From ad03a439bc97523e03d19aa1dcd568744d60889c Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Fri, 22 Jul 2011 12:25:38 -0700
Subject: [PATCH] Cleanup and preparation for inside-wrapper TPM refactoring.

Add recovery reason for already in recovery and need to reboot to
recovery to let the TPM init.

Add vboot_struct fields.

Fix type for keyblock flags param to SetTPMBootModeState().

BUG=none
TEST=make && make runtests

Change-Id: I4035bdb377aaebaca03a43799be57977166da739
Reviewed-on: http://gerrit.chromium.org/gerrit/4599
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Randall Spangler <rspangler@chromium.org>
---
 firmware/include/vboot_nvstorage.h  | 3 +++
 firmware/include/vboot_struct.h     | 6 +++++-
 firmware/lib/include/tpm_bootmode.h | 2 +-
 firmware/lib/mocked_tpm_bootmode.c  | 2 +-
 firmware/lib/tpm_bootmode.c         | 4 ++--
 firmware/lib/vboot_firmware.c       | 2 +-
 6 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/firmware/include/vboot_nvstorage.h b/firmware/include/vboot_nvstorage.h
index 9472e9c716..f010ddccec 100644
--- a/firmware/include/vboot_nvstorage.h
+++ b/firmware/include/vboot_nvstorage.h
@@ -91,6 +91,9 @@ typedef enum VbNvParam {
 /* Firmware boot failure outside of verified boot (RAM init, missing SSD,
  * etc.). */
 #define VBNV_RECOVERY_RO_FIRMWARE     0x20
+/* Recovery mode TPM initialization requires a system reboot.  The system was
+ * already in recovery mode for some other reason when this happened. */
+#define VBNV_RECOVERY_RO_TPM_REBOOT   0x21
 /* Unspecified/unknown error in read-only firmware */
 #define VBNV_RECOVERY_RO_UNSPECIFIED  0x3F
 /* User manually requested recovery by pressing a key at developer
diff --git a/firmware/include/vboot_struct.h b/firmware/include/vboot_struct.h
index 408ca2fed5..b9dfb8086e 100644
--- a/firmware/include/vboot_struct.h
+++ b/firmware/include/vboot_struct.h
@@ -340,7 +340,7 @@ typedef struct VbSharedDataHeader {
                                        * LoadFirmware() or 0xFF if failure */
   uint8_t reserved1;                  /* Reserved for padding */
   uint32_t fw_version_tpm_start;      /* Firmware TPM version at start of
-                                       * LoadFirmware() */
+                                       * VbSelectFirmware() */
   uint32_t fw_version_lowest;         /* Firmware lowest version found */
 
   /* Debugging information from LoadKernel() */
@@ -359,6 +359,10 @@ typedef struct VbSharedDataHeader {
    * struct_version >= 2*/
   uint8_t recovery_reason;            /* Recovery reason for current boot */
   uint8_t reserved2[7];               /* Reserved for padding */
+  uint64_t fw_keyblock_flags;         /* Flags from firmware keyblock */
+  uint32_t kernel_version_tpm_start;  /* Kernel TPM version at start of
+                                       * VbSelectAndLoadKernel() */
+  uint32_t kernel_version_lowest;     /* Kernel lowest version found */
 
   /* After read-only firmware which uses version 2 is released, any additional
    * fields must be added below, and the struct version must be increased.
diff --git a/firmware/lib/include/tpm_bootmode.h b/firmware/lib/include/tpm_bootmode.h
index 6213cfe752..cdc9fcd1ce 100644
--- a/firmware/lib/include/tpm_bootmode.h
+++ b/firmware/lib/include/tpm_bootmode.h
@@ -20,6 +20,6 @@
  */
 
 uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode,
-                             int fw_keyblock_flags);
+                             uint64_t fw_keyblock_flags);
 
 #endif  /* VBOOT_REFERENCE_TPM_BOOTMODE_H_ */
diff --git a/firmware/lib/mocked_tpm_bootmode.c b/firmware/lib/mocked_tpm_bootmode.c
index 980c3a5035..5b34d18d17 100644
--- a/firmware/lib/mocked_tpm_bootmode.c
+++ b/firmware/lib/mocked_tpm_bootmode.c
@@ -11,6 +11,6 @@
 
 
 uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode,
-                             int fw_keyblock_flags) {
+                             uint64_t fw_keyblock_flags) {
   return TPM_SUCCESS;
 }
diff --git a/firmware/lib/tpm_bootmode.c b/firmware/lib/tpm_bootmode.c
index f9a9becadb..0e0e084b82 100644
--- a/firmware/lib/tpm_bootmode.c
+++ b/firmware/lib/tpm_bootmode.c
@@ -91,7 +91,7 @@ const uint8_t kBootInvalidSHA1Digest[] = {
 
 /* Given the boot state, return the correct SHA1 digest index for TPMExtend
  * in kBootStateSHA1Digests[]. */
-int GetBootStateIndex(int dev_mode, int rec_mode, int keyblock_flags) {
+int GetBootStateIndex(int dev_mode, int rec_mode, uint64_t keyblock_flags) {
   int index = 0;
 
   /* Convert keyblock flags into keyblock mode which we use to index into
@@ -117,7 +117,7 @@ int GetBootStateIndex(int dev_mode, int rec_mode, int keyblock_flags) {
 }
 
 uint32_t SetTPMBootModeState(int developer_mode, int recovery_mode,
-                             int fw_keyblock_flags) {
+                             uint64_t fw_keyblock_flags) {
   uint32_t result;
   const uint8_t* in_digest = NULL;
   uint8_t out_digest[20];  /* For PCR extend output. */
diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
index 7c69cad32d..8aae5bed36 100644
--- a/firmware/lib/vboot_firmware.c
+++ b/firmware/lib/vboot_firmware.c
@@ -317,7 +317,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
   /* At this point, we have a good idea of how we are going to boot. Update the
    * TPM with this state information.
    */
-  status = SetTPMBootModeState(is_dev, 0, (int)boot_fw_keyblock_flags);
+  status = SetTPMBootModeState(is_dev, 0, boot_fw_keyblock_flags);
   if (0 != status) {
     VBDEBUG(("Unable to update the TPM with boot mode information.\n"));
     if (status == TPM_E_MUST_REBOOT)