Attention is currently required from: Christian Walter, Erik van den Bogaert, Frans Hendriks, Julius Werner, Yu-Ping Wu.
Jon Murphy has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/77665?usp=email )
Change subject: treewide: Adopt TCG standard naming ......................................................................
treewide: Adopt TCG standard naming
Adopt TCG standard naming and definitions for TPM Return codes.
BUG=b:296439237 TEST=Build and boot to OS on skyrim BRANCH=firmware-skyrim-15390.B
Change-Id: I60755723262ec205a4c134948b0250aac4974d35 Signed-off-by: Jon Murphy jpmurphy@google.com --- M src/mainboard/facebook/fbg1701/romstage.c M src/security/tpm/tspi/tspi.c M src/security/tpm/tss/tcg-1.2/tss.c M src/security/tpm/tss/tcg-2.0/tss.c M src/security/tpm/tss/vendor/cr50/cr50.c M src/security/tpm/tss/vendor/cr50/cr50.h M src/security/tpm/tss_errors.h M src/security/vboot/secdata_tpm.c M src/security/vboot/tpm_common.c M src/security/vboot/vboot_logic.c M src/vendorcode/eltan/security/mboot/mboot.c M src/vendorcode/eltan/security/verified_boot/vboot_check.c M src/vendorcode/google/chromeos/cr50_enable_update.c 13 files changed, 121 insertions(+), 117 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/65/77665/1
diff --git a/src/mainboard/facebook/fbg1701/romstage.c b/src/mainboard/facebook/fbg1701/romstage.c index 7a31309..38d8053 100644 --- a/src/mainboard/facebook/fbg1701/romstage.c +++ b/src/mainboard/facebook/fbg1701/romstage.c @@ -64,7 +64,7 @@ * @param[in] activePcr bitmap of the support * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */
static const uint8_t crtm_version[] = @@ -73,7 +73,7 @@
int mb_crtm(void) { - int status = TPM_E_IOERROR; + int status = TPM_IOERROR; TCG_PCR_EVENT2_HDR tcgEventHdr;
/* Use FirmwareVersion string to represent CRTM version. */ diff --git a/src/security/tpm/tspi/tspi.c b/src/security/tpm/tspi/tspi.c index 49b2968..0088913 100644 --- a/src/security/tpm/tspi/tspi.c +++ b/src/security/tpm/tspi/tspi.c @@ -45,7 +45,7 @@ }
deactivated = !deactivated; - rc = TPM_E_MUST_REBOOT; + rc = TPM_MUST_REBOOT; }
return rc; @@ -61,7 +61,7 @@ case TPM_SUCCESS: break;
- case TPM_E_INVALID_POSTINIT: + case TPM_INVALID_POSTINIT: /* * We're on a platform where the TPM maintains power * in S3, so it's already initialized. @@ -151,7 +151,7 @@
rc = tlcl_startup(); if (CONFIG(TPM_STARTUP_IGNORE_POSTINIT) - && rc == TPM_E_INVALID_POSTINIT) { + && rc == TPM_INVALID_POSTINIT) { printk(BIOS_DEBUG, "TPM: ignoring invalid POSTINIT\n"); rc = TPM_SUCCESS; } @@ -224,7 +224,7 @@ uint32_t rc;
if (!digest) - return TPM_E_IOERROR; + return TPM_IOERROR;
if (tspi_tpm_is_setup()) { rc = tlcl_lib_init(); @@ -262,14 +262,14 @@ struct vb2_digest_context ctx;
if (!rdev || !rname) - return TPM_E_INVALID_ARG; + return TPM_INVALID_ARG;
