summaryrefslogtreecommitdiff
path: root/src/security/vboot
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/vboot')
-rw-r--r--src/security/vboot/secdata_tpm.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index a95e7d10a5..0bc4f839fe 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -58,16 +58,22 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
}
}
- uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE;
-
- RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel,
- size));
+ uint8_t size = VB2_SECDATA_KERNEL_SIZE;
+ uint32_t ret;
+
+ /* Start with the version 1.0 size used by all modern cr50-boards. */
+ ret = tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
+ if (ret == TPM_E_RANGE) {
+ /* Fallback to version 0.2(minimum) size and re-read. */
+ VBDEBUG("Antirollback: NV read out of range, trying min size\n");
+ size = VB2_SECDATA_KERNEL_MIN_SIZE;
+ ret = tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
+ }
+ RETURN_ON_FAILURE(ret);
- if (vb2api_secdata_kernel_check(ctx, &size)
- == VB2_ERROR_SECDATA_KERNEL_INCOMPLETE)
+ if (vb2api_secdata_kernel_check(ctx, &size) == VB2_ERROR_SECDATA_KERNEL_INCOMPLETE)
/* Re-read. vboot will run the check and handle errors. */
- RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX,
- ctx->secdata_kernel, size));
+ RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size));
return TPM_SUCCESS;
}