Add lots of debugging to TPM library.

Temporarily disable TPM in developer mode.

Review URL: http://codereview.chromium.org/3041005

firmware/lib/include/rollback_index.h

@@ -22,12 +22,14 @@
 #define RW_NORMAL_MODE   2
 
 /* TPM NVRAM location indices. */
+#define FIRST_ROLLBACK_NV_INDEX         0x1001  /* First index used here */
 #define FIRMWARE_VERSIONS_NV_INDEX      0x1001
 #define KERNEL_VERSIONS_NV_INDEX        0x1002
 #define TPM_IS_INITIALIZED_NV_INDEX     0x1003
 #define KERNEL_VERSIONS_BACKUP_NV_INDEX 0x1004
 #define KERNEL_MUST_USE_BACKUP_NV_INDEX 0x1005
 #define DEVELOPER_MODE_NV_INDEX         0x1006
+#define LAST_ROLLBACK_NV_INDEX          0x1006  /* Last index used here */
 
 /* Unique ID to detect kernel space redefinition */
 #define KERNEL_SPACE_UID "GRWL"        /* unique ID with secret meaning */

firmware/lib/rollback_index.c

@@ -26,9 +26,11 @@ __pragma(warning (disable: 4127))
   } while (0)
 
 uint32_t TPMClearAndReenable(void) {
+  VBDEBUG(("TPM: Clear and re-enable\n"));
   RETURN_ON_FAILURE(TlclForceClear());
   RETURN_ON_FAILURE(TlclSetEnable());
   RETURN_ON_FAILURE(TlclSetDeactivated(0));
+  
   return TPM_SUCCESS;
 }
 
@@ -96,10 +98,32 @@ uint32_t GetSpacesInitialized(int* initialized) {
 static uint32_t InitializeSpaces(void) {
   uint32_t zero = 0;
   uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE;
+  uint8_t nvlocked = 0;
+  uint32_t i;
 
-  VBDEBUG(("Initializing spaces\n"));
+  VBDEBUG(("TPM: Initializing spaces\n"));
 
+#ifdef FORCE_CLEAR_ON_INIT
+  /* Force the TPM clear, in case it previously had an owner, so that we can
+   * redefine the NVRAM spaces. */
+  RETURN_ON_FAILURE(TPMClearAndReenable());
+#endif
+
+  /* The TPM will not enforce the NV authorization restrictions until the 
+   * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK.
+   * Create that space if it doesn't already exist. */
+  RETURN_ON_FAILURE(TlclGetFlags(NULL, NULL, &nvlocked));
+  VBDEBUG(("TPM: nvlocked=%d\n", nvlocked));
+  if (!nvlocked) {
+    VBDEBUG(("TPM: Enabling NV locking\n"));
     RETURN_ON_FAILURE(TlclSetNvLocked());
+  }
+
+  /* If the spaces were previously defined, we need to undefine them before we
+   * can redefine them.  Undefine by setting size=0.  Ignore these return codes,
+   * since they fail if the spaces aren't actually defined? */
+  for (i = FIRST_ROLLBACK_NV_INDEX; i <= LAST_ROLLBACK_NV_INDEX; i++)
+    SafeDefineSpace(i, firmware_perm, 0);
 
   RETURN_ON_FAILURE(SafeDefineSpace(FIRMWARE_VERSIONS_NV_INDEX,
                                     firmware_perm, sizeof(uint32_t)));
@@ -156,10 +180,14 @@ uint32_t RecoverKernelSpace(void) {
   uint32_t must_use_backup;
   uint32_t zero = 0;
 
+  VBDEBUG(("TPM: RecoverKernelSpace()\n"));
+
   RETURN_ON_FAILURE(TlclRead(KERNEL_MUST_USE_BACKUP_NV_INDEX,
                              (uint8_t*) &must_use_backup, sizeof(uint32_t)));
   /* must_use_backup is true if the previous boot entered recovery mode. */
 
