[coreboot-gerrit] Patch set updated for coreboot: vboot2: Fix flows for TPM_E_MUST_REBOOT
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Tue Oct 27 22:32:03 CET 2015
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/12205
-gerrit
commit 1df9c674cbf383d199eaaf4ca4c48d01e3c8fa10
Author: Furquan Shaikh <furquan at google.com>
Date: Thu Sep 17 12:40:23 2015 -0700
vboot2: Fix flows for TPM_E_MUST_REBOOT
While migrating from vboot1 to vboot2, the tpm_init was moved out of
vboot library and implemented in coreboot. However, while doing this,
the initial factory flow was missed.
We need to ensure following flow for tpm_init:
1. Perform tpm_init
2. If tpm_init fails, set secdata_context flag to indicate to vboot
that tpm needs reboot.
3. Call vb2_api_phase1
4. If vb2_api_phase1 returns error code saying boot into recovery,
continue booting into recovery. For all other error codes, save
context if required and reboot.
[pg: everything but step 2 was already done, so this upstream commit is
quite minimal]
CQ-DEPEND=CL:300572
BUG=chrome-os-partner:45462
BRANCH=None
TEST=Verified behavior on smaug. Steps to test:
1. Reboot into recovery
2. tpmc clear
3. Reboot device
Expected Behavior: Device should reboot after Enabling TPM. Should not
enter recovery
Confirmed that the device behaves as expected.
Change-Id: I72f08d583b744bd77accadd06958c61ade298dfb
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Original-Commit-Id: 85ac93137f3cfb28668dcfa18dfc773bf910d44e
Original-Change-Id: I38ab9b9d6c2a718ccc8641377508ffc93fef2ba1
Original-Signed-off-by: Furquan Shaikh <furquan at google.com>
Original-Reviewed-on: https://chromium-review.googlesource.com/300570
Original-Commit-Ready: Furquan Shaikh <furquan at chromium.org>
Original-Tested-by: Furquan Shaikh <furquan at chromium.org>
Original-Reviewed-by: Randall Spangler <rspangler at chromium.org>
Original-Reviewed-by: Julius Werner <jwerner at chromium.org>
---
src/vendorcode/google/chromeos/vboot2/antirollback.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index 407b19c..654fd34 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -257,6 +257,7 @@ uint32_t setup_tpm(struct vb2_context *ctx)
* reset. We do a hard reset to get around this.
*/
VBDEBUG("TPM: soft reset detected\n", result);
+ ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
return TPM_E_MUST_REBOOT;
} else if (result != TPM_SUCCESS) {
VBDEBUG("TPM: tlcl_startup returned %08x\n", result);
@@ -304,6 +305,7 @@ uint32_t setup_tpm(struct vb2_context *ctx)
RETURN_ON_FAILURE(tlcl_set_enable());
RETURN_ON_FAILURE(tlcl_set_deactivated(0));
VBDEBUG("TPM: Must reboot to re-enable\n");
+ ctx->flags |= VB2_CONTEXT_SECDATA_WANTS_REBOOT;
return TPM_E_MUST_REBOOT;
}
More information about the coreboot-gerrit
mailing list