From 3f5de1c8f43b380dabb09bf10e3cea5b536a5856 Mon Sep 17 00:00:00 2001 From: Jett Rink Date: Fri, 10 Jul 2020 12:10:35 -0600 Subject: security/vboot: ensure that NVMEM is saved on every kernel space write If the AP actually needs to write to the TPM, then it is important and the TPM should commit those changes to NVMEM immediately in case there is an unexpected power loss (e.g. from a USB-C port partner reset upon cold reboot request). BRANCH=none BUG=b:160913048 TEST=Verify that puff will no longer reboot loop when coreboot writes a new Hmir (Hash mirror) in the TPM Change-Id: I9597a55891d11bdf040d70f38b4c5a59c7888b8a Signed-off-by: Jett Rink Reviewed-on: https://review.coreboot.org/c/coreboot/+/43414 Reviewed-by: Angel Pons Tested-by: build bot (Jenkins) --- src/security/vboot/secdata_tpm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/security/vboot') diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index dcb3c44d73..691d2c0e96 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -404,6 +404,16 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx) uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE; vb2api_secdata_kernel_check(ctx, &size); + /* + * Ensure that the TPM actually commits our changes to NVMEN in case + * there is a power loss or other unexpected event. The AP does not + * write to the TPM during normal boot flow; it only writes during + * recovery, software sync, or other special boot flows. When the AP + * wants to write, it is imporant to actually commit changes. + */ + if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA)) + tlcl_cr50_enable_nvcommits(); + return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size); } -- cgit v1.2.3