Misc TPM cleanup

Review URL: http://codereview.chromium.org/3010019

firmware/lib/rollback_index.c

@@ -99,15 +99,12 @@ static uint32_t InitializeSpaces(void) {
   uint32_t zero = 0;
   uint32_t firmware_perm = TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE;
   uint8_t nvlocked = 0;
-  uint32_t i;
 
   VBDEBUG(("TPM: Initializing spaces\n"));
 
-#ifdef FORCE_CLEAR_ON_INIT
   /* Force the TPM clear, in case it previously had an owner, so that we can
    * redefine the NVRAM spaces. */
   RETURN_ON_FAILURE(TPMClearAndReenable());
-#endif
 
   /* The TPM will not enforce the NV authorization restrictions until the 
    * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK.
@@ -119,12 +116,6 @@ static uint32_t InitializeSpaces(void) {
     RETURN_ON_FAILURE(TlclSetNvLocked());
   }
 
-  /* If the spaces were previously defined, we need to undefine them before we
-   * can redefine them.  Undefine by setting size=0.  Ignore these return codes,
-   * since they fail if the spaces aren't actually defined? */
-  for (i = FIRST_ROLLBACK_NV_INDEX; i <= LAST_ROLLBACK_NV_INDEX; i++)
-    SafeDefineSpace(i, firmware_perm, 0);
-
   RETURN_ON_FAILURE(SafeDefineSpace(FIRMWARE_VERSIONS_NV_INDEX,
                                     firmware_perm, sizeof(uint32_t)));
   RETURN_ON_FAILURE(SafeWrite(FIRMWARE_VERSIONS_NV_INDEX,
@@ -338,9 +329,15 @@ __pragma(warning (disable: 4100))
 
 #ifdef DISABLE_ROLLBACK_TPM
 
-/* Dummy implementations which don't call into the tpm_lite library */
+/* Dummy implementations which don't support TPM rollback protection */
 
 uint32_t RollbackFirmwareSetup(int developer_mode) {
+#ifndef CHROMEOS_ENVIRONMENT
+  /* Initialize the TPM, but ignore return codes.  In ChromeOS
+   * environment, don't even talk to the TPM. */
+  TlclLibInit();
+  TlclStartup();
+#endif
   return TPM_SUCCESS;
 }
 
@@ -358,6 +355,12 @@ uint32_t RollbackFirmwareLock(void) {
 }
 
 uint32_t RollbackKernelRecovery(int developer_mode) {
+#ifndef CHROMEOS_ENVIRONMENT
+  /* Initialize the TPM, but ignore return codes.  In ChromeOS
+   * environment, don't even talk to the TPM. */
+  TlclLibInit();
+  TlclStartup();
+#endif
   return TPM_SUCCESS;
 }
 

firmware/lib/tpm_lite/tlcl.c

@@ -254,8 +254,9 @@ uint32_t TlclSetGlobalLock(void) {
 
 uint32_t TlclExtend(int pcr_num, uint8_t* in_digest, uint8_t* out_digest) {
   struct s_tpm_extend_cmd cmd;
-  Memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
   uint8_t response[kTpmResponseHeaderLength + kPcrDigestLength];
+
+  Memcpy(&cmd, &tpm_extend_cmd, sizeof(cmd));
   ToTpmUint32(cmd.buffer + tpm_extend_cmd.pcrNum, pcr_num);
   Memcpy(cmd.buffer + cmd.inDigest, in_digest, kPcrDigestLength);
   TlclSendReceive(cmd.buffer, response, sizeof(response));

firmware/version.c

@@ -1 +1 @@
-char* VbootVersion = "VBOOv=a398a91e";
+char* VbootVersion = "VBOOv=0249c1a3";