digest_len = vb2_digest_size(TPM_MEASURE_ALGO); assert(digest_len <= sizeof(digest)); if (vb2_digest_init(&ctx, vboot_hwcrypto_allowed(), TPM_MEASURE_ALGO, region_device_sz(rdev))) { printk(BIOS_ERR, "TPM: Error initializing hash.\n"); - return TPM_E_HASH_ERROR; + return TPM_HASH_ERROR; } /* * Though one can mmap the full needed region on x86 this is not the @@ -281,16 +281,16 @@ if (rdev_readat(rdev, buf, offset, len) < 0) { printk(BIOS_ERR, "TPM: Not able to read region %s.\n", rname); - return TPM_E_READ_FAILURE; + return TPM_READ_FAILURE; } if (vb2_digest_extend(&ctx, buf, len)) { printk(BIOS_ERR, "TPM: Error extending hash.\n"); - return TPM_E_HASH_ERROR; + return TPM_HASH_ERROR; } } if (vb2_digest_finalize(&ctx, digest, digest_len)) { printk(BIOS_ERR, "TPM: Error finalizing hash.\n"); - return TPM_E_HASH_ERROR; + return TPM_HASH_ERROR; } return tpm_extend_pcr(pcr, TPM_MEASURE_ALGO, digest, digest_len, rname); } diff --git a/src/security/tpm/tss/tcg-1.2/tss.c b/src/security/tpm/tss/tcg-1.2/tss.c index da92143..8f22894 100644 --- a/src/security/tpm/tss/tcg-1.2/tss.c +++ b/src/security/tpm/tss/tcg-1.2/tss.c @@ -108,7 +108,7 @@ max_length); /* If the command fails because the self test has not completed, try it * again after attempting to ensure that the self test has completed. */ - if (rc == TPM_E_NEEDS_SELFTEST || rc == TPM_E_DOING_SELFTEST) { + if (rc == TPM_NEEDS_SELFTEST || rc == TPM_DOING_SELFTEST) { rc = tlcl_continue_self_test(); if (rc != TPM_SUCCESS) return rc; @@ -125,7 +125,7 @@ do { rc = tlcl_send_receive_no_retry(request, response, max_length); - } while (rc == TPM_E_DOING_SELFTEST); + } while (rc == TPM_DOING_SELFTEST); #endif } return rc; @@ -238,7 +238,7 @@ uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength; from_tpm_uint32(nv_read_cursor, &result_length); if (result_length > length) - return TPM_E_IOERROR; + return TPM_IOERROR; nv_read_cursor += sizeof(uint32_t); memcpy(data, nv_read_cursor, result_length); } @@ -301,7 +301,7 @@ return rc; from_tpm_uint32(response + kTpmResponseHeaderLength, &size); if (size != sizeof(TPM_PERMANENT_FLAGS)) - return TPM_E_IOERROR; + return TPM_IOERROR; memcpy(pflags, response + kTpmResponseHeaderLength + sizeof(size), sizeof(TPM_PERMANENT_FLAGS)); return rc; @@ -338,7 +338,7 @@ uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
if (digest_algo != VB2_HASH_SHA1) - return TPM_E_INVALID_ARG; + return TPM_INVALID_ARG;
memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd)); to_tpm_uint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num); diff --git a/src/security/tpm/tss/tcg-2.0/tss.c b/src/security/tpm/tss/tcg-2.0/tss.c index d228c7f..b219c83 100644 --- a/src/security/tpm/tss/tcg-2.0/tss.c +++ b/src/security/tpm/tss/tcg-2.0/tss.c @@ -57,7 +57,7 @@ /* IO error, tpm2_response pointer is empty. */ if (!response) { printk(BIOS_ERR, "%s: TPM communication error\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; }
printk(BIOS_INFO, "%s: Startup return code is %x\n", @@ -66,13 +66,13 @@ switch (response->hdr.tpm_code) { case TPM_RC_INITIALIZE: /* TPM already initialized. */ - return TPM_E_INVALID_POSTINIT; + return TPM_INVALID_POSTINIT; case TPM2_RC_SUCCESS: return TPM_SUCCESS; }
- /* Collapse any other errors into TPM_E_IOERROR. */ - return TPM_E_IOERROR; + /* Collapse any other errors into TPM_IOERROR. */ + return TPM_IOERROR; }
uint32_t tlcl_resume(void) @@ -91,7 +91,7 @@ /* IO error, tpm2_response pointer is empty. */ if (!response) { printk(BIOS_ERR, "%s: TPM communication error\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; }
