From 6eee220fcdfd557b77c40e123293f16fe548731b Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Wed, 15 Sep 2010 15:57:58 -0700
Subject: [PATCH] Fix one-time init

Change-Id: Ie8b4f5b1b7493b16b69eb41531ec3362d4b3679f

BUG=chrome-os-partner:1101
TEST=manual testing of affected TPM on CRB

Review URL: http://codereview.chromium.org/3388008
---
 firmware/lib/rollback_index.c | 25 ++++++++++++++++++++-----
 firmware/version.c            |  2 +-
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index fdd75c6f5f..a9bcf9e8e3 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -107,22 +107,37 @@ static uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware* rsf,
     ROLLBACK_SPACE_FIRMWARE_VERSION, 0, 0, 0};
   static const RollbackSpaceKernel rsk_init = {
     ROLLBACK_SPACE_KERNEL_VERSION, ROLLBACK_SPACE_KERNEL_UID, 0, 0};
-  uint8_t nvlocked = 0;
+  TPM_PERMANENT_FLAGS pflags;
+  uint32_t result;
 
   VBDEBUG(("TPM: One-time initialization\n"));
 
-  RETURN_ON_FAILURE(TlclFinalizePhysicalPresence());
+  result = TlclGetPermanentFlags(&pflags);
+  if (result != TPM_SUCCESS)
+    return result;
+
+  /* TPM may come from the factory without physical presence finalized.  Fix
+   * if necessary. */
+  VBDEBUG(("TPM: physicalPresenceLifetimeLock=%d\n",
+           pflags.physicalPresenceLifetimeLock));
+  if (!pflags.physicalPresenceLifetimeLock) {
+    VBDEBUG(("TPM: Finalizing physical presence\n"));
+    RETURN_ON_FAILURE(TlclFinalizePhysicalPresence());
+  }
 
   /* The TPM will not enforce the NV authorization restrictions until the
    * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK.
    * Here we create that space if it doesn't already exist. */
-  RETURN_ON_FAILURE(TlclGetFlags(NULL, NULL, &nvlocked));
-  VBDEBUG(("TPM: nvlocked=%d\n", nvlocked));
-  if (!nvlocked) {
+  VBDEBUG(("TPM: nvLocked=%d\n", pflags.nvLocked));
+  if (!pflags.nvLocked) {
     VBDEBUG(("TPM: Enabling NV locking\n"));
     RETURN_ON_FAILURE(TlclSetNvLocked());
   }
 
+  /* Clear TPM owner, in case the TPM is already owned for some reason. */
+  VBDEBUG(("TPM: Clearing owner\n"));
+  RETURN_ON_FAILURE(TlclForceClear());
+
   /* Initializes the firmware and kernel spaces */
   Memcpy(rsf, &rsf_init, sizeof(RollbackSpaceFirmware));
   Memcpy(rsk, &rsk_init, sizeof(RollbackSpaceKernel));
diff --git a/firmware/version.c b/firmware/version.c
index 457e812f1a..7ac560e64f 100644
--- a/firmware/version.c
+++ b/firmware/version.c
@@ -1 +1 @@
-char* VbootVersion = "VBOOv=9da5c30b";
+char* VbootVersion = "VBOOv=dcd11496";