[coreboot-gerrit] Change in coreboot[master]: drivers/pc80/tpm: Refactor init_tpm() implementation

Philipp Deppenwiese (Code Review) gerrit at coreboot.org
Wed May 3 22:36:36 CEST 2017 

Philipp Deppenwiese has uploaded a new change for review. ( https://review.coreboot.org/19555 )

Change subject: drivers/pc80/tpm: Refactor init_tpm() implementation
......................................................................

drivers/pc80/tpm: Refactor init_tpm() implementation

Move the TPM deactivate command after the tis_init()
function in order to ensure that there is a TPM which
can be used.

Add additional doc for CONFIG_NO_TPM_RESUME kconfig option
which is mainly used by chromebooks.

Add TPM_PcrRead command for TPM state retrieval by calling
it. Now the TPM state is logged. Also if TPM deactivate is
enforced and something is wrong it will jump directly to
the error handling.

Change-Id: I2c51ce402f43466e211bc1990335fd320d685829
Signed-off-by: Philipp Deppenwiese <zaolin at das-labor.org>
---
M src/drivers/pc80/tpm/romstage.c
1 file changed, 64 insertions(+), 33 deletions(-)


  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/55/19555/1

diff --git a/src/drivers/pc80/tpm/romstage.c b/src/drivers/pc80/tpm/romstage.c
index a6167a4..85ce641 100644
--- a/src/drivers/pc80/tpm/romstage.c
+++ b/src/drivers/pc80/tpm/romstage.c
@@ -30,6 +30,8 @@
 #define TPM_E_COMMUNICATION_ERROR ((u32)0x00005004)
 #define TPM_E_NON_FATAL           ((u32)0x00000800)
 #define TPM_E_INVALID_POSTINIT    ((u32)0x00000026)
+#define TPM_E_DEACTIVATED         ((u32)0x00000006)
+#define TPM_E_DISABLED            ((u32)0x00000007)
 
 #define TPM_E_NEEDS_SELFTEST     ((u32)(TPM_E_NON_FATAL + 1))
 #define TPM_E_DOING_SELFTEST     ((u32)(TPM_E_NON_FATAL + 2))
@@ -56,6 +58,13 @@
 	u8 buffer[10];
 } tpm_continueselftest_cmd = {
 	{ 0x0, 0xc1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x53 }
+};
+
+static const struct {
+	u8 buffer[14];
+	u16 pcrNum;
+} tpm_pcr_read_cmd = {
+	{0x0, 0xc1, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x15, }, 10,
 };
 
 static inline void FromTpmUint32(const u8 * buffer, u32 * x)
@@ -183,20 +192,8 @@
 	u32 result;
 	u8 response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
 
-	if (IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {
-		printk(BIOS_SPEW, "TPM: Deactivate\n");
-		result = TlclSendReceive(tpm_deactivate_cmd.buffer,
-					response, sizeof(response));
-		if (result == TPM_SUCCESS) {
-			printk(BIOS_SPEW, "TPM: OK.\n");
-			return;
-		}
-
-		printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
-		return;
-	}
-
-	/* Doing TPM startup when we're not coming in on the S3 resume path
+	/* CHROMEOS hack to be faster but not recommended for normal tpm usage.
+	 * Doing TPM startup when we're not coming in on the S3 resume path
 	 * saves us roughly 20ms in boot time only. This does not seem to
 	 * be worth an API change to vboot_reference-firmware right now, so
 	 * let's keep the code around, but just bail out early:
@@ -215,31 +212,63 @@
 	if (tis_open())
 		return;
 
-	if (s3resume) {
-		/* S3 Resume */
-		printk(BIOS_SPEW, "TPM: Resume\n");
-		result = TlclSendReceive(tpm_resume_cmd.buffer,
+	if (IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {
+		printk(BIOS_SPEW, "TPM: PhysicalDeactivate\n");
+		result = TlclSendReceive(tpm_deactivate_cmd.buffer,
 					response, sizeof(response));
-		if (result == TPM_E_INVALID_POSTINIT) {
-			/* We're on a platform where the TPM maintains power
-			 * in S3, so it's already initialized.
-			 */
-			printk(BIOS_DEBUG, "TPM: Already initialized.\n");
-			tis_close();
-			return;
-		}
 	} else {
-		printk(BIOS_SPEW, "TPM: Startup\n");
-		result = TlclSendReceive(tpm_startup_cmd.buffer,
-					response, sizeof(response));
+		if (s3resume) {
+			/* S3 Resume */
+			printk(BIOS_SPEW, "TPM: Resume\n");
+			result = TlclSendReceive(tpm_resume_cmd.buffer,
+						response, sizeof(response));
+			if (result == TPM_E_INVALID_POSTINIT) {
+
+			 /* We're on a platform where the TPM maintains power
+				* in S3, so it's already initialized.
+				*/
+				printk(BIOS_DEBUG, "TPM: Already initialized.\n");
+				tis_close();
+				return;
+			}
+		} else {
+			printk(BIOS_SPEW, "TPM: Startup\n");
+			result = TlclSendReceive(tpm_startup_cmd.buffer,
+						response, sizeof(response));
+		}
 	}
 
-	if (result == TPM_SUCCESS) {
-		printk(BIOS_SPEW, "TPM: OK.\n");
-		tis_close();
-		return;
+	if (result != TPM_SUCCESS)
+		goto error;
+
+	printk(BIOS_SPEW, "Get TPM status information\n");
+	result = TlclSendReceive(tpm_pcr_read_cmd.buffer,
+				response, sizeof(response));
+
+	switch (result) {
+	case TPM_E_DEACTIVATED:
+		printk(BIOS_INFO, "TPM is deactivated via PPI!\n");
+		break;
+	case TPM_E_DISABLED:
+		printk(BIOS_INFO, "TPM is disabled via PPI!\n");
+		break;
+	case TPM_SUCCESS:
+		if (IS_ENABLED(CONFIG_TPM_DEACTIVATE)) {
+			printk(BIOS_INFO, "TPM is active that shouldn't happen!\n");
+			goto error;
+		} else {
+			printk(BIOS_INFO, "TPM is running!\n");
+		}
+		break;
+	default:
+		goto error;
 	}
 
+	printk(BIOS_SPEW, "TPM: OK.\n");
+	tis_close();
+	return;
+
+error:
 	printk(BIOS_ERR, "TPM: Error code 0x%x.\n", result);
 
 	if (IS_ENABLED(CONFIG_TPM_INIT_FAILURE_IS_FATAL)) {
@@ -248,5 +277,7 @@
 		if (IS_ENABLED(CONFIG_CONSOLE_CBMEM_DUMP_TO_UART))
 			cbmem_dump_console();
 		hard_reset();
+	} else {
+		tis_close();
 	}
 }

-- 
To view, visit https://review.coreboot.org/19555
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2c51ce402f43466e211bc1990335fd320d685829
Gerrit-PatchSet: 1
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Owner: Philipp Deppenwiese <zaolin.daisuki at gmail.com>

More information about the coreboot-gerrit mailing list