printk(BIOS_INFO, "%s: Shutdown return code is %x\n", @@ -100,8 +100,8 @@ if (response->hdr.tpm_code == TPM2_RC_SUCCESS) return TPM_SUCCESS;
- /* Collapse any other errors into TPM_E_IOERROR. */ - return TPM_E_IOERROR; + /* Collapse any other errors into TPM_IOERROR. */ + return TPM_IOERROR; }
uint32_t tlcl_save_state(void) @@ -144,7 +144,7 @@
alg = tpmalg_from_vb2_hash(digest_type); if (alg == TPM_ALG_ERROR) - return TPM_E_HASH_ERROR; + return TPM_HASH_ERROR;
pcr_ext_cmd.pcrHandle = HR_PCR + pcr_num; pcr_ext_cmd.digests.count = 1; @@ -158,7 +158,7 @@ printk(BIOS_INFO, "%s: response is %x\n", __func__, response ? response->hdr.tpm_code : -1); if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR;
return TPM_SUCCESS; } @@ -179,7 +179,7 @@ __func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR;
return TPM_SUCCESS; } @@ -196,7 +196,7 @@ __func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR;
return TPM_SUCCESS; } @@ -244,7 +244,7 @@
/* Need to map tpm error codes into internal values. */ if (!response) - return TPM_E_READ_FAILURE; + return TPM_READ_FAILURE;
printk(BIOS_INFO, "%s:%d index %#x return code %x\n", __FILE__, __LINE__, index, response->hdr.tpm_code); @@ -259,20 +259,20 @@ * hasn't been defined. */ case TPM_RC_CR50_NV_UNDEFINED: - return TPM_E_BADINDEX; + return TPM_BADINDEX;
case TPM_RC_NV_RANGE: - return TPM_E_RANGE; + return TPM_RANGE;
default: - return TPM_E_READ_FAILURE; + return TPM_READ_FAILURE; }
if (length > response->nvr.buffer.t.size) - return TPM_E_RESPONSE_TOO_LARGE; + return TPM_RESPONSE_TOO_LARGE;
if (length < response->nvr.buffer.t.size) - return TPM_E_READ_EMPTY; + return TPM_READ_EMPTY;
memcpy(data, response->nvr.buffer.t.buffer, length);
@@ -306,7 +306,7 @@ __func__, response ? response->hdr.tpm_code : -1);
if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR;
return TPM_SUCCESS; } @@ -334,7 +334,7 @@
/* Need to map tpm error codes into internal values. */ if (!response || response->hdr.tpm_code) - return TPM_E_WRITE_FAILURE; + return TPM_WRITE_FAILURE;
return TPM_SUCCESS; } @@ -357,7 +357,7 @@
/* Need to map tpm error codes into internal values. */ if (!response || response->hdr.tpm_code) - return TPM_E_WRITE_FAILURE; + return TPM_WRITE_FAILURE;
return TPM_SUCCESS; } @@ -392,16 +392,16 @@ response ? response->hdr.tpm_code : -1);
if (!response) - return TPM_E_NO_DEVICE; + return TPM_NO_DEVICE;
/* Map TPM2 return codes into common vboot representation. */ switch (response->hdr.tpm_code) { case TPM2_RC_SUCCESS: return TPM_SUCCESS; case TPM2_RC_NV_DEFINED: - return TPM_E_NV_DEFINED; + return TPM_NV_DEFINED; default: - return TPM_E_INTERNAL_INCONSISTENCY; + return TPM_INTERNAL_INCONSISTENCY; } }
@@ -448,7 +448,7 @@ response = tpm_process_command(TPM2_Hierarchy_Control, &hc);
if (!response || response->hdr.tpm_code) - return TPM_E_INTERNAL_INCONSISTENCY; + return TPM_INTERNAL_INCONSISTENCY;
return TPM_SUCCESS; } @@ -467,14 +467,14 @@ if (property_count > 1) { printk(BIOS_ERR, "%s: property_count more than one not " "supported yet\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; }
response = tpm_process_command(TPM2_GetCapability, &cmd);
