diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index 312950e1a2..ba1c3e982e 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -30,7 +30,7 @@ uint32_t TPMClearAndReenable(void) { RETURN_ON_FAILURE(TlclForceClear()); RETURN_ON_FAILURE(TlclSetEnable()); RETURN_ON_FAILURE(TlclSetDeactivated(0)); - + return TPM_SUCCESS; } @@ -99,15 +99,12 @@ static uint32_t InitializeSpaces(void) { uint32_t zero = 0; uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE; uint8_t nvlocked = 0; - uint32_t i; VBDEBUG(("TPM: Initializing spaces\n")); -#ifdef FORCE_CLEAR_ON_INIT /* Force the TPM clear, in case it previously had an owner, so that we can * redefine the NVRAM spaces. */ RETURN_ON_FAILURE(TPMClearAndReenable()); -#endif /* The TPM will not enforce the NV authorization restrictions until the * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK. @@ -119,12 +116,6 @@ static uint32_t InitializeSpaces(void) { RETURN_ON_FAILURE(TlclSetNvLocked()); } - /* If the spaces were previously defined, we need to undefine them before we - * can redefine them. Undefine by setting size=0. Ignore these return codes, - * since they fail if the spaces aren't actually defined? */ - for (i = FIRST_ROLLBACK_NV_INDEX; i <= LAST_ROLLBACK_NV_INDEX; i++) - SafeDefineSpace(i, firmware_perm, 0); - RETURN_ON_FAILURE(SafeDefineSpace(FIRMWARE_VERSIONS_NV_INDEX, firmware_perm, sizeof(uint32_t))); RETURN_ON_FAILURE(SafeWrite(FIRMWARE_VERSIONS_NV_INDEX, @@ -338,9 +329,15 @@ __pragma(warning (disable: 4100)) #ifdef DISABLE_ROLLBACK_TPM -/* Dummy implementations which don't call into the tpm_lite library */ +/* Dummy implementations which don't support TPM rollback protection */ uint32_t RollbackFirmwareSetup(int developer_mode) { +#ifndef CHROMEOS_ENVIRONMENT + /* Initialize the TPM, but ignore return codes. In ChromeOS + * environment, don't even talk to the TPM. */ + TlclLibInit(); + TlclStartup(); +#endif return TPM_SUCCESS; } @@ -358,6 +355,12 @@ uint32_t RollbackFirmwareLock(void) { } uint32_t RollbackKernelRecovery(int developer_mode) { +#ifndef CHROMEOS_ENVIRONMENT + /* Initialize the TPM, but ignore return codes. In ChromeOS + * environment, don't even talk to the TPM. */ + TlclLibInit(); + TlclStartup(); +#endif return TPM_SUCCESS; } diff --git a/firmware/lib/tpm_lite/tlcl.c b/firmware/lib/tpm_lite/tlcl.c index 4379004746..2d79820d5c 100644 --- a/firmware/lib/tpm_lite/tlcl.c +++ b/firmware/lib/tpm_lite/tlcl.c @@ -254,8 +254,9 @@ uint32_t TlclSetGlobalLock(void) { uint32_t TlclExtend(int pcr_num, uint8_t* in_digest, uint8_t* out_digest) { struct s_tpm_extend_cmd cmd; - Memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd)); uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength]; + + Memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd)); ToTpmUint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num); Memcpy(cmd.buffer + cmd.inDigest, in_digest, kPcrDigestLength); TlclSendReceive(cmd.buffer, response, sizeof(response)); diff --git a/firmware/version.c b/firmware/version.c index c44f22156f..b5d9dca93d 100644 --- a/firmware/version.c +++ b/firmware/version.c @@ -1 +1 @@ -char* VbootVersion = "VBOOv=a398a91e"; +char* VbootVersion = "VBOOv=0249c1a3";