@@ -113,7 +113,7 @@ int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs)
* @param[in] eventLog description of the event.
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
*/
int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen,
TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog)
@@ -130,7 +130,7 @@ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLe
} else {
struct vb2_hash tmp;
if (vb2_hash_calculate(false, hashData, hashDataLen, VB2_HASH_SHA256, &tmp))
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
memcpy(digest->digest.sha256, tmp.sha256, sizeof(tmp.sha256));
}
@@ -225,7 +225,7 @@ void mboot_print_buffer(uint8_t *buffer, uint32_t bufferSize)
* @param[in] event_msg description of the event.
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
*/
int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr,
TCG_EVENTTYPE eventType, const char *event_msg)
@@ -268,7 +268,7 @@ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr,
* @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
**/
__weak int mb_entry(int wake_from_s3)
@@ -279,7 +279,7 @@ __weak int mb_entry(int wake_from_s3)
printk(BIOS_DEBUG, "%s: tlcl_lib_init\n", __func__);
if (tlcl_lib_init() != VB2_SUCCESS) {
printk(BIOS_ERR, "%s: TPM driver initialization failed.\n", __func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
if (wake_from_s3) {
@@ -312,7 +312,7 @@ __weak int mb_entry(int wake_from_s3)
* @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
*/
__weak int mb_measure(int wake_from_s3)
@@ -355,7 +355,7 @@ __weak int mb_measure(int wake_from_s3)
* @param[in] none
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
*/
__weak int mb_measure_log_start(void)
{
@@ -365,7 +365,7 @@ __weak int mb_measure_log_start(void)
if ((tpm2_get_active_pcrs() & EFI_TCG2_BOOT_HASH_ALG_SHA256) == 0x0) {
printk(BIOS_DEBUG, "%s: SHA256 PCR Bank not active in TPM.\n",
__func__);
- return TPM_E_IOERROR;
+ return TPM_IOERROR;
}
rc = mb_crtm();
@@ -412,7 +412,7 @@ static const uint8_t crtm_version[] =
* function with the same name there.
*
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
**/
__weak int mb_crtm(void)
{
@@ -440,7 +440,7 @@ __weak int mb_crtm(void)
rc = get_intel_me_hash(hash);
if (rc) {
printk(BIOS_DEBUG, "get_intel_me_hash returned 0x%x\n", rc);
- rc = TPM_E_IOERROR;
+ rc = TPM_IOERROR;
return rc;
}
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
index 649adc285d..a8c6cb537b 100644
--- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c
+++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c
@@ -113,7 +113,7 @@ fail:
* @param[in] eventType Event type to use when logging
* @retval TPM_SUCCESS Operation completed successfully.
- * @retval TPM_E_IOERROR Unexpected device behavior.
+ * @retval TPM_IOERROR Unexpected device behavior.
*/
static int measure_item(uint32_t pcr, uint8_t *hashData, uint32_t hashDataLen,
int8_t *event_msg, TCG_EVENTTYPE eventType)
diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c
index 155769f545..aea804f026 100644
--- a/src/vendorcode/google/chromeos/cr50_enable_update.c
+++ b/src/vendorcode/google/chromeos/cr50_enable_update.c
@@ -30,14 +30,14 @@ static int cr50_is_reset_needed(void)
rc = tlcl_cr50_get_tpm_mode(&tpm_mode);
- if (rc == TPM_E_NO_SUCH_COMMAND) {
+ if (rc == TPM_CB_NO_SUCH_COMMAND) {
printk(BIOS_INFO,
"Cr50 does not support TPM mode command\n");
/* Older Cr50 firmware, assume no Cr50 reset is required */
return 0;
}
- if (rc == TPM_E_MUST_REBOOT) {
+ if (rc == TPM_CB_MUST_REBOOT) {
/*
* Cr50 indicated a reboot is required to restore TPM
* functionality.