[coreboot-gerrit] Change in coreboot[master]: cr50: process uninitialized values gracefully

Vadim Bendebury (Code Review) gerrit at coreboot.org
Wed Jun 21 21:52:54 CEST 2017 

Vadim Bendebury has uploaded this change for review. ( https://review.coreboot.org/20299


Change subject: cr50: process uninitialized values gracefully
......................................................................

cr50: process uninitialized values gracefully

The vboot code tries reading rollback protection indices from the TPM,
and if the attempt to read returns TPM_E_BADINDEX, it decides that the
TPM has not yet been initialized for the Chromebook use, and needs to
be taken through the factory initialization sequence.

TPM_E_BADINDEX is an internal representation of the TPM error 0x28b,
generated on attempts to read a non existing NVMEM space.

If the space exists, but has never been written the TPM returns error
0x14a. This condition (the space exists but not written) could happen
if the previous factory initialization attempt was interrupted right
after the space was created.

Let's map this error to the same internal representation
(TPM_E_BADINDEX) so that the Chrome OS device could recover when this
condition occurs.

BRANCH=reef, gru
BUG=b:37443842
TEST=verified that the Pyro device stuck in TPM error state recovered
      when this patch was applied.

Change-Id: I6ff976c839efcd23ae26cef3ee428e7ae02e68f8
Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
---
M src/lib/tpm2_tlcl.c
1 file changed, 2 insertions(+), 1 deletion(-)



  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/99/20299/1

diff --git a/src/lib/tpm2_tlcl.c b/src/lib/tpm2_tlcl.c
index 754f835..fe83bb5 100644
--- a/src/lib/tpm2_tlcl.c
+++ b/src/lib/tpm2_tlcl.c
@@ -210,7 +210,8 @@
 	case 0:
 		break;
 
-	case 0x28b:
+	case 0x14a:  /* Uninitialized, set if the space hasn't been written. */
+	case 0x28b:  /* Bad index, set if the space hasn't been defined. */
 		return TPM_E_BADINDEX;
 
 	default:

-- 
To view, visit https://review.coreboot.org/20299
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6ff976c839efcd23ae26cef3ee428e7ae02e68f8
Gerrit-Change-Number: 20299
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Bendebury <vbendeb at chromium.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20170621/0cb35fc4/attachment-0001.html>

More information about the coreboot-gerrit mailing list