[coreboot-gerrit] Change in coreboot[master]: security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup

17 Oct 2019

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/36027 )
Change subject: security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup
......................................................................
security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup
There are use cases where TPM has already been set up in a previous
stage, e.g. TXT or when a CPU reset without a platform reset happens.
If this is the case the TPM startup will return a
INVALID_POSTINIT (return code 0x26). This adds a Kconfig to allow
platforms to disregard that return code.
Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd
Signed-off-by: Arthur Heymans arthur@aheymans.xyz
Reviewed-on: https://review.coreboot.org/c/coreboot/+/36027
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net
Reviewed-by: Julius Werner jwerner@chromium.org
---
M src/security/tpm/Kconfig
M src/security/tpm/tspi/tspi.c
2 files changed, 14 insertions(+), 0 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Paul Menzel: Looks good to me, but someone else must approve
  Julius Werner: Looks good to me, approved

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 3af6d69..95c0bb9 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig
@@ -93,4 +93,13 @@
      to work around a race-condition-related issue, possibly
      caused by ill-programmed TPM firmware.
+config TPM_STARTUP_IGNORE_POSTINIT
+	bool
+	help
+	  Select this to ignore POSTINIT INVALID return codes on TPM
+	  startup. This is useful on platforms where a previous stage
+	  issued a TPM startup. Examples of use cases are Intel TXT
+	  or VBOOT on the Intel Nehalem northbridge which issues a
+	  CPU-only reset during the romstage.
+
 endmenu # Trusted Platform Module (tpm)
diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c
index 4698a4d..966b8b7 100644
--- a/src/security/tpm/tspi/tspi.c
+++ b/src/security/tpm/tspi/tspi.c
@@ -141,6 +141,11 @@
    }
result = tlcl_startup();
+	if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT)
+	    && result == TPM_E_INVALID_POSTINIT) {
+		printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n");
+		result = TPM_SUCCESS;
+	}
    if (result != TPM_SUCCESS) {
    	printk(BIOS_ERR, "TPM: Can't run startup command.\n");
    	return tpm_setup_epilogue(result);
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/36027
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I238b30866f78608c414de877b05a73cf8fdb9bbd
Gerrit-Change-Number: 36027
Gerrit-PatchSet: 9
Gerrit-Owner: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Furquan Shaikh furquan@google.com
Gerrit-Reviewer: Joel Kitching kitching@google.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Naresh Solanki naresh.solanki@intel.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: security/tpm: Add a Kconfig to disregard INVALID_POSTINIT on startup