if (!response) { printk(BIOS_ERR, "%s: Command Failed\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; }
memcpy(capability_data, &response->gc.cd, sizeof(TPMS_CAPABILITY_DATA)); diff --git a/src/security/tpm/tss/vendor/cr50/cr50.c b/src/security/tpm/tss/vendor/cr50/cr50.c index 57d0b61..f52c41f 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.c +++ b/src/security/tpm/tss/vendor/cr50/cr50.c @@ -24,7 +24,7 @@ response->hdr.tpm_code); else printk(BIOS_INFO, "%s: failed\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; } return TPM_SUCCESS; } @@ -42,7 +42,7 @@ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, command_body);
if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR;
*num_restored_headers = response->vcr.num_restored_headers; return TPM_SUCCESS; @@ -58,7 +58,7 @@ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &sub_command);
if (!response || response->hdr.tpm_code) - return TPM_E_IOERROR; + return TPM_IOERROR;
*recovery_button_state = response->vcr.recovery_button_state; return TPM_SUCCESS; @@ -75,7 +75,7 @@ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command);
if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR;
if (response->hdr.tpm_code == VENDOR_RC_INTERNAL_ERROR) { /* @@ -83,7 +83,7 @@ * is disabled. The Cr50 requires a reboot to re-enable the key * ladder. */ - return TPM_E_MUST_REBOOT; + return TPM_MUST_REBOOT; }
if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || @@ -91,12 +91,12 @@ /* * Explicitly inform caller when command is not supported */ - return TPM_E_NO_SUCH_COMMAND; + return TPM_NO_SUCH_COMMAND; }
if (response->hdr.tpm_code) { /* Unexpected return code from Cr50 */ - return TPM_E_IOERROR; + return TPM_IOERROR; }
/* TPM command completed without error */ @@ -115,16 +115,16 @@ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &mode_command);
if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR;
if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) /* Explicitly inform caller when command is not supported */ - return TPM_E_NO_SUCH_COMMAND; + return TPM_NO_SUCH_COMMAND;
if (response->hdr.tpm_code) /* Unexpected return code from Cr50 */ - return TPM_E_IOERROR; + return TPM_IOERROR;
*boot_mode = response->vcr.boot_mode;
@@ -145,7 +145,7 @@ &reset_command_body);
if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR;
return TPM_SUCCESS; } @@ -160,16 +160,16 @@ response = tpm_process_command(TPM2_CR50_VENDOR_COMMAND, &reset_cmd);
if (!response) - return TPM_E_IOERROR; + return TPM_IOERROR;
if (response->hdr.tpm_code == VENDOR_RC_NO_SUCH_COMMAND || response->hdr.tpm_code == VENDOR_RC_NO_SUCH_SUBCOMMAND) /* Explicitly inform caller when command is not supported */ - return TPM_E_NO_SUCH_COMMAND; + return TPM_NO_SUCH_COMMAND;
if (response->hdr.tpm_code) /* Unexpected return code from Cr50 */ - return TPM_E_IOERROR; + return TPM_IOERROR;