+  VBDEBUG(("TPM: must_use_backup = %d\n", must_use_backup));
+
   /* If we can't read the kernel space, or it has the wrong permission, or it
    * doesn't contain the right identifier, we give up.  This will need to be
    * fixed by the recovery kernel.  We have to worry about this because at any
@@ -194,6 +222,7 @@ uint32_t RecoverKernelSpace(void) {
 static uint32_t BackupKernelSpace(void) {
   uint32_t kernel_versions;
   uint32_t backup_versions;
+  VBDEBUG(("TPM: BackupKernelSpace()\n"));
   RETURN_ON_FAILURE(TlclRead(KERNEL_VERSIONS_NV_INDEX,
                              (uint8_t*) &kernel_versions, sizeof(uint32_t)));
   RETURN_ON_FAILURE(TlclRead(KERNEL_VERSIONS_BACKUP_NV_INDEX,
@@ -250,15 +279,27 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode) {
   uint8_t deactivated;
   uint32_t result;
 
+  VBDEBUG(("TPM: SetupTPM(r%d, d%d)\n", recovery_mode, developer_mode));
+
+  /* TODO: TlclLibInit() should be able to return failure */
   TlclLibInit();
+
   RETURN_ON_FAILURE(TlclStartup());
+#ifdef USE_CONTINUE_SELF_TEST
+  /* TODO: ContinueSelfTest() should be faster than SelfTestFull, but may also
+   * not work properly in older TPM firmware.  For now, do the full self test. */
   RETURN_ON_FAILURE(TlclContinueSelfTest());
+#else
+  RETURN_ON_FAILURE(TlclSelfTestFull());
+#endif
   RETURN_ON_FAILURE(TlclAssertPhysicalPresence());
   /* Checks that the TPM is enabled and activated. */
-  RETURN_ON_FAILURE(TlclGetFlags(&disable, &deactivated));
+  RETURN_ON_FAILURE(TlclGetFlags(&disable, &deactivated, NULL));
   if (disable || deactivated) {
+    VBDEBUG(("TPM: disabled (%d) or deactivated (%d).  Fixing...\n", disable, deactivated));
     RETURN_ON_FAILURE(TlclSetEnable());
     RETURN_ON_FAILURE(TlclSetDeactivated(0));
+    VBDEBUG(("TPM: Must reboot to re-enable\n"));
     return TPM_E_MUST_REBOOT;
   }
   result = RecoverKernelSpace();
@@ -267,11 +308,15 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode) {
       * initialized yet.
       */
     int initialized = 0;
+    VBDEBUG(("TPM: RecoverKernelSpace() failed\n"));
     RETURN_ON_FAILURE(GetSpacesInitialized(&initialized));
     if (initialized) {
+      VBDEBUG(("TPM: Already initialized, so give up\n"));
       return result;
     } else {
+      VBDEBUG(("TPM: Need to initialize spaces.\n"));
       RETURN_ON_FAILURE(InitializeSpaces());
+      VBDEBUG(("TPM: Retrying RecoverKernelSpace() now that spaces are initialized.\n"));
       RETURN_ON_FAILURE(RecoverKernelSpace());
     }
   }
@@ -283,6 +328,7 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode) {
     /* In recovery mode global variables are usable. */
     g_rollback_recovery_mode = 1;
   }
+  VBDEBUG(("TPM: SetupTPM() succeeded\n"));
   return TPM_SUCCESS;
 }
 

firmware/lib/tpm_lite/include/tlcl.h

@@ -53,7 +53,7 @@ uint32_t TlclStartup(void);
 /* Run the self test.  Note---this is synchronous.  To run this in parallel
  * with other firmware, use ContinueSelfTest.  The TPM error code is returned.
  */
-uint32_t TlclSelftestfull(void);
+uint32_t TlclSelfTestFull(void);
 
 /* Runs the self test in the background.
  */
@@ -64,11 +64,6 @@ uint32_t TlclContinueSelfTest(void);
  */
 uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size);
 
-/* Defines a space with permission [perm].  [index] is the index for the space,
- * [size] the usable data size.  Returns the TPM error code.
- */
-uint32_t TlclDefineSpaceResult(uint32_t index, uint32_t perm, uint32_t size);
-
 /* Writes [length] bytes of [data] to space at [index].  The TPM error code is
  * returned.
  */
@@ -120,10 +115,10 @@ uint32_t TlclClearEnable(void);
  */
 uint32_t TlclSetDeactivated(uint8_t flag);
 
