Revert "Refactor TPM calls into vboot wrapper"

This reverts commit da55560cddcf7a1aa8a881cdf52792a21a01e766. This commit caused http://build.chromium.org/p/chromiumos/builders/arm%20tegra2%20binary/builds/6301 to fail. Change-Id: Ie132c1e600ab28f97337ecfe0e7cff053987717d Reviewed-on: http://gerrit.chromium.org/gerrit/4661 Reviewed-by: Elly Jones <ellyjones@chromium.org> Tested-by: Elly Jones <ellyjones@chromium.org>
2025-11-24 02:05:01 +00:00 · 2011-07-25 09:58:27 -07:00
parent 4bc713d0df
commit 64b2ba41cc
11 changed files with 339 additions and 257 deletions
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -8,6 +8,7 @@

 #include "rollback_index.h"
 #include "tlcl.h"
+#include "tpm_bootmode.h"
 #include "tss_constants.h"
 #include "utility.h"
 #include "vboot_api.h"
@@ -303,11 +304,10 @@ uint32_t RollbackS3Resume(void) {
  return TPM_SUCCESS;
 }

-uint32_t RollbackFirmwareSetup(int recovery_mode, int developer_mode,
-                               uint32_t* version) {
+uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
 #ifndef CHROMEOS_ENVIRONMENT
-  /* Initialize the TPM, but ignores return codes.  In ChromeOS
-   * environment, don't even talk to the TPM. */
+  /* Initializes the TPM, but ignores return codes.  In ChromeOS
+   * environment, doesn't even talk to the TPM. */
  TlclLibInit();
  TlclStartup();
  TlclContinueSelfTest();
@@ -329,6 +329,17 @@ uint32_t RollbackFirmwareLock(void) {
  return TPM_SUCCESS;
 }

+uint32_t RollbackKernelRecovery(int developer_mode) {
+#ifndef CHROMEOS_ENVIRONMENT
+  /* Initializes the TPM, but ignore return codes.  In ChromeOS
+   * environment, doesn't even talk to the TPM. */
+  TlclLibInit();
+  TlclStartup();
+  TlclSelfTestFull();
+#endif
+  return TPM_SUCCESS;
+}
+
 uint32_t RollbackKernelRead(uint32_t* version) {
  *version = 0;
  return TPM_SUCCESS;
@@ -356,19 +367,27 @@ uint32_t RollbackS3Resume(void) {
  return result;
 }

-uint32_t RollbackFirmwareSetup(int recovery_mode, int developer_mode,
-                               uint32_t* version) {
+
+uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
  RollbackSpaceFirmware rsf;

-  /* Set version to 0 in case we fail */
-  *version = 0;
-
-  RETURN_ON_FAILURE(SetupTPM(recovery_mode, developer_mode, &rsf));
+  RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf));
  *version = rsf.fw_versions;
  VBDEBUG(("TPM: RollbackFirmwareSetup %x\n", (int)rsf.fw_versions));
  return TPM_SUCCESS;
 }

+uint32_t RollbackFirmwareRead(uint32_t* version) {
+  RollbackSpaceFirmware rsf;
+
+  RETURN_ON_FAILURE(ReadSpaceFirmware(&rsf));
+  VBDEBUG(("TPM: RollbackFirmwareRead %x --> %x\n", (int)rsf.fw_versions,
+           (int)*version));
+  *version = rsf.fw_versions;
+  VBDEBUG(("TPM: RollbackFirmwareRead %x\n", (int)rsf.fw_versions));
+  return TPM_SUCCESS;
+}
+
 uint32_t RollbackFirmwareWrite(uint32_t version) {
  RollbackSpaceFirmware rsf;

@@ -383,6 +402,23 @@ uint32_t RollbackFirmwareLock(void) {
  return TlclSetGlobalLock();
 }

+uint32_t RollbackKernelRecovery(int developer_mode) {
+  uint32_t rvs, rve;
+  RollbackSpaceFirmware rsf;
+
+  /* In recovery mode we ignore TPM malfunctions or corruptions, and *
+   * leave the TPM complelely unlocked; we call neither
+   * TlclSetGlobalLock() nor TlclLockPhysicalPresence().  The recovery
+   * kernel will fix the TPM (if needed) and lock it ASAP.  We leave
+   * Physical Presence on in either case. */
+  rvs = SetupTPM(1, developer_mode, &rsf);
+  rve = SetTPMBootModeState(developer_mode,
+                            1,  /* Recovery Mode Status. */
+                            0);  /* In recovery mode, there is no RW firmware
+                                  * keyblock flag. */
+  return (TPM_SUCCESS == rvs) ? rve : rvs;
+}
+
 uint32_t RollbackKernelRead(uint32_t* version) {
  RollbackSpaceKernel rsk;
  uint32_t perms;