Use virtual dev-mode switch when told to.

If VbInit() is instructed to look at a virtual dev-mode switch, then it will use value contained in the TPM's firmware space instead of a hardware GPIO to determine if developer mode is enabled. This change just makes it look. It doesn't provide a way to actually set the value in the TPM. VbInit() isn't being told to look yet, either. Those changes are coming. BUG=chrome-os-partner:9706 TEST=none The usual sanity-check applies: make make runtests But to actually test that this stuff is working IRL requires special tweaks to other components and monitoring the serial debug output from both EC and CPU. We'll save the hands-on tests for when it's all done. Change-Id: Ie485ad2180224e192238bf2a5dbf95bbcb9130f9 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/23067 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2025-11-24 02:05:01 +00:00 · 2012-05-17 13:26:05 -07:00
parent e97760cec3
commit b75d8adcc0
10 changed files with 206 additions and 142 deletions
--- a/firmware/lib/vboot_api_init.c
+++ b/firmware/lib/vboot_api_init.c
@@ -23,6 +23,10 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
  int is_s3_resume = 0;
  uint32_t s3_debug_boot = 0;
  uint32_t require_official_os = 0;
+  uint32_t tpm_version = 0;
+  uint32_t tpm_status = 0;
+  int hw_dev_sw = 1;
+  int is_dev = 0;

  VBDEBUG(("VbInit() input flags 0x%x\n", iparams->flags));

@@ -43,8 +47,9 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {

  /* Copy boot switch flags */
  shared->flags = 0;
-  if (iparams->flags & VB_INIT_FLAG_DEV_SWITCH_ON)
-    shared->flags |= VBSD_BOOT_DEV_SWITCH_ON;
+  if (!(iparams->flags & VB_INIT_FLAG_VIRTUAL_DEV_SWITCH) &&
+      (iparams->flags & VB_INIT_FLAG_DEV_SWITCH_ON))
+    is_dev = 1;
  if (iparams->flags & VB_INIT_FLAG_REC_BUTTON_PRESSED)
    shared->flags |= VBSD_BOOT_REC_SWITCH_ON;
  if (iparams->flags & VB_INIT_FLAG_WP_ENABLED)
@@ -62,7 +67,7 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
    if (is_s3_resume) {
      VBDEBUG(("VbInit() requesting S3 debug boot\n"));
      iparams->out_flags |= VB_INIT_OUT_S3_DEBUG_BOOT;
-      is_s3_resume = 0;         /* Proceed as if this is a normal boot */
+      is_s3_resume = 0;               /* Proceed as if this is a normal boot */
    }

    /* Clear the request even if this is a normal boot, since we don't
@@ -93,19 +98,91 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
  if (iparams->flags & VB_INIT_FLAG_REC_BUTTON_PRESSED)
    recovery = VBNV_RECOVERY_RO_MANUAL;

+  /* Copy current recovery reason to shared data. If we fail later on, it
+   * won't matter, since we'll just reboot. */
+  shared->recovery_reason = (uint8_t)recovery;
+
+  /* If this is a S3 resume, resume the TPM. */
+  /* FIXME: I think U-Boot won't ever ask us to do this. Can we remove it? */
+  if (is_s3_resume) {
+    if (TPM_SUCCESS != RollbackS3Resume()) {
+      /* If we can't resume, just do a full reboot.  No need to go to recovery
+       * mode here, since if the TPM is really broken we'll catch it on the
+       * next boot. */
+      retval = VBERROR_TPM_S3_RESUME;
+    }
+  } else {
+
+    /* We need to know about dev mode now */
+    if (iparams->flags & VB_INIT_FLAG_VIRTUAL_DEV_SWITCH)
+      hw_dev_sw = 0;
+    else if (iparams->flags & VB_INIT_FLAG_DEV_SWITCH_ON)
+      is_dev = 1;
+
+    VBPERFSTART("VB_TPMI");
+    /* Initialize the TPM. *is_dev is both an input and output. The only time
+     * it should be 1 on input is when we have a hardware dev-switch and it's
+     * enabled. The only time it's promoted from 0 to 1 on return is when we
+     * have a virtual dev-switch and the TPM has a valid rollback space with
+     * the virtual switch already enabled. If the TPM space is initialized by
+     * this call, its virtual dev-switch will be disabled by default. */
+    tpm_status = RollbackFirmwareSetup(recovery, hw_dev_sw,
+                                       &is_dev, &tpm_version);
+    VBPERFEND("VB_TPMI");
+    if (0 != tpm_status) {
+      VBDEBUG(("Unable to setup TPM and read firmware version.\n"));
+
+      if (TPM_E_MUST_REBOOT == tpm_status) {
+        /* TPM wants to reboot into the same mode we're in now */
+        VBDEBUG(("TPM requires a reboot.\n"));
+        if (!recovery) {
+          /* Not recovery mode.  Just reboot (not into recovery). */
+          retval = VBERROR_TPM_REBOOT_REQUIRED;
+          goto VbInit_exit;
+        } else if (VBNV_RECOVERY_RO_TPM_REBOOT != shared->recovery_reason) {
+          /* In recovery mode now, and we haven't requested a TPM reboot yet,
+           * so request one. */
+          VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, VBNV_RECOVERY_RO_TPM_REBOOT);
+          retval = VBERROR_TPM_REBOOT_REQUIRED;
+          goto VbInit_exit;
+        }
+      }
+
+      if (!recovery) {
+        VbNvSet(&vnc, VBNV_RECOVERY_REQUEST, VBNV_RECOVERY_RO_TPM_ERROR);
+        retval = VBERROR_TPM_FIRMWARE_SETUP;
+        goto VbInit_exit;
+      }
+    }
+    shared->fw_version_tpm_start = tpm_version;
+    shared->fw_version_tpm = tpm_version;
+    if (is_dev)
+      shared->flags |= VBSD_BOOT_DEV_SWITCH_ON;
+  }
+
+  /* FIXME: May need a GBB flag for initial value of virtual dev-switch */
+
+  /* Allow BIOS to load arbitrary option ROMs? */
+  if (gbb->flags & GBB_FLAG_LOAD_OPTION_ROMS)
+    iparams->out_flags |= VB_INIT_OUT_ENABLE_OPROM;
+
+  /* The factory may need to boot custom OSes whenever the dev-switch is on */
+  if (is_dev && (gbb->flags & GBB_FLAG_ENABLE_ALTERNATE_OS))
+    iparams->out_flags |= VB_INIT_OUT_ENABLE_ALTERNATE_OS;
+
  /* Set output flags */
  if (VBNV_RECOVERY_NOT_REQUESTED != recovery) {
    /* Requesting recovery mode */
    iparams->out_flags |= (VB_INIT_OUT_ENABLE_RECOVERY |
-                          VB_INIT_OUT_CLEAR_RAM |
-                          VB_INIT_OUT_ENABLE_DISPLAY |
-                          VB_INIT_OUT_ENABLE_USB_STORAGE);
+                           VB_INIT_OUT_CLEAR_RAM |
+                           VB_INIT_OUT_ENABLE_DISPLAY |
+                           VB_INIT_OUT_ENABLE_USB_STORAGE);
  }
-  else if (iparams->flags & VB_INIT_FLAG_DEV_SWITCH_ON) {
+  else if (is_dev) {
    /* Developer switch is on, so need to support dev mode */
    iparams->out_flags |= (VB_INIT_OUT_CLEAR_RAM |
-                          VB_INIT_OUT_ENABLE_DISPLAY |
-                          VB_INIT_OUT_ENABLE_USB_STORAGE);
+                           VB_INIT_OUT_ENABLE_DISPLAY |
+                           VB_INIT_OUT_ENABLE_USB_STORAGE);
    /* ... which may or may not include custom OSes */
    VbNvGet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, &require_official_os);
    if (!require_official_os)
@@ -118,27 +195,7 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
    VbNvSet(&vnc, VBNV_DEV_BOOT_SIGNED_ONLY, 0);
  }

-  /* Allow BIOS to load arbitrary option ROMs? */
-  if (gbb->flags & GBB_FLAG_LOAD_OPTION_ROMS)
-    iparams->out_flags |= VB_INIT_OUT_ENABLE_OPROM;
-
-  /* The factory may need to boot custom OSes whenever the dev-switch is on */
-  if ((gbb->flags & GBB_FLAG_ENABLE_ALTERNATE_OS) &&
-      (iparams->flags & VB_INIT_FLAG_DEV_SWITCH_ON))
-    iparams->out_flags |= VB_INIT_OUT_ENABLE_ALTERNATE_OS;
-
-  /* copy current recovery reason to shared data */
-  shared->recovery_reason = (uint8_t)recovery;
-
-  /* If this is a S3 resume, resume the TPM */
-  if (is_s3_resume) {
-    if (TPM_SUCCESS != RollbackS3Resume()) {
-      /* If we can't resume, just do a full reboot.  No need to go to recovery
-       * mode here, since if the TPM is really broken we'll catch it on the
-       * next boot. */
-      retval = VBERROR_TPM_S3_RESUME;
-    }
-  }
+VbInit_exit:

  /* Tear down NV storage */
  VbNvTeardown(&vnc);