<p>Vadim Bendebury has uploaded this change for <strong>review</strong>.</p><p><a href="https://review.coreboot.org/20299">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">cr50: process uninitialized values gracefully<br><br>The vboot code tries reading rollback protection indices from the TPM,<br>and if the attempt to read returns TPM_E_BADINDEX, it decides that the<br>TPM has not yet been initialized for the Chromebook use, and needs to<br>be taken through the factory initialization sequence.<br><br>TPM_E_BADINDEX is an internal representation of the TPM error 0x28b,<br>generated on attempts to read a non existing NVMEM space.<br><br>If the space exists, but has never been written the TPM returns error<br>0x14a. This condition (the space exists but not written) could happen<br>if the previous factory initialization attempt was interrupted right<br>after the space was created.<br><br>Let's map this error to the same internal representation<br>(TPM_E_BADINDEX) so that the Chrome OS device could recover when this<br>condition occurs.<br><br>BRANCH=reef, gru<br>BUG=b:37443842<br>TEST=verified that the Pyro device stuck in TPM error state recovered<br> when this patch was applied.<br><br>Change-Id: I6ff976c839efcd23ae26cef3ee428e7ae02e68f8<br>Signed-off-by: Vadim Bendebury <vbendeb@chromium.org><br>---<br>M src/lib/tpm2_tlcl.c<br>1 file changed, 2 insertions(+), 1 deletion(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/20299/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c<br>index 754f835..fe83bb5 100644<br>--- a/src/lib/tpm2_tlcl.c<br>+++ b/src/lib/tpm2_tlcl.c<br>@@ -210,7 +210,8 @@<br> case 0:<br> break;<br> <br>- case 0x28b:<br>+ case 0x14a: /* Uninitialized, set if the space hasn't been written. */<br>+ case 0x28b: /* Bad index, set if the space hasn't been defined. */<br> return TPM_E_BADINDEX;<br> <br> default:<br></pre><p>To view, visit <a href="https://review.coreboot.org/20299">change 20299</a>. To unsubscribe, visit <a href="https://review.coreboot.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://review.coreboot.org/20299"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: coreboot </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I6ff976c839efcd23ae26cef3ee428e7ae02e68f8 </div>
<div style="display:none"> Gerrit-Change-Number: 20299 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Vadim Bendebury <vbendeb@chromium.org> </div>