printk(BIOS_DEBUG, "EC reset coming up...\n"); halt(); diff --git a/src/security/tpm/tss/vendor/cr50/cr50.h b/src/security/tpm/tss/vendor/cr50/cr50.h index 0028e80..02d1ea1 100644 --- a/src/security/tpm/tss/vendor/cr50/cr50.h +++ b/src/security/tpm/tss/vendor/cr50/cr50.h @@ -72,9 +72,9 @@ * * Returns TPM_SUCCESS if TPM mode command completed, the Cr50 does not need a * reboot, and the tpm_mode parameter is set to the current TPM mode. - * Returns TPM_E_MUST_REBOOT if TPM mode command completed, but the Cr50 + * Returns TPM_MUST_REBOOT if TPM mode command completed, but the Cr50 * requires a reboot. - * Returns TPM_E_NO_SUCH_COMMAND if the Cr50 does not support the command. + * Returns TPM_NO_SUCH_COMMAND if the Cr50 does not support the command. * Other returns value indicate a failure accessing the TPM. */ uint32_t tlcl_cr50_get_tpm_mode(uint8_t *tpm_mode); @@ -83,7 +83,7 @@ * CR50 specific TPM command sequence to query the current boot mode. * * Returns TPM_SUCCESS if boot mode is successfully retrieved. - * Returns TPM_E_* for errors. + * Returns TPM_* for errors. */ uint32_t tlcl_cr50_get_boot_mode(uint8_t *boot_mode);
@@ -99,7 +99,7 @@ /** * CR50 specific TPM command sequence to issue an EC reset. * - * Returns TPM_E_* for errors. + * Returns TPM_* for errors. * On Success, this function invokes halt() and does not return. */ uint32_t tlcl_cr50_reset_ec(void); diff --git a/src/security/tpm/tss_errors.h b/src/security/tpm/tss_errors.h index 49a7405..48e49c6 100644 --- a/src/security/tpm/tss_errors.h +++ b/src/security/tpm/tss_errors.h @@ -12,35 +12,39 @@
#include <stdint.h>
-#define TPM_E_BASE 0x0 -#define TPM_E_NON_FATAL 0x800 +typedef uint32_t TPM_RESULT;
-#define TPM_E_AREA_LOCKED ((uint32_t)0x0000003c) -#define TPM_E_BADINDEX ((uint32_t)0x00000002) -#define TPM_E_BAD_PRESENCE ((uint32_t)0x0000002d) -#define TPM_E_IOERROR ((uint32_t)0x0000001f) -#define TPM_E_INVALID_POSTINIT ((uint32_t)0x00000026) -#define TPM_E_MAXNVWRITES ((uint32_t)0x00000048) -#define TPM_E_OWNER_SET ((uint32_t)0x00000014) +#define TPM_BASE 0x0
-#define TPM_E_NEEDS_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 1)) -#define TPM_E_DOING_SELFTEST ((uint32_t)(TPM_E_NON_FATAL + 2)) +#define TPM_NON_FATAL 0x800 +#define TPM_VENDOR_ERROR 0x5000
-#define TPM_E_ALREADY_INITIALIZED ((uint32_t)0x00005000) /* vboot local */ -#define TPM_E_INTERNAL_INCONSISTENCY ((uint32_t)0x00005001) /* vboot local */ -#define TPM_E_MUST_REBOOT ((uint32_t)0x00005002) /* vboot local */ -#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */ -#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */ -#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */ -#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */ -#define TPM_E_INPUT_TOO_SMALL ((uint32_t)0x00005007) /* vboot local */ -#define TPM_E_WRITE_FAILURE ((uint32_t)0x00005008) /* vboot local */ -#define TPM_E_READ_EMPTY ((uint32_t)0x00005009) /* vboot local */ -#define TPM_E_READ_FAILURE ((uint32_t)0x0000500a) /* vboot local */ -#define TPM_E_NV_DEFINED ((uint32_t)0x0000500b) /* vboot local */ -#define TPM_E_INVALID_ARG ((uint32_t)0x0000500c) -#define TPM_E_HASH_ERROR ((uint32_t)0x0000500d) -#define TPM_E_NO_SUCH_COMMAND ((uint32_t)0x0000500e) -#define TPM_E_RANGE ((uint32_t)0x0000500f) +#define TPM_BADINDEX ((TPM_RESULT) (TPM_BASE + 2)) +#define TPM_OWNER_SET ((TPM_RESULT) (TPM_BASE + 20)) +#define TPM_IOERROR ((TPM_RESULT) (TPM_BASE + 31)) +#define TPM_INVALID_POSTINIT ((TPM_RESULT) (TPM_BASE + 38)) +#define TPM_BAD_PRESENCE ((TPM_RESULT) (TPM_BASE + 45)) +#define TPM_AREA_LOCKED ((TPM_RESULT) (TPM_BASE + 60)) +#define TPM_MAXNVWRITES ((TPM_RESULT) (TPM_BASE + 72)) + +#define TPM_NEEDS_SELFTEST ((TPM_RESULT) (TPM_NON_FATAL + 1)) +#define TPM_DOING_SELFTEST ((TPM_RESULT) (TPM_NON_FATAL + 2)) + +#define TPM_ALREADY_INITIALIZED ((TPM_RESULT) (TPM_VENDOR_ERROR + 0)) +#define TPM_INTERNAL_INCONSISTENCY ((TPM_RESULT) (TPM_VENDOR_ERROR + 1)) +#define TPM_MUST_REBOOT ((TPM_RESULT) (TPM_VENDOR_ERROR + 2)) +#define TPM_CORRUPTED_STATE ((TPM_RESULT) (TPM_VENDOR_ERROR + 3)) +#define TPM_COMMUNICATION_ERROR ((TPM_RESULT) (TPM_VENDOR_ERROR + 4)) +#define TPM_RESPONSE_TOO_LARGE ((TPM_RESULT) (TPM_VENDOR_ERROR + 5)) +#define TPM_NO_DEVICE ((TPM_RESULT) (TPM_VENDOR_ERROR + 6)) +#define TPM_INPUT_TOO_SMALL ((TPM_RESULT) (TPM_VENDOR_ERROR + 7)) +#define TPM_WRITE_FAILURE ((TPM_RESULT) (TPM_VENDOR_ERROR + 8)) +#define TPM_READ_EMPTY ((TPM_RESULT) (TPM_VENDOR_ERROR + 9)) +#define TPM_READ_FAILURE ((TPM_RESULT) (TPM_VENDOR_ERROR + 10)) +#define TPM_NV_DEFINED ((TPM_RESULT) (TPM_VENDOR_ERROR + 11)) +#define TPM_INVALID_ARG ((TPM_RESULT) (TPM_VENDOR_ERROR + 12)) +#define TPM_HASH_ERROR ((TPM_RESULT) (TPM_VENDOR_ERROR + 13)) +#define TPM_NO_SUCH_COMMAND ((TPM_RESULT) (TPM_VENDOR_ERROR + 14)) +#define TPM_RANGE ((TPM_RESULT) (TPM_VENDOR_ERROR + 15))
#endif /* TSS_ERRORS_H_ */ diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 27d16e1..c17b717 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -46,7 +46,7 @@ if (perms != TPM_NV_PER_PPWRITE) { printk(BIOS_ERR, "TPM: invalid secdata_kernel permissions\n"); - return TPM_E_CORRUPTED_STATE; + return TPM_CORRUPTED_STATE; } }
@@ -55,7 +55,7 @@
/* Start with the version 1.0 size used by all modern Cr50/Ti50 boards. */ rc = tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, size); - if (rc == TPM_E_RANGE) { + if (rc == TPM_RANGE) { /* Fallback to version 0.2(minimum) size and re-read. */ VBDEBUG("Antirollback: NV read out of range, trying min size\n"); size = VB2_SECDATA_KERNEL_MIN_SIZE; @@ -210,11 +210,11 @@
rc = tlcl_define_space(index, length, nv_attributes, nv_policy, nv_policy_size); - if (rc == TPM_E_NV_DEFINED) { + if (rc == TPM_NV_DEFINED) { /* * Continue with writing: it may be defined, but not written * to. In that case a subsequent tlcl_read() would still return - * TPM_E_BADINDEX on TPM 2.0. The cases when some non-firmware + * TPM_BADINDEX on TPM 2.0. The cases when some non-firmware * space is defined while the firmware space is not there * should be rare (interrupted initialization), so no big harm * in writing once again even if it was written already. @@ -439,7 +439,7 @@ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE, size); - return TPM_E_READ_FAILURE; + return TPM_READ_FAILURE; } return read_space_mrc_hash(index, data); } @@ -453,11 +453,11 @@ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", index, HASH_NV_SIZE, size); - return TPM_E_WRITE_FAILURE; + return TPM_WRITE_FAILURE; }
