TBR: reviewed in person with semenzato

firmware/include/load_firmware_fw.h

@@ -16,10 +16,12 @@
  * boot phases */
 #define LOAD_FIRMWARE_KEY_BLOB_REC_SIZE 2104
 
-/* Return codes for LoadFirmware() */
+/* Return codes for LoadFirmware() and S3Resume(). */
 #define LOAD_FIRMWARE_SUCCESS 0   /* Success */
 #define LOAD_FIRMWARE_RECOVERY 1  /* Reboot to recovery mode */
 #define LOAD_FIRMWARE_REBOOT 2    /* Reboot to same mode as current boot */
+#define LOAD_FIRMWARE_RECOVERY_TPM 3  /* Reboot to recovery mode due
+                                       * to TPM error */
 
 /* Boot flags for LoadFirmware().boot_flags */
 #define BOOT_FLAG_DEVELOPER UINT64_C(0x01)  /* Developer switch is on */
@@ -85,7 +87,9 @@ int LoadFirmware(LoadFirmwareParams* params);
 void UpdateFirmwareBodyHash(LoadFirmwareParams* params,
                             uint8_t* data, uint64_t size);
 
-
-
+/* Handle S3 resume.
+ *
+ * Returns LOAD_FIRMWARE_SUCCESS if successful, error code on failure. */
+int S3Resume(void);
 
 #endif  /* VBOOT_REFERENCE_LOAD_FIRMWARE_FW_H_ */

firmware/lib/include/rollback_index.h

@@ -83,6 +83,10 @@ Call from LoadKernel()
   Must send in developer and recovery flags
 */
 
+/* These functions are called from S3Resume().  They cannot use
+ * global variables. */
+uint32_t RollbackS3Resume(void);
+
 /* These functions are callable from LoadFirmware().  They cannot use
  * global variables. */
 

firmware/lib/rollback_index.c

@@ -256,6 +256,17 @@ __pragma(warning (disable: 4100))
 
 /* Dummy implementations which don't support TPM rollback protection */
 
+uint32_t RollbackS3Resume(void) {
+#ifndef CHROMEOS_ENVIRONMENT
+  /* Initialize the TPM, but ignore return codes.  In ChromeOS
+   * environment, don't even talk to the TPM. */
+  TlclLibInit();
+  TlclResume();
+  TlclSelfTestFull();
+#endif
+  return TPM_SUCCESS;
+}
+
 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
 #ifndef CHROMEOS_ENVIRONMENT
   /* Initializes the TPM, but ignores return codes.  In ChromeOS
@@ -302,6 +313,22 @@ uint32_t RollbackKernelLock(void) {
 }
 
 #else
+
+uint32_t RollbackS3Resume(void) {
+  TlclLibInit();
+  RETURN_ON_FAILURE(TlclResume());
+#ifdef USE_CONTINUE_SELF_TEST
+  /* TODO: ContinueSelfTest() should be faster than SelfTestFull, but
+   * may also not work properly in older TPM firmware.  For now, do
+   * the full self test. */
+  RETURN_ON_FAILURE(TlclContinueSelfTest());
+#else
+  RETURN_ON_FAILURE(TlclSelfTestFull());
+#endif
+  return TPM_SUCCESS;
+}
+
+
 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
   RollbackSpaceFirmware rsf;
   uint8_t out_digest[20];  /* For PCR extend output */
@@ -316,7 +343,7 @@ uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
     RETURN_ON_FAILURE(TlclExtend(DEV_MODE_PCR, DEV_MODE_OFF_SHA1_DIGEST,
                                  out_digest));
   VBDEBUG(("TPM: RollbackFirmwareSetup dev mode PCR out_digest %02x %02x %02x "
-           "%02x", out_digest, out_digest+1, out_digest+2, out_digest+3));
+           "%02x\n", out_digest, out_digest+1, out_digest+2, out_digest+3));
 
   return TPM_SUCCESS;
 }

firmware/lib/tpm_lite/include/tss_constants.h

@@ -13,6 +13,7 @@
 
 #define TPM_MAX_COMMAND_SIZE 4096
 #define TPM_LARGE_ENOUGH_COMMAND_SIZE 256  /* saves space in the firmware */
+#define TPM_PUBEK_SIZE 256
 
 #define TPM_E_NON_FATAL 0x800
 

firmware/lib/tpm_lite/tlcl.c

@@ -18,7 +18,6 @@
 #include "tlcl.h"
 #include "tlcl_internal.h"
 #include "tlcl_structures.h"
-#include "tpmextras.h"
 #include "utility.h"
 
 /* Sets the size field of a TPM command. */

firmware/lib/vboot_firmware.c

@@ -64,7 +64,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
   if (0 != status) {
     VBDEBUG(("Unable to setup TPM and read stored versions.\n"));
     return (status == TPM_E_MUST_REBOOT ?
-            LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
+            LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM);
   }
 
   /* Allocate our internal data */
@@ -214,7 +214,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
       if (0 != status) {
         VBDEBUG(("Unable to write stored versions.\n"));
         return (status == TPM_E_MUST_REBOOT ?
-                LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
+                LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM);
       }
     }
 
@@ -223,7 +223,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
     if (0 != status) {
       VBDEBUG(("Unable to lock firmware versions.\n"));
       return (status == TPM_E_MUST_REBOOT ?
-              LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
+              LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY_TPM);
     }
 
     /* Success */
@@ -235,3 +235,16 @@ int LoadFirmware(LoadFirmwareParams* params) {
   VBDEBUG(("Alas, no good firmware.\n"));
   return LOAD_FIRMWARE_RECOVERY;
 }
+
+
+int S3Resume(void) {
+  /* Resume the TPM */
+  uint32_t status = RollbackS3Resume();
+
+  if (status == TPM_SUCCESS)
+    return LOAD_FIRMWARE_SUCCESS;
+  else if (status == TPM_E_MUST_REBOOT)
+    return LOAD_FIRMWARE_REBOOT;
+  else
+    return LOAD_FIRMWARE_RECOVERY_TPM;
+}

firmware/linktest/main.c

@@ -27,6 +27,7 @@ int main(void)
   LoadKernel(0);
 
   /* rollback_index.h */
+  RollbackS3Resume();
   RollbackFirmwareSetup(0, 0);
   RollbackFirmwareWrite(0);
   RollbackFirmwareLock();
@@ -40,6 +41,7 @@ int main(void)
   TlclCloseDevice();
   TlclOpenDevice();
   TlclStartup();
+  TlclResume();
   TlclSelfTestFull();
   TlclContinueSelfTest();
   TlclDefineSpace(0, 0, 0);

firmware/stub/tpm_lite_stub.c

@@ -22,7 +22,6 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
-#include "tpmextras.h"
 #define TPM_DEVICE_PATH "/dev/tpm0"
 
 /* TODO: these functions should pass errors back rather than returning void */

firmware/version.c

@@ -1 +1 @@
-char* VbootVersion = "VBOOv=fc764233";
+char* VbootVersion = "VBOOv=54e1e8b5";