1 files changed, 41 insertions, 70 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 0304b923fb..65d9c83a34 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -71,6 +71,8 @@ uint32_t antirollback_read_space_kernel(struct vb2_context *ctx)
 	return TPM_SUCCESS;
 }
 
+#if CONFIG(TPM2)
+
 static uint32_t read_space_mrc_hash(uint32_t index, uint8_t *data)
 {
 	RETURN_ON_FAILURE(tlcl_read(index, data,
@@ -85,7 +87,6 @@ static uint32_t read_space_mrc_hash(uint32_t index, uint8_t *data)
  */
 static const uint8_t mrc_hash_data[HASH_NV_SIZE] = { };
 
-#if CONFIG(TPM2)
 /*
  * Different sets of NVRAM space attributes apply to the "ro" spaces,
  * i.e. those which should not be possible to delete or modify once
@@ -208,6 +209,45 @@ uint32_t antirollback_lock_space_firmware(void)
 	return tlcl_lock_nv_write(FIRMWARE_NV_INDEX);
 }
 
+uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
+{
+	if (size != HASH_NV_SIZE) {
+		VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
+			"(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
+			size);
+		return TPM_E_READ_FAILURE;
+	}
+	return read_space_mrc_hash(index, data);
+}
+
+uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
+{
+	uint8_t spc_data[HASH_NV_SIZE];
+	uint32_t rv;
+
+	if (size != HASH_NV_SIZE) {
+		VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
+			"(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
+			size);
+		return TPM_E_WRITE_FAILURE;
+	}
+
+	rv = read_space_mrc_hash(index, spc_data);
+	if (rv == TPM_E_BADINDEX) {
+		/*
+		 * If space is not defined already for hash, define
+		 * new space.
+		 */
+		VBDEBUG("TPM: Initializing hash space.\n");
+		return set_mrc_hash_space(index, data);
+	}
+
+	if (rv != TPM_SUCCESS)
+		return rv;
+
+	return safe_write(index, data, size);
+}
+
 uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
 {
 	return tlcl_lock_nv_write(index);
@@ -250,18 +290,6 @@ static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size)
 	}
 }
 
-static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
-{
-	RETURN_ON_FAILURE(safe_define_space(index,
-					    TPM_NV_PER_GLOBALLOCK |
-					    TPM_NV_PER_PPWRITE,
-					    HASH_NV_SIZE));
-	RETURN_ON_FAILURE(safe_write(index, data,
-				     HASH_NV_SIZE));
-
-	return TPM_SUCCESS;
-}
-
 static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 {
 	TPM_PERMANENT_FLAGS pflags;
@@ -316,16 +344,6 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 				     ctx->secdata_firmware,
 					VB2_SECDATA_FIRMWARE_SIZE));
 
-	/*
-	 * Define and set rec hash space, if available.  No need to
-	 * create the RW hash space because we will definitely boot
-	 * once in normal mode before shipping, meaning that the space
-	 * will get created with correct permissions while still in in
-	 * our hands.
-	 */
-	if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
-		RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
-
 	return TPM_SUCCESS;
 }
 
@@ -334,14 +352,6 @@ uint32_t antirollback_lock_space_firmware(void)
 	return tlcl_set_global_lock();
 }
 
-uint32_t antirollback_lock_space_mrc_hash(uint32_t index)
-{
-	/*
-	 * Nothing needs to be done here, since global lock is already set while
-	 * locking firmware space.
-	 */
-	return TPM_SUCCESS;
-}
 #endif
 
 /**
@@ -434,45 +444,6 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx)
 	return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size);
 }
 
-uint32_t antirollback_read_space_mrc_hash(uint32_t index, uint8_t *data, uint32_t size)
-{
-	if (size != HASH_NV_SIZE) {
-		VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
-			"(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
-			size);
-		return TPM_E_READ_FAILURE;
-	}
-	return read_space_mrc_hash(index, data);
-}
-
-uint32_t antirollback_write_space_mrc_hash(uint32_t index, const uint8_t *data, uint32_t size)
-{
-	uint8_t spc_data[HASH_NV_SIZE];
-	uint32_t rv;
-
-	if (size != HASH_NV_SIZE) {
-		VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. "
-			"(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE,
-			size);
-		return TPM_E_WRITE_FAILURE;
-	}
-
-	rv = read_space_mrc_hash(index, spc_data);
-	if (rv == TPM_E_BADINDEX) {
-		/*
-		 * If space is not defined already for hash, define
-		 * new space.
-		 */
-		VBDEBUG("TPM: Initializing hash space.\n");
-		return set_mrc_hash_space(index, data);
-	}
-
-	if (rv != TPM_SUCCESS)
-		return rv;
-
-	return safe_write(index, data, size);
-}
-
 vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx)
 {
 	uint32_t rv;