Enable TPM in developer mode again.

Also fix a few comments, and make extra debugging work when compiled in firmware. BUG=none TEST=make && make runtests; all pass Review URL: http://codereview.chromium.org/3007036
2025-12-15 20:37:33 +00:00 · 2010-08-05 15:13:14 -07:00
parent 97a122817d
commit 63dffcb52b
5 changed files with 59 additions and 80 deletions
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -41,7 +41,6 @@ int LoadFirmware(LoadFirmwareParams* params) {
  uint64_t lowest_key_version = 0xFFFF;
  uint64_t lowest_fw_version = 0xFFFF;
  uint32_t status;
-  int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags ? 1 : 0);
  int good_index = -1;
  int index;

@@ -62,21 +61,17 @@ int LoadFirmware(LoadFirmwareParams* params) {
  }

  /* Initialize the TPM and read rollback indices. */
-  if (!is_dev) {
-    /* TODO: should use the TPM all the time; for now, only use when
-     * not in developer mode. */
-    status = RollbackFirmwareSetup(params->boot_flags & BOOT_FLAG_DEVELOPER);
-    if (0 != status) {
-      VBDEBUG(("Unable to setup TPM.\n"));
-      return (status == TPM_E_MUST_REBOOT ?
-              LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
-    }
-    status = RollbackFirmwareRead(&tpm_key_version, &tpm_fw_version);
-    if (0 != status) {
-      VBDEBUG(("Unable to read stored versions.\n"));
-      return (status == TPM_E_MUST_REBOOT ?
-              LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
-    }
+  status = RollbackFirmwareSetup(params->boot_flags & BOOT_FLAG_DEVELOPER);
+  if (0 != status) {
+    VBDEBUG(("Unable to setup TPM.\n"));
+    return (status == TPM_E_MUST_REBOOT ?
+            LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
+  }
+  status = RollbackFirmwareRead(&tpm_key_version, &tpm_fw_version);
+  if (0 != status) {
+    VBDEBUG(("Unable to read stored versions.\n"));
+    return (status == TPM_E_MUST_REBOOT ?
+            LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
  }

  /* Allocate our internal data */
@@ -230,31 +225,23 @@ int LoadFirmware(LoadFirmwareParams* params) {
        (lowest_key_version == tpm_key_version &&
         lowest_fw_version > tpm_fw_version)) {

-      if (!is_dev) {
-        /* TODO: should use the TPM all the time; for now, only use
-         * when not in developer mode. */
-        status = RollbackFirmwareWrite((uint16_t)lowest_key_version,
-                                       (uint16_t)lowest_fw_version);
-        if (0 != status) {
-          VBDEBUG(("Unable to write stored versions.\n"));
-          return (status == TPM_E_MUST_REBOOT ?
-                  LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
-        }
-      }
-    }
-
-    if (!is_dev) {
-      /* TODO: should use the TPM all the time; for now, only use
-       * when not in developer mode. */
-      /* Lock firmware versions in TPM */
-      status = RollbackFirmwareLock();
+      status = RollbackFirmwareWrite((uint16_t)lowest_key_version,
+                                     (uint16_t)lowest_fw_version);
      if (0 != status) {
-        VBDEBUG(("Unable to lock firmware versions.\n"));
+        VBDEBUG(("Unable to write stored versions.\n"));
        return (status == TPM_E_MUST_REBOOT ?
                LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
      }
    }

+    /* Lock firmware versions in TPM */
+    status = RollbackFirmwareLock();
+    if (0 != status) {
+      VBDEBUG(("Unable to lock firmware versions.\n"));
+      return (status == TPM_E_MUST_REBOOT ?
+              LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
+    }
+
    /* Success */
    VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));
    return LOAD_FIRMWARE_SUCCESS;