Joel Kitching has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/40359 )
Change subject: vboot/secdata: remove retries, readback, and CRC check ......................................................................
vboot/secdata: remove retries, readback, and CRC check
Depthcharge trusts that our TPM interface is working reliably, and so should we. Also remove CRC check -- the value returned by antirollback_read_space_firmware() is dropped in vboot_logic.c verstage_main(), and vboot handles this check internally.
BUG=b:124141368, chromium:972956 TEST=make clean && make test-abuild BRANCH=none
Change-Id: I5d3f3823fca8507fd58087bb0f7b78cfa49417ab Signed-off-by: Joel Kitching kitching@google.com --- M src/security/vboot/secdata_tpm.c 1 file changed, 6 insertions(+), 42 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/40359/1
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 87c33a5..4ca42ba 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -60,21 +60,10 @@
static uint32_t read_space_firmware(struct vb2_context *ctx) { - int attempts = 3; - - while (attempts--) { - RETURN_ON_FAILURE(tlcl_read(FIRMWARE_NV_INDEX, - ctx->secdata_firmware, - VB2_SECDATA_FIRMWARE_SIZE)); - - if (vb2api_secdata_firmware_check(ctx) == VB2_SUCCESS) - return TPM_SUCCESS; - - VBDEBUG("TPM: %s() - bad CRC\n", __func__); - } - - VBDEBUG("TPM: %s() - too many bad CRCs, giving up\n", __func__); - return TPM_E_CORRUPTED_STATE; + RETURN_ON_FAILURE(tlcl_read(FIRMWARE_NV_INDEX, + ctx->secdata_firmware, + VB2_SECDATA_FIRMWARE_SIZE)); + return TPM_SUCCESS; }
static uint32_t read_space_rec_hash(uint8_t *data) @@ -88,33 +77,8 @@ const uint8_t *secdata, uint32_t len) { - uint8_t sd[MAX(VB2_SECDATA_KERNEL_SIZE, VB2_SECDATA_FIRMWARE_SIZE)]; - uint32_t rv; - int attempts = 3; - - if (len > sizeof(sd)) { - VBDEBUG("TPM: %s() - data is too large\n", __func__); - return TPM_E_WRITE_FAILURE; - } - - while (attempts--) { - rv = safe_write(index, secdata, len); - /* Can't write, not gonna try again */ - if (rv != TPM_SUCCESS) - return rv; - - /* Read it back to be sure it got the right values. */ - rv = tlcl_read(index, sd, len); - if (rv == TPM_SUCCESS && memcmp(secdata, sd, len) == 0) - return rv; - - VBDEBUG("TPM: %s() failed. trying again\n", __func__); - /* Try writing it again. Maybe it was garbled on the way out. */ - } - - VBDEBUG("TPM: %s() - too many failures, giving up\n", __func__); - - return TPM_E_CORRUPTED_STATE; + RETURN_ON_FAILURE(safe_write(index, secdata, len)); + return TPM_SUCCESS; }
/*