-/* Gets flags of interest.  (Add more here as needed.)  The TPM error code is
+/* Gets flags of interest.  Pointers for flags you aren't interested in may
- * returned.
+ * be NULL.  The TPM error code is returned.  
  */
-uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated);
+uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated, uint8_t* nvlocked);
 
 /* Sets the bGlobalLock flag, which only a reboot can clear.  The TPM error
  * code is returned.

firmware/lib/tpm_lite/tlcl.c

@@ -52,19 +52,26 @@ static void CheckResult(uint8_t* request, uint8_t* response, int warn_only) {
   int result = TpmReturnCode(response);
   if (result != TPM_SUCCESS) {
     if (warn_only)
-      VBDEBUG(("TPM command %d 0x%x failed: %d 0x%x\n",
+      VBDEBUG(("TPM: command 0x%x failed: 0x%x\n", command, result));
-               command, command, result, result));
     else
-      error("TPM command %d 0x%x failed: %d 0x%x\n",
+      error("TPM: command 0x%x failed: 0x%x\n", command, result);
-            command, command, result, result);
   }
 }
 
 /* Sends a TPM command and gets a response. */
 static void TlclSendReceive(uint8_t* request, uint8_t* response,
                             int max_length) {
+
   TlclStubSendReceive(request, TpmCommandSize(request),
                       response, max_length);
+
+#ifdef VBOOT_DEBUG
+  {
+    int command = TpmCommandCode(request);
+    int result = TpmReturnCode(response);
+    VBDEBUG(("TPM: command 0x%x returned 0x%x\n", command, result));
+  }
+#endif
 }
 
 
@@ -82,18 +89,22 @@ void TlclLibInit(void) {
 }
 
 uint32_t TlclStartup(void) {
+  VBDEBUG(("TPM: Startup\n"));
   return Send(tpm_startup_cmd.buffer);
 }
 
-uint32_t TlclSelftestfull(void) {
+uint32_t TlclSelfTestFull(void) {
+  VBDEBUG(("TPM: Self test full\n"));
   return Send(tpm_selftestfull_cmd.buffer);
 }
 
 uint32_t TlclContinueSelfTest(void) {
+  VBDEBUG(("TPM: Continue self test\n"));
   return Send(tpm_continueselftest_cmd.buffer);
 }
 
 uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) {
+  VBDEBUG(("TPM: TlclDefineSpace(0x%x, 0x%x, %d)\n", index, perm, size));
   ToTpmUint32(tpm_nv_definespace_cmd.index, index);
   ToTpmUint32(tpm_nv_definespace_cmd.perm, perm);
   ToTpmUint32(tpm_nv_definespace_cmd.size, size);
@@ -105,6 +116,7 @@ uint32_t TlclWrite(uint32_t index, uint8_t* data, uint32_t length) {
   const int total_length =
     kTpmRequestHeaderLength + kWriteInfoLength + length;
 
+  VBDEBUG(("TPM: TlclWrite(0x%x, %d)\n", index, length));
   assert(total_length <= TPM_LARGE_ENOUGH_COMMAND_SIZE);
   SetTpmCommandSize(tpm_nv_write_cmd.buffer, total_length);
 
@@ -123,6 +135,7 @@ uint32_t TlclRead(uint32_t index, uint8_t* data, uint32_t length) {
   uint32_t result_length;
   uint32_t result;
 
+  VBDEBUG(("TPM: TlclRead(0x%x, %d)\n", index, length));
   ToTpmUint32(tpm_nv_read_cmd.index, index);
   ToTpmUint32(tpm_nv_read_cmd.length, length);
 
