Subrata Banik has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/34790 )
Change subject: vboot: fix conditional using vboot_setup_tpm return value ......................................................................
vboot: fix conditional using vboot_setup_tpm return value
vboot_setup_tpm returns (TPM_SUCCESS == 0) on success. In this case, call antirollback_read_space_firmware.
This regression was introduced in CB:34510.
BUG=b:139101213 TEST=make clean && make test-abuild BRANCH=none
Change-Id: Ifdea1d85167a50a1ada5afe9b107408e3a2e0d6f Signed-off-by: Joel Kitching kitching@google.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/34790 Reviewed-by: Subrata Banik subrata.banik@intel.com Reviewed-by: Aamir Bohra aamir.bohra@intel.com Reviewed-by: Ronak Kanabar ronak.kanabar@intel.com Reviewed-by: V Sowmya v.sowmya@intel.com Reviewed-by: caveh jalali caveh@chromium.org Reviewed-by: Furquan Shaikh furquan@google.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/security/vboot/vboot_logic.c 1 file changed, 1 insertion(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Furquan Shaikh: Looks good to me, approved Subrata Banik: Looks good to me, approved Aamir Bohra: Looks good to me, approved V Sowmya: Looks good to me, approved caveh jalali: Looks good to me, but someone else must approve Ronak Kanabar: Looks good to me, but someone else must approve
diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index c61d6be..7f00df5 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -335,8 +335,7 @@ * check the return value here because vb2api_fw_phase1 will catch * invalid secdata and tell us what to do (=reboot). */ timestamp_add_now(TS_START_TPMINIT); - rv = vboot_setup_tpm(&ctx); - if (rv) + if (vboot_setup_tpm(&ctx) == TPM_SUCCESS) antirollback_read_space_firmware(&ctx); timestamp_add_now(TS_END_TPMINIT);