Chromium Code Reviews Chromium Code Reviews
Issue 3007036:
Enable TPM in developer mode again. (Closed)
Base URL: ssh