From adfbbde7c99a13ba69abf1e7123453f4db513e53 Mon Sep 17 00:00:00 2001
From: Vadim Bendebury <vbendeb@chromium.org>
Date: Sun, 3 Jul 2016 15:56:41 -0700
Subject: tpm2: add tlcl_force_clear and use it before factory init

tlcl_force_clear() needs to be issued each time when the device mode
switches between normal/development/recovery.

This patch adds command implementation using TPM_Clear TPM2 command,
and also invokes it before factory initialization.

BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that TPM_Clear command succeeds at factory startup and
     the boot proceeds normally.

Change-Id: Ia431390870cbe448bc1b6f1755ed17953be9bdf1
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 347ff17b97da45fa4df547ff32f9dd2c8972cefd
Original-Change-Id: I2a0e62527ad46f9dd060afe5e75c7e4d56752849
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358095
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15636
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
---
 src/lib/tpm2_tlcl.c                                  | 10 +++++++++-
 src/vendorcode/google/chromeos/vboot2/antirollback.c |  1 +
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c
index 8412ed0784..ec20ca9446 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@@ -81,7 +81,15 @@ uint32_t tlcl_finalize_physical_presence(void)
 
 uint32_t tlcl_force_clear(void)
 {
-	printk(BIOS_INFO, "%s:%s:%d\n", __FILE__, __func__, __LINE__);
+	struct tpm2_response *response;
+
+	response = tpm_process_command(TPM2_Clear, NULL);
+	printk(BIOS_INFO, "%s: response is %x\n",
+	       __func__, response ? response->hdr.tpm_code : -1);
+
+	if (!response || response->hdr.tpm_code)
+		return TPM_E_IOERROR;
+
 	return TPM_SUCCESS;
 }
 
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index bce2ca118a..5b738c4897 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -145,6 +145,7 @@ static uint32_t set_kernel_space(const void *kernel_blob)
 
 static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 {
+	RETURN_ON_FAILURE(tlcl_force_clear());
 	RETURN_ON_FAILURE(set_firmware_space(ctx->secdata));
 	RETURN_ON_FAILURE(set_kernel_space(secdata_kernel));
 	return TPM_SUCCESS;
-- 
cgit v1.2.3