@@ -139,14 +152,17 @@ uint32_t TlclRead(uint32_t index, uint8_t* data, uint32_t length) {
 }
 
 uint32_t TlclWriteLock(uint32_t index) {
+  VBDEBUG(("TPM: Write lock 0x%x\n", index));
   return TlclWrite(index, NULL, 0);
 }
 
 uint32_t TlclReadLock(uint32_t index) {
+  VBDEBUG(("TPM: Read lock 0x%x\n", index));
   return TlclRead(index, NULL, 0);
 }
 
 uint32_t TlclAssertPhysicalPresence(void) {
+  VBDEBUG(("TPM: Asserting physical presence\n"));
   return Send(tpm_ppassert_cmd.buffer);
 }
 
@@ -157,10 +173,12 @@ uint32_t TlclAssertPhysicalPresenceResult(void) {
 }
 
 uint32_t TlclLockPhysicalPresence(void) {
+  VBDEBUG(("TPM: Lock physical presence\n"));
   return Send(tpm_pplock_cmd.buffer);
 }
 
 uint32_t TlclSetNvLocked(void) {
+  VBDEBUG(("TPM: Set NV locked\n"));
   return TlclDefineSpace(TPM_NV_INDEX_LOCK, 0, 0);
 }
 
@@ -173,27 +191,32 @@ int TlclIsOwned(void) {
 }
 
 uint32_t TlclForceClear(void) {
+  VBDEBUG(("TPM: Force clear\n"));
   return Send(tpm_forceclear_cmd.buffer);
 }
 
 uint32_t TlclSetEnable(void) {
+  VBDEBUG(("TPM: Enabling TPM\n"));
   return Send(tpm_physicalenable_cmd.buffer);
 }
 
 uint32_t TlclClearEnable(void) {
+  VBDEBUG(("TPM: Disabling TPM\n"));
   return Send(tpm_physicaldisable_cmd.buffer);
 }
 
 uint32_t TlclSetDeactivated(uint8_t flag) {
+  VBDEBUG(("TPM: SetDeactivated(%d)\n", flag));
   *((uint8_t*)tpm_physicalsetdeactivated_cmd.deactivated) = flag;
   return Send(tpm_physicalsetdeactivated_cmd.buffer);
 }
 
-uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated) {
+uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated, uint8_t *nvlocked) {
   uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
   TPM_PERMANENT_FLAGS* pflags;
   uint32_t result;
   uint32_t size;
+  VBDEBUG(("TPM: Get flags\n"));
 
   TlclSendReceive(tpm_getflags_cmd.buffer, response, sizeof(response));
   result = TpmReturnCode(response);
@@ -204,13 +227,20 @@ uint32_t TlclGetFlags(uint8_t* disable, uint8_t* deactivated) {
   assert(size == sizeof(TPM_PERMANENT_FLAGS));
   pflags =
     (TPM_PERMANENT_FLAGS*) (response + kTpmResponseHeaderLength + sizeof(size));
+  VBDEBUG(("TPM: Got flags disable=%d, deactivated=%d, nvlocked=%d\n", 
+           pflags->disable, pflags->deactivated, pflags->nvLocked));
+  if (disable)
     *disable = pflags->disable;
+  if (deactivated)
     *deactivated = pflags->deactivated;
+  if (nvlocked)
+    *nvlocked = pflags->nvLocked;
   return result;
 }
 
 uint32_t TlclSetGlobalLock(void) {
   uint32_t x;
+  VBDEBUG(("TPM: Set Set global lock\n"));
   return TlclWrite(TPM_NV_INDEX0, (uint8_t*) &x, 0);
 }
 

firmware/lib/vboot_firmware.c

@@ -41,6 +41,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
   uint64_t lowest_key_version = 0xFFFF;
   uint64_t lowest_fw_version = 0xFFFF;
   uint32_t status;
+  int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags ? 1 : 0);
   int good_index = -1;
   int index;
 
@@ -61,6 +62,9 @@ int LoadFirmware(LoadFirmwareParams* params) {
   }
 
   /* Initialize the TPM and read rollback indices. */
+  if (!is_dev) {
+    /* TODO: should use the TPM all the time; for now, only use when
+     * not in developer mode. */
     status = RollbackFirmwareSetup(params->boot_flags & BOOT_FLAG_DEVELOPER);
     if (0 != status) {
       VBDEBUG(("Unable to setup TPM.\n"));
@@ -73,6 +77,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
       return (status == TPM_E_MUST_REBOOT ?
               LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
     }
+  }
 
