rollback_index: Add recovery parameter to RollbackKernelLock.

RollbackKernelLock previously checked a global to determine recovery mode state. Since we have two copies of vboot_reference in firmware (in coreboot and depthcharge), this creates a problem with synchronization. Remove the global entirely and instead pass the recovery state to RollbackKernelLock. BUG=chrome-os-partner:20913. TEST=Manual. Boot factory install shim in recovery mode and verify TPM clear operations succeed. Boot in dev mode and verify "Lock physical presence" print on UART. BRANCH=FalcoPeppy. Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org> Change-Id: I4e751d4a9ca60cd57c5c662ce86eba595fb22ba2 Reviewed-on: https://gerrit.chromium.org/gerrit/62874 Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-11-24 18:25:10 +00:00 · 2013-07-22 13:33:46 -07:00
parent 42c08cb2da
commit 964144bf2f
8 changed files with 12 additions and 18 deletions
--- a/firmware/lib/include/rollback_index.h
+++ b/firmware/lib/include/rollback_index.h
@@ -117,7 +117,7 @@ uint32_t RollbackKernelWrite(uint32_t version);
 /**
 * Lock must be called.  Internally, it's ignored in recovery mode.
 */
-uint32_t RollbackKernelLock(void);
+uint32_t RollbackKernelLock(int recovery_mode);

 /****************************************************************************/

--- a/firmware/lib/mocked_rollback_index.c
+++ b/firmware/lib/mocked_rollback_index.c
@@ -49,7 +49,7 @@ uint32_t RollbackFirmwareWrite(uint32_t version) {
 }


-uint32_t RollbackFirmwareLock(void) {
+uint32_t RollbackFirmwareLock(int recovery_mode) {
  return TPM_SUCCESS;
 }

--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -38,8 +38,6 @@ uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk);
 #undef DISABLE_ROLLBACK_TPM
 #endif

-static int g_rollback_recovery_mode = 0;
-
 #define RETURN_ON_FAILURE(tpm_command) do {				\
 		uint32_t result_;					\
 		if ((result_ = (tpm_command)) != TPM_SUCCESS) {		\
@@ -355,10 +353,6 @@ uint32_t SetupTPM(int recovery_mode, int developer_mode,

 	VBDEBUG(("TPM: SetupTPM(r%d, d%d)\n", recovery_mode, developer_mode));

-	/* Global variables are usable in recovery mode */
-	if (recovery_mode)
-		g_rollback_recovery_mode = 1;
-
 	RETURN_ON_FAILURE(TlclLibInit());

 #ifdef TEGRA_SOFT_REBOOT_WORKAROUND
@@ -540,7 +534,7 @@ uint32_t RollbackKernelWrite(uint32_t version)
 	return TPM_SUCCESS;
 }

-uint32_t RollbackKernelLock(void)
+uint32_t RollbackKernelLock(int recovery_mode)
 {
 	return TPM_SUCCESS;
 }
@@ -635,9 +629,9 @@ uint32_t RollbackKernelWrite(uint32_t version)
 	return WriteSpaceKernel(&rsk);
 }

-uint32_t RollbackKernelLock(void)
+uint32_t RollbackKernelLock(int recovery_mode)
 {
-	if (g_rollback_recovery_mode)
+	if (recovery_mode)
 		return TPM_SUCCESS;
 	else
 		return TlclLockPhysicalPresence();
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -970,7 +970,7 @@ VbError_t VbSelectAndLoadKernel(VbCommonParams *cparams,
 	       sizeof(kparams->partition_guid));

 	/* Lock the kernel versions.  Ignore errors in recovery mode. */
-	tpm_status = RollbackKernelLock();
+	tpm_status = RollbackKernelLock(shared->recovery_reason);
 	if (0 != tpm_status) {
 		VBDEBUG(("Error locking kernel versions.\n"));
 		if (!shared->recovery_reason) {
--- a/firmware/linktest/main.c
+++ b/firmware/linktest/main.c
@@ -36,7 +36,7 @@ int main(void)
  RollbackFirmwareLock();
  RollbackKernelRead(0);
  RollbackKernelWrite(0);
-  RollbackKernelLock();
+  RollbackKernelLock(0);

  /* tpm_bootmode.c */
  SetTPMBootModeState(0, 0, 0);
--- a/tests/rollback_index2_tests.c
+++ b/tests/rollback_index2_tests.c
@@ -938,19 +938,19 @@ static void RollbackKernelTest(void)

 	/* Test lock (recovery off) */
 	ResetMocks(0, 0);
-	TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock()");
+	TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()");
 	TEST_STR_EQ(mock_calls,
 		    "TlclLockPhysicalPresence()\n",
 		    "tlcl calls");

 	ResetMocks(1, TPM_E_IOERROR);
-	TEST_EQ(RollbackKernelLock(), TPM_E_IOERROR,
+	TEST_EQ(RollbackKernelLock(0), TPM_E_IOERROR,
 		"RollbackKernelLock() error");

 	/* Test lock with recovery on; shouldn't lock PP */
 	SetupTPM(1, 0, 0, 0, &rsf);
 	ResetMocks(0, 0);
-	TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock() in recovery");
+	TEST_EQ(RollbackKernelLock(1), 0, "RollbackKernelLock() in recovery");
 	TEST_STR_EQ(mock_calls, "", "no tlcl calls");
 }

--- a/tests/rollback_index3_tests.c
+++ b/tests/rollback_index3_tests.c
@@ -37,7 +37,7 @@ int main(int argc, char* argv[])
 	TEST_EQ(version, 0, "rkr version");

 	TEST_EQ(RollbackKernelWrite(0), 0, "RollbackKernelWrite()");
-	TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock()");
+	TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()");

 	return gTestSuccess ? 0 : 255;
 }
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -94,7 +94,7 @@ uint32_t RollbackKernelWrite(uint32_t version)
 	return rkw_retval;
 }

-uint32_t RollbackKernelLock(void)
+uint32_t RollbackKernelLock(int recovery_mode)
 {
 	return rkl_retval;
 }