scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-25 02:35:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot2: Support reboot requested by secdata

Browse Source 
When a TPM goes from the disabled state to the enabled state, it must
reboot after being enabled, before it can be initialized.  In vboot1,
TLCL was part of vboot and this was handled internally.  In vboot2, the
caller must set a context flag, so that vboot can decide whether to
allow the reboot, or whether to go directly to recovery mode.  This
check is necessary to handle the following cases:

1) The device is booting normally, but the TPM needs a reboot.  This
should simply reboot, without going to recovery mode.

2) The device is booting in recovery mode, but the TPM needs a reboot.
If this is the first time it asked us, allow the reboot.

3) The TPM asked for a reboot last time, so we did.  And it's still
asking.  Don't reboot, because that runs the risk that whatever is wrong
won't be fixed next boot either, and we'll get stuck in a reboot loop
that will prevent recovery.  Boot into recovery mode.

Add a new NvStorage bit to track whether the TPM requested a reboot on
the previous boot.  That's better than what we did in vboot1, where we
used a special recovery request.  Vboot1 couldn't track getting stuck in
a reboot loop in normal mode, only in recovery mode.  The new code can
catch both.

BUG=chrome-os-partner:45462
BRANCH=ryu
TEST=make runtests

Change-Id: I2ee54af107275ccf64a6cb41132b7a0fc02bb983
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/300572
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Randall Spangler
2015-09-17 12:54:51 -07:00
committed by chrome-bot
parent 85f646613c
commit c8e48545d5
13 changed files with 148 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
firmware/2lib/include/2api.h
View File

@@ -120,6 +120,15 @@ enum vb2_context_flags {
/* Boot optimistically: don't touch failure counters */
VB2_CONTEXT_NOFAIL_BOOT = (1 << 12),
/*
* Secdata is not ready this boot, but should be ready next boot. It
* would like to reboot. The decision whether to reboot or not must be
* deferred until vboot, because rebooting all the time before then
* could cause a device with malfunctioning secdata to get stuck in an
* unrecoverable crash loop.
*/
VB2_CONTEXT_SECDATA_WANTS_REBOOT = (1 << 13),
};
/*
@@ -411,8 +420,11 @@ void vb2api_fail(struct vb2_context *ctx, uint8_t reason, uint8_t subcode);
/**
* Firmware selection, phase 1.
*
* On error, the calling firmware should jump directly to recovery-mode
* firmware without rebooting.
* If the returned error is VB2_ERROR_API_PHASE1_RECOVERY, the calling firmware
* should jump directly to recovery-mode firmware without rebooting.
*
* For other errors, the calling firmware should check for updates to secdata
* and/or nvdata, then reboot.
*
* @param ctx Vboot context
* @return VB2_SUCCESS, or error code on error.