   /* Allocate our internal data */
   lfi = (VbLoadFirmwareInternal*)Malloc(sizeof(VbLoadFirmwareInternal));
@@ -225,7 +230,9 @@ int LoadFirmware(LoadFirmwareParams* params) {
         (lowest_key_version == tpm_key_version &&
          lowest_fw_version > tpm_fw_version)) {
 
-
+      if (!is_dev) {
+        /* TODO: should use the TPM all the time; for now, only use
+         * when not in developer mode. */
         status = RollbackFirmwareWrite((uint16_t)lowest_key_version,
                                        (uint16_t)lowest_fw_version);
         if (0 != status) {
@@ -234,7 +241,11 @@ int LoadFirmware(LoadFirmwareParams* params) {
                   LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
         }
       }
+    }
 
+    if (!is_dev) {
+      /* TODO: should use the TPM all the time; for now, only use
+       * when not in developer mode. */
       /* Lock firmware versions in TPM */
       status = RollbackFirmwareLock();
       if (0 != status) {
@@ -242,6 +253,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
         return (status == TPM_E_MUST_REBOOT ?
                 LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
       }
+    }
 
     /* Success */
     VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));

firmware/lib/vboot_kernel.c

@@ -136,6 +136,9 @@ int LoadKernel(LoadKernelParams* params) {
   params->bootloader_address = 0;
   params->bootloader_size = 0;
 
+  if (!is_dev) {
+    /* TODO: should use the TPM all the time; for now, only use when
+     * not in developer mode. */
     /* Let the TPM know if we're in recovery mode */
     if (is_rec) {
       if (0 != RollbackKernelRecovery(is_dev ? 1 : 0)) {
@@ -144,6 +147,7 @@ int LoadKernel(LoadKernelParams* params) {
          * fix the TPM. */
       }
     }
+  }
 
   if (is_normal) {
     /* Read current kernel key index from TPM.  Assumes TPM is already
@@ -381,6 +385,9 @@ int LoadKernel(LoadKernelParams* params) {
       }
     }
 
+    if (!is_dev) {
+      /* TODO: should use the TPM all the time; for now, only use when
+       * not in developer mode. */
       /* Lock the kernel versions */
       status = RollbackKernelLock();
       if (0 != status) {
@@ -390,6 +397,7 @@ int LoadKernel(LoadKernelParams* params) {
           return (status == TPM_E_MUST_REBOOT ?
                   LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY);
       }
+    }
 
     /* Success! */
     return LOAD_KERNEL_SUCCESS;

firmware/linktest/main.c

@@ -39,7 +39,7 @@ int main(void)
   TlclCloseDevice();
   TlclOpenDevice();
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
   TlclContinueSelfTest();
   TlclDefineSpace(0, 0, 0);
   TlclWrite(0, 0, 0);
@@ -53,7 +53,7 @@ int main(void)
   TlclSetEnable();
   TlclClearEnable();
   TlclSetDeactivated(0);
-  TlclGetFlags(0, 0);
+  TlclGetFlags(0, 0, 0);
 
   /* vboot_common.h */
   OffsetOf(0, 0);

firmware/stub/utility_stub.c

@@ -26,7 +26,7 @@ void error(const char *format, ...) {
 void debug(const char *format, ...) {
   va_list ap;
   va_start(ap, format);
-  fprintf(stderr, "WARNING: ");
+  fprintf(stderr, "DEBUG: ");
   vfprintf(stderr, format, ap);
   va_end(ap);
 }
@@ -53,7 +53,7 @@ void* Memcpy(void* dest, const void* src, uint64_t n) {
 }
 
 void* Memset(void* d, const uint8_t c, uint64_t n) {
-  uint8_t *dest = d; /* the only way to keep both cl and gcc happy */
+  uint8_t* dest = d; /* the only way to keep both cl and gcc happy */
   while (n--) {
     *dest++ = c;
   }

