Change in coreboot[master]: vboot/secdata_tpm: Rename set_space() - coreboot-gerrit

16 May 2021

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/54308 )
Change subject: vboot/secdata_tpm: Rename set_space()
......................................................................
vboot/secdata_tpm: Rename set_space()
The name `set_space()` seems to imply that it's writing to a TPM space
when actually, the function can create a space and write to it.  This
commit attempts to make that a bit more clear.  Additionally, in order
to use the correct sizes when creating the space, this commit also
refactors the functions slightly to incorporate the vboot context object
such that the correct sizes are used.  The various vboot APIs will
return the size of the created object that we can then create the space
with.
BUG=b:184677625
BRANCH=None
TEST=`emerge-keeby coreboot`
Signed-off-by: Aseda Aboagye aaboagye@google.com
Change-Id: I80a8342c51d7bfaa0cb2eb3fd37240425d5901be
Reviewed-on: https://review.coreboot.org/c/coreboot/+/54308
Reviewed-by: Julius Werner jwerner@chromium.org
Tested-by: build bot (Jenkins) no-reply@coreboot.org
---
M src/security/vboot/secdata_tpm.c
1 file changed, 21 insertions(+), 18 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Julius Werner: Looks good to me, approved

diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index db5f2e7..93a172d 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -151,9 +151,9 @@
    return tlcl_write(index, data, length);
 }
-static uint32_t set_space(const char *name, uint32_t index, const void *data,
-			  uint32_t length, const TPMA_NV nv_attributes,
-			  const uint8_t *nv_policy, size_t nv_policy_size)
+static uint32_t setup_space(const char *name, uint32_t index, const void *data,
+			    uint32_t length, const TPMA_NV nv_attributes,
+			    const uint8_t *nv_policy, size_t nv_policy_size)
 {
    uint32_t rv;
@@ -178,35 +178,38 @@
    return safe_write(index, data, length);
 }
-static uint32_t set_firmware_space(const void *firmware_blob)
+static uint32_t setup_firmware_space(struct vb2_context *ctx)
 {
-	return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob,
-			 VB2_SECDATA_FIRMWARE_SIZE, ro_space_attributes,
-			 pcr0_allowed_policy, sizeof(pcr0_allowed_policy));
+	uint32_t firmware_space_size = vb2api_secdata_firmware_create(ctx);
+
+	return setup_space("firmware", FIRMWARE_NV_INDEX,
+			   ctx->secdata_firmware, firmware_space_size,
+			   ro_space_attributes, pcr0_allowed_policy,
+			   sizeof(pcr0_allowed_policy));
 }
-static uint32_t set_kernel_space(const void *kernel_blob)
+static uint32_t setup_kernel_space(struct vb2_context *ctx)
 {
-	return set_space("kernel", KERNEL_NV_INDEX, kernel_blob,
-			 VB2_SECDATA_KERNEL_SIZE, rw_space_attributes, NULL, 0);
+	uint32_t kernel_space_size = vb2api_secdata_kernel_create(ctx);
+
+	return setup_space("kernel", KERNEL_NV_INDEX, ctx->secdata_kernel,
+			    kernel_space_size, rw_space_attributes, NULL, 0);
 }
static uint32_t set_mrc_hash_space(uint32_t index, const uint8_t *data)
 {
    if (index == MRC_REC_HASH_NV_INDEX) {
-		return set_space("RO MRC Hash", index, data, HASH_NV_SIZE,
-				 ro_space_attributes, pcr0_allowed_policy,
+		return setup_space("RO MRC Hash", index, data, HASH_NV_SIZE,
+				   ro_space_attributes, pcr0_allowed_policy,
    			 sizeof(pcr0_allowed_policy));
    } else {
-		return set_space("RW MRC Hash", index, data, HASH_NV_SIZE,
-				 rw_space_attributes, NULL, 0);
+		return setup_space("RW MRC Hash", index, data, HASH_NV_SIZE,
+				   rw_space_attributes, NULL, 0);
    }
 }
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 {
-	vb2api_secdata_kernel_create(ctx);
-
    RETURN_ON_FAILURE(tlcl_force_clear());
/*
@@ -215,7 +218,7 @@
     * indication that TPM factory initialization was successfully
     * completed.
     */
-	RETURN_ON_FAILURE(set_kernel_space(ctx->secdata_kernel));
+	RETURN_ON_FAILURE(setup_kernel_space(ctx));
/*
     * Define and set rec hash space, if available.  No need to
@@ -227,7 +230,7 @@
    if (CONFIG(VBOOT_HAS_REC_HASH_SPACE))
    	RETURN_ON_FAILURE(set_mrc_hash_space(MRC_REC_HASH_NV_INDEX, mrc_hash_data));
-	RETURN_ON_FAILURE(set_firmware_space(ctx->secdata_firmware));
+	RETURN_ON_FAILURE(setup_firmware_space(ctx));
return TPM_SUCCESS;
 }
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/54308
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I80a8342c51d7bfaa0cb2eb3fd37240425d5901be
Gerrit-Change-Number: 54308
Gerrit-PatchSet: 4
Gerrit-Owner: Aseda Aboagye aaboagye@google.com
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-MessageType: merged



    