rc = read_space_mrc_hash(index, spc_data); - if (rc == TPM_E_BADINDEX) { + if (rc == TPM_BADINDEX) { /* * If space is not defined already for hash, define * new space. @@ -489,7 +489,7 @@ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", VBIOS_CACHE_NV_INDEX, HASH_NV_SIZE, size); - return TPM_E_READ_FAILURE; + return TPM_READ_FAILURE; } return read_space_vbios_hash(data); } @@ -503,11 +503,11 @@ VBDEBUG("TPM: Incorrect buffer size for hash idx 0x%x. " "(Expected=0x%x Actual=0x%x).\n", VBIOS_CACHE_NV_INDEX, HASH_NV_SIZE, size); - return TPM_E_WRITE_FAILURE; + return TPM_WRITE_FAILURE; }
rc = read_space_vbios_hash(spc_data); - if (rc == TPM_E_BADINDEX) { + if (rc == TPM_BADINDEX) { /* * If space is not defined already for hash, define * new space. @@ -535,7 +535,7 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length) { uint32_t rc = tlcl_write(index, data, length); - if (rc == TPM_E_MAXNVWRITES) { + if (rc == TPM_MAXNVWRITES) { RETURN_ON_FAILURE(tpm_clear_and_reenable()); return tlcl_write(index, data, length); } else { @@ -552,7 +552,7 @@ static uint32_t safe_define_space(uint32_t index, uint32_t perm, uint32_t size) { uint32_t rc = tlcl_define_space(index, perm, size); - if (rc == TPM_E_MAXNVWRITES) { + if (rc == TPM_MAXNVWRITES) { RETURN_ON_FAILURE(tpm_clear_and_reenable()); return tlcl_define_space(index, perm, size); } else { @@ -669,13 +669,13 @@ uint32_t rc;
rc = tlcl_read(FIRMWARE_NV_INDEX, ctx->secdata_firmware, VB2_SECDATA_FIRMWARE_SIZE); - if (rc == TPM_E_BADINDEX) { + if (rc == TPM_BADINDEX) { /* This seems the first time we've run. Initialize the TPM. */ VBDEBUG("TPM: Not initialized yet\n"); RETURN_ON_FAILURE(factory_initialize_tpm(ctx)); } else if (rc != TPM_SUCCESS) { printk(BIOS_ERR, "TPM: Failed to read firmware space: %#x\n", rc); - return TPM_E_CORRUPTED_STATE; + return TPM_CORRUPTED_STATE; }
return TPM_SUCCESS; diff --git a/src/security/vboot/tpm_common.c b/src/security/vboot/tpm_common.c index ad333c6..146494f 100644 --- a/src/security/vboot/tpm_common.c +++ b/src/security/vboot/tpm_common.c @@ -13,7 +13,7 @@ uint32_t rc;
rc = tpm_setup(ctx->flags & VB2_CONTEXT_S3_RESUME); - if (rc == TPM_E_MUST_REBOOT) + if (rc == TPM_MUST_REBOOT) ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
return rc; diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index b59b6dd..8a6514a 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -211,7 +211,7 @@
rc = tlcl_cr50_get_boot_mode(&boot_mode); switch (rc) { - case TPM_E_NO_SUCH_COMMAND: + case TPM_NO_SUCH_COMMAND: printk(BIOS_WARNING, "GSC does not support GET_BOOT_MODE.\n"); /* Proceed to legacy boot model. */ return; diff --git a/src/vendorcode/eltan/security/mboot/mboot.c b/src/vendorcode/eltan/security/mboot/mboot.c index e8a2f80..39c7db6 100644 --- a/src/vendorcode/eltan/security/mboot/mboot.c +++ b/src/vendorcode/eltan/security/mboot/mboot.c @@ -73,7 +73,7 @@ * @param[out] Pcrs The Pcr Selection * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR The command was unsuccessful. + * @retval TPM_IOERROR The command was unsuccessful. */ int tpm2_get_capability_pcrs(TPML_PCR_SELECTION *Pcrs) { @@ -113,7 +113,7 @@ * @param[in] eventLog description of the event. * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ int mboot_hash_extend_log(uint64_t flags, uint8_t *hashData, uint32_t hashDataLen, TCG_PCR_EVENT2_HDR *newEventHdr, uint8_t *eventLog) @@ -130,7 +130,7 @@ } else { struct vb2_hash tmp; if (vb2_hash_calculate(false, hashData, hashDataLen, VB2_HASH_SHA256, &tmp)) - return TPM_E_IOERROR; + return TPM_IOERROR; memcpy(digest->digest.sha256, tmp.sha256, sizeof(tmp.sha256)); }
@@ -225,7 +225,7 @@ * @param[in] event_msg description of the event. * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ int mb_measure_log_worker(const char *name, uint32_t type, uint32_t pcr, TCG_EVENTTYPE eventType, const char *event_msg) @@ -268,7 +268,7 @@ * @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. **/
int __attribute__((weak)) mb_entry(int wake_from_s3) @@ -279,7 +279,7 @@ printk(BIOS_DEBUG, "%s: tlcl_lib_init\n", __func__); if (tlcl_lib_init() != VB2_SUCCESS) { printk(BIOS_ERR, "%s: TPM driver initialization failed.\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; }
if (wake_from_s3) { @@ -312,7 +312,7 @@ * @param[in] wake_from_s3 1 if we are waking from S3, 0 standard boot * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */
int __attribute__((weak))mb_measure(int wake_from_s3) @@ -355,7 +355,7 @@ * @param[in] none * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ int __attribute__((weak))mb_measure_log_start(void) { @@ -365,7 +365,7 @@ if ((tpm2_get_active_pcrs() & EFI_TCG2_BOOT_HASH_ALG_SHA256) == 0x0) { printk(BIOS_DEBUG, "%s: SHA256 PCR Bank not active in TPM.\n", __func__); - return TPM_E_IOERROR; + return TPM_IOERROR; }
status = mb_crtm(); @@ -412,7 +412,7 @@ * function with the same name there. * * @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. **/ int __attribute__((weak))mb_crtm(void) { @@ -440,7 +440,7 @@ status = get_intel_me_hash(hash); if (status) { printk(BIOS_DEBUG, "get_intel_me_hash returned 0x%x\n", status); - status = TPM_E_IOERROR; + status = TPM_IOERROR; return status; }
diff --git a/src/vendorcode/eltan/security/verified_boot/vboot_check.c b/src/vendorcode/eltan/security/verified_boot/vboot_check.c index 649adc2..64b5dc5 100644 --- a/src/vendorcode/eltan/security/verified_boot/vboot_check.c +++ b/src/vendorcode/eltan/security/verified_boot/vboot_check.c @@ -113,7 +113,7 @@ * @param[in] eventType Event type to use when logging
* @retval TPM_SUCCESS Operation completed successfully. - * @retval TPM_E_IOERROR Unexpected device behavior. + * @retval TPM_IOERROR Unexpected device behavior. */ static int measure_item(uint32_t pcr, uint8_t *hashData, uint32_t hashDataLen, int8_t *event_msg, TCG_EVENTTYPE eventType) diff --git a/src/vendorcode/google/chromeos/cr50_enable_update.c b/src/vendorcode/google/chromeos/cr50_enable_update.c index ac39c39..3c77bf3 100644 --- a/src/vendorcode/google/chromeos/cr50_enable_update.c +++ b/src/vendorcode/google/chromeos/cr50_enable_update.c @@ -30,14 +30,14 @@
rc = tlcl_cr50_get_tpm_mode(&tpm_mode);
- if (rc == TPM_E_NO_SUCH_COMMAND) { + if (rc == TPM_NO_SUCH_COMMAND) { printk(BIOS_INFO, "Cr50 does not support TPM mode command\n"); /* Older Cr50 firmware, assume no Cr50 reset is required */ return 0; }
- if (rc == TPM_E_MUST_REBOOT) { + if (rc == TPM_MUST_REBOOT) { /* * Cr50 indicated a reboot is required to restore TPM * functionality.