[coreboot-gerrit] New patch to review for coreboot: vboot: Handle S3 resume path for TPM initialization
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Wed Mar 16 18:35:50 CET 2016
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/14107
-gerrit
commit 15438fc5450a31863a233f8d53f158b497abee3d
Author: Duncan Laurie <dlaurie at chromium.org>
Date: Mon Mar 14 09:32:08 2016 -0700
vboot: Handle S3 resume path for TPM initialization
When doing verification of memory init code in verstage vboot
should issue a TPM_Startup(ST_STATE) instead of TPM_Startup(ST_CLEAR)
in order to preserve the flags in TPM_STCLEAR_FLAGS which include
things like physical presence. In doing so we can also skip the rest
of the TPM init work in this function in the S3 resume path.
BUG=chrome-os-partner:50633
BRANCH=glados
TEST=S3 resume on chell and ensure TPM is resumed instead of being
cleared and that 'tpmc getvf|getpf|getf' does not show any difference
in flags between boot and resume.
Change-Id: I7a48eaf7f57d2bc6ebc182178cbe60ceb2ad8863
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Original-Commit-Id: f059f39a0f5c2f21e564b9554efacf26a41ad794
Original-Change-Id: I647869202d2f04328764155d3de4cad9edf10ae4
Original-Signed-off-by: Duncan Laurie <dlaurie at chromium.org>
Original-Previous-Reviewed-on: https://chromium-review.googlesource.com/332434
Original-(cherry picked from commit 5fc7792e4104523569140cd84ce313da721ec34b)
Original-Reviewed-on: https://chromium-review.googlesource.com/332542
Original-Reviewed-by: Aaron Durbin <adurbin at chromium.org>
---
src/vendorcode/google/chromeos/vboot2/antirollback.c | 8 ++++++++
src/vendorcode/google/chromeos/vboot2/vboot_logic.c | 14 +++++++-------
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index 654fd34..fbc6d42 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -249,6 +249,14 @@ uint32_t setup_tpm(struct vb2_context *ctx)
RETURN_ON_FAILURE(tlcl_lib_init());
+ /* Handle special init for S3 resume path */
+ if (ctx->flags & VB2_CONTEXT_S3_RESUME) {
+ result = tlcl_resume();
+ if (result == TPM_E_INVALID_POSTINIT)
+ printk(BIOS_DEBUG, "TPM: Already initialized.\n");
+ return TPM_SUCCESS;
+ }
+
#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
result = tlcl_startup();
if (result == TPM_E_INVALID_POSTINIT) {
diff --git a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
index d43fb27..a81a9c2 100644
--- a/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
+++ b/src/vendorcode/google/chromeos/vboot2/vboot_logic.c
@@ -304,13 +304,6 @@ void verstage_main(void)
/* Read nvdata from a non-volatile storage */
read_vbnv(ctx.nvdata);
- /* Read secdata from TPM. Initialize TPM if secdata not found. We don't
- * check the return value here because vb2api_fw_phase1 will catch
- * invalid secdata and tell us what to do (=reboot). */
- timestamp_add_now(TS_START_TPMINIT);
- antirollback_read_space_firmware(&ctx);
- timestamp_add_now(TS_END_TPMINIT);
-
/* Set S3 resume flag if vboot should behave differently when selecting
* which slot to boot. This is only relevant to vboot if the platform
* does verification of memory init and thus must ensure it resumes with
@@ -320,6 +313,13 @@ void verstage_main(void)
vboot_platform_is_resuming())
ctx.flags |= VB2_CONTEXT_S3_RESUME;
+ /* Read secdata from TPM. Initialize TPM if secdata not found. We don't
+ * check the return value here because vb2api_fw_phase1 will catch
+ * invalid secdata and tell us what to do (=reboot). */
+ timestamp_add_now(TS_START_TPMINIT);
+ antirollback_read_space_firmware(&ctx);
+ timestamp_add_now(TS_END_TPMINIT);
+
if (!IS_ENABLED(CONFIG_VIRTUAL_DEV_SWITCH) &&
get_developer_mode_switch())
ctx.flags |= VB2_CONTEXT_FORCE_DEVELOPER_MODE;
More information about the coreboot-gerrit
mailing list