scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-26 19:25:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

mount-encrypted: handle missing TPM on Chrome OS

Browse Source 
While not having a TPM was supported for non-Chrome devices, it was not
expected for Chrome devices. This adds logic to fail the TPM calls
before making them when the TPM is missing. The tpm_lite library doesn't
handle the TPM being missing, so we have to do this ourselves.

BUG=chrome-os-partner:15192
TEST=parrot build, verified operation after "mv /dev/tpm0 /dev/tpm0.bak"
BRANCH=none

Change-Id: I2f625305dce7fa698fcad33e412ee37c60da9bc2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/35440
Reviewed-by: Luigi Semenzato <semenzato@chromium.org>
Reviewed-by: Will Drewry <wad@chromium.org>
This commit is contained in:
Kees Cook
2012-10-12 12:41:35 -07:00
committed by Gerrit
parent 9bf0d535fe
commit adc6764229
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
firmware/include/tss_constants.h
View File

@@ -37,6 +37,7 @@
#define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */ #define TPM_E_CORRUPTED_STATE ((uint32_t)0x00005003) /* vboot local */
#define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */ #define TPM_E_COMMUNICATION_ERROR ((uint32_t)0x00005004) /* vboot local */
#define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */ #define TPM_E_RESPONSE_TOO_LARGE ((uint32_t)0x00005005) /* vboot local */
#define TPM_E_NO_DEVICE ((uint32_t)0x00005006) /* vboot local */
#define TPM_NV_INDEX0 ((uint32_t)0x00000000) #define TPM_NV_INDEX0 ((uint32_t)0x00000000)
#define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff) #define TPM_NV_INDEX_LOCK ((uint32_t)0xffffffff)

16
utility/mount-encrypted.c
View File

@@ -128,7 +128,7 @@ static void tpm_init(void)
setenv("TPM_DEVICE_PATH", kNullDev, 1); setenv("TPM_DEVICE_PATH", kNullDev, 1);
} }
TlclLibInit(); TlclLibInit();
DEBUG("TPM %s", has_tpm ? "Ready" : "not available"); INFO("TPM %s", has_tpm ? "ready" : "not available");
} }
/* Returns TPM result status code, and on TPM_SUCCESS, stores ownership /* Returns TPM result status code, and on TPM_SUCCESS, stores ownership
@@ -139,7 +139,10 @@ static uint32_t tpm_owned(uint8_t *owned)
uint32_t result; uint32_t result;
DEBUG("Reading TPM Ownership Flag"); DEBUG("Reading TPM Ownership Flag");
result = TlclGetOwnership(owned); if (!has_tpm)
result = TPM_E_NO_DEVICE;
else
result = TlclGetOwnership(owned);
DEBUG("TPM Ownership Flag returned: %s", result ? "FAIL" : "ok"); DEBUG("TPM Ownership Flag returned: %s", result ? "FAIL" : "ok");
return result; return result;
@@ -244,7 +247,10 @@ _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size)
} }
DEBUG("Reading NVRAM area 0x%x (size %u)", index, size); DEBUG("Reading NVRAM area 0x%x (size %u)", index, size);
result = TlclRead(index, buffer, size); if (!has_tpm)
result = TPM_E_NO_DEVICE;
else
result = TlclRead(index, buffer, size);
DEBUG("NVRAM read returned: %s", result == TPM_SUCCESS ? "ok" DEBUG("NVRAM read returned: %s", result == TPM_SUCCESS ? "ok"
: "FAIL"); : "FAIL");
@@ -252,6 +258,10 @@ _read_nvram(uint8_t *buffer, size_t len, uint32_t index, uint32_t size)
} }
/* /*
* TPM cases:
* - does not exist at all (disabled in test firmware or non-chrome device).
* - exists (below).
*
* TPM ownership cases: * TPM ownership cases:
* - unowned (OOBE): * - unowned (OOBE):
* - expect modern lockbox (no migration allowed). * - expect modern lockbox (no migration allowed).