scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 02:05:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot1: Lock TPM physical presence (kernel rollback) on legacy boot

Browse Source 
Even though legacy boot is an unsafe mode that has to be manually
initiated by the user, we should still lock the kernel TPM space to be
consistent with existing developer mode practice.

BRANCH=tbd
BUG=chrome-os-partner:39999
TEST=Spent over an hour unsuccessfully trying to get SeaBIOS to boot a
Chromium test image on my Falco. Decided that's not worth it an just
tested the firmware side of this (pressing CTRL+L when legacy mode is
enabled and disabled, multiple times, with and without GBB flag
DEFAULT_DEV_BOOT_LEGACY).

Change-Id: I3b02b59a9055431d222c0c7446de2cd7d2e0bb82
Signed-off-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/270181
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
This commit is contained in:
Julius Werner
2015-05-08 22:54:14 -07:00
committed by ChromeOS Commit Bot
parent f81fce91bf
commit 957b424c52
3 changed files with 32 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
firmware/lib/rollback_index.c
View File

@@ -667,10 +667,16 @@ uint32_t RollbackBackupWrite(uint8_t *raw)
uint32_t RollbackKernelLock(int recovery_mode)
{
if (recovery_mode)
static int kernel_locked = 0;
uint32_t r;
if (recovery_mode || kernel_locked)
return TPM_SUCCESS;
else
return TlclLockPhysicalPresence();
r = TlclLockPhysicalPresence();
if (TPM_SUCCESS == r)
kernel_locked = 1;
return r;
}
#endif /* DISABLE_ROLLBACK_TPM */