2 files changed, 72 insertions, 0 deletions

diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc
index 22352ef243..9d87f6eae3 100644
--- a/src/vendorcode/google/chromeos/Makefile.inc
+++ b/src/vendorcode/google/chromeos/Makefile.inc
@@ -22,6 +22,7 @@ ramstage-y += vpd_decode.c cros_vpd.c vpd_mac.c vpd_serialno.c vpd_calibration.c
 ramstage-$(CONFIG_CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME) += tpm2.c
 ramstage-$(CONFIG_HAVE_REGULATORY_DOMAIN) += wrdd.c
 ramstage-$(CONFIG_USE_SAR) += sar.c
+ramstage-$(CONFIG_MAINBOARD_HAS_TPM_CR50) += cr50_enable_update.c
 ifeq ($(CONFIG_ARCH_MIPS),)
 bootblock-y += watchdog.c
 ramstage-y += watchdog.c
diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c
new file mode 100644
index 0000000000..e962f194cd
--- /dev/null
+++ b/src/vendorcode/google/chromeos/cr50_enable_update.c
@@ -0,0 +1,71 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2017 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <bootstate.h>
+#include <console/console.h>
+#include <ec/google/chromeec/ec.h>
+#include <elog.h>
+#include <halt.h>
+#include <tpm_lite/tlcl.h>
+#include <vb2_api.h>
+#include <vboot/vboot_common.h>
+
+static void enable_update(void *unused)
+{
+	int ret;
+	uint8_t num_restored_headers;
+
+	/* Nothing to do on recovery mode. */
+	if (vboot_recovery_mode_enabled())
+		return;
+
+	ret = tlcl_lib_init();
+
+	if (ret != VB2_SUCCESS) {
+		printk(BIOS_ERR, "tlcl_lib_init() failed for CR50 update: %x\n",
+			ret);
+		return;
+	}
+
+	/* Reboot in 1000 ms if necessary. */
+	ret = tlcl_cr50_enable_update(1000, &num_restored_headers);
+
+	if (ret != TPM_SUCCESS) {
+		printk(BIOS_ERR, "Attempt to enable CR50 update failed: %x\n",
+			ret);
+		return;
+	}
+
+	/* If no headers were restored there is no reset forthcoming. */
+	if (!num_restored_headers)
+		return;
+
+	elog_add_event(ELOG_TYPE_CR50_UPDATE);
+
+	/* clear current post code avoid chatty eventlog on subsequent boot*/
+	post_code(0);
+
+	printk(BIOS_INFO, "Waiting for CR50 reset to pick up update.\n");
+
+	if (IS_ENABLED(CONFIG_POWER_OFF_ON_CR50_UPDATE)) {
+		if (IS_ENABLED(CONFIG_EC_GOOGLE_CHROMEEC))
+			google_chromeec_reboot(0, EC_REBOOT_HIBERNATE,
+				EC_REBOOT_FLAG_ON_AP_SHUTDOWN);
+		poweroff();
+	}
+	halt();
+}
+BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_ENTRY, enable_update, NULL);
+