firmware/version.c

@@ -1 +1 @@
-char* VbootVersion = "VBOOv=de3135df";
+char* VbootVersion = "VBOOv=5f9c5921";

tests/tpm_lite/clear.c

@@ -15,7 +15,7 @@ int main(int argc, char** argv) {
 
   TlclLibInit();
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
   TlclAssertPhysicalPresence();
 
   owned = TlclIsOwned();

tests/tpm_lite/enable.c

@@ -12,7 +12,7 @@ int main(int argc, char** argv) {
 
   TlclLibInit();
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
 
   TlclAssertPhysicalPresence();
   TlclSetEnable();

tests/tpm_lite/fastenable.c

@@ -28,12 +28,12 @@ int main(int argc, char** argv) {
 
   TlclLibInit();
   CHECK(TlclStartup());
-  CHECK(TlclSelftestfull());
+  CHECK(TlclSelfTestFull());
 
   CHECK(TlclAssertPhysicalPresence());
   printf("PP asserted\n");
 
-  CHECK(TlclGetFlags(&disable, &deactivated));
+  CHECK(TlclGetFlags(&disable, &deactivated, NULL));
   printf("disable is %d, deactivated is %d\n", disable, deactivated);
 
   for (i = 0; i < 2; i++) {
@@ -41,19 +41,19 @@ int main(int argc, char** argv) {
     CHECK(TlclForceClear());
     printf("tpm is cleared\n");
 
-    CHECK(TlclGetFlags(&disable, &deactivated));
+    CHECK(TlclGetFlags(&disable, &deactivated, NULL));
     printf("disable is %d, deactivated is %d\n", disable, deactivated);
 
     CHECK(TlclSetEnable());
     printf("disable flag is cleared\n");
 
-    CHECK(TlclGetFlags(&disable, &deactivated));
+    CHECK(TlclGetFlags(&disable, &deactivated, NULL));
     printf("disable is %d, deactivated is %d\n", disable, deactivated);
 
     CHECK(TlclSetDeactivated(0));
     printf("deactivated flag is cleared\n");
 
-    CHECK(TlclGetFlags(&disable, &deactivated));
+    CHECK(TlclGetFlags(&disable, &deactivated, NULL));
     printf("disable is %d, deactivated is %d\n", disable, deactivated);
   }
 

tests/tpm_lite/globallock.c

@@ -26,7 +26,7 @@ int main(int argc, char** argv) {
   TlclLibInit();
 
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
 
   TlclAssertPhysicalPresence();
 

tests/tpm_lite/lock.c

@@ -18,7 +18,7 @@ int main(int argc, char** argv) {
   TlclLibInit();
 
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
 
   TlclAssertPhysicalPresence();
 

tests/tpm_lite/readonly.c

@@ -69,7 +69,7 @@ int main(int argc, char** argv) {
   TlclLibInit();
 
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
 
   TlclAssertPhysicalPresence();
 

tests/tpm_lite/redefine.c

@@ -28,7 +28,7 @@ int main(int argc, char** argv) {
 
   TlclLibInit();
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
   TlclAssertPhysicalPresence();
 
   result = TlclRead(INDEX0, (uint8_t*) &x, sizeof(x));

tests/tpm_lite/writelimit.c

@@ -25,11 +25,11 @@ int main(int argc, char** argv) {
   TlclLibInit();
 
   TlclStartup();
-  TlclSelftestfull();
+  TlclSelfTestFull();
 
   TlclAssertPhysicalPresence();
 
-  result = TlclGetFlags(&disable, &deactivated);
+  result = TlclGetFlags(&disable, &deactivated, NULL);
   printf("disable is %d, deactivated is %d\n", disable, deactivated);
 
   if (disable || deactivated) {

utility/load_kernel_test.c

@@ -21,7 +21,7 @@
 #include "vboot_kernel.h"
 
 #define LBA_BYTES 512
-#define KERNEL_BUFFER_SIZE 0x600000
+#define KERNEL_BUFFER_SIZE 0xA00000
 
 /* Global variables for stub functions */
 static LoadKernelParams lkp;