scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-27 03:33:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

utility: Allow chromeos-tpm-recovery to return failure.

Browse Source 
When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.

However, there are few known issues:
 - 0x1009 is not needed in TPM2.
 - The space is not created in TPM2.
 - tlcl does not support define spaces with policies yet (crosbug.com/p/59594).

As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.

This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.

BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
     build_image --board $BOARD factory_install;
     Boot factory install shim, select 'I' and get TPM recovered.

Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This commit is contained in:
Hung-Te Lin
2016-11-22 09:41:38 +08:00
committed by chrome-bot
parent dee2a61b9f
commit c66cbc3440
1 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
utility/chromeos-tpm-recovery
View File

@@ -14,6 +14,8 @@ crossystem=${USR_BIN}/crossystem
dot_recovery=${DOT_RECOVERY:=/mnt/stateful_partition/.recovery} dot_recovery=${DOT_RECOVERY:=/mnt/stateful_partition/.recovery}
awk=/usr/bin/awk awk=/usr/bin/awk
initctl=/sbin/initctl initctl=/sbin/initctl
daemon_was_running=
err=0
tpm2_target() { tpm2_target() {
# This is not an ideal way to tell if we are running on a tpm2 target, but # This is not an ideal way to tell if we are running on a tpm2 target, but
@@ -41,6 +43,16 @@ log_tryfix() {
log "$*: attempting to fix" log "$*: attempting to fix"
} }
log_error() {
err=$((err + 1))
log "ERROR: $*"
}
log_warn() {
log "WARNING: $*"
}
tpm_clear_and_reenable () { tpm_clear_and_reenable () {
$tpmc clear $tpmc clear
@@ -75,7 +87,7 @@ reset_space () {
} }
restart_daemon_if_needed() { restart_daemon_if_needed() {
if [ $daemon_was_running != 0 ]; then if [ "$daemon_was_running" = 1 ]; then
log "Restarting ${DAEMON}..." log "Restarting ${DAEMON}..."
$initctl start "${DAEMON}" >/dev/null $initctl start "${DAEMON}" >/dev/null
fi fi
@@ -150,13 +162,15 @@ tpm_clear_and_reenable
# Reset firmware and kernel spaces to default (rollback version 1/1) # Reset firmware and kernel spaces to default (rollback version 1/1)
reset_space 0x1007 0x8001 0xa "02 00 01 00 01 00 00 00 00 4f" || \ reset_space 0x1007 0x8001 0xa "02 00 01 00 01 00 00 00 00 4f" || \
log "could not fix firmware space" log_error "could not fix firmware space"
reset_space 0x1008 0x1 0xd "02 4c 57 52 47 01 00 01 00 00 00 00 55" || \ reset_space 0x1008 0x1 0xd "02 4c 57 52 47 01 00 01 00 00 00 00 55" || \
log "could not fix kernel space" log_error "could not fix kernel space"
# Don't need valid data in backup space, vboot can reset it as long as it exists
reset_space 0x1009 0x1 0x10 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" || \
log "could not fix backup space"
restart_daemon_if_needed restart_daemon_if_needed
log "TPM has successfully been reset to factory defaults" if [ "$err" -eq 0 ]; then
log "TPM has successfully been reset to factory defaults"
else
log_error "TPM was not fully recovered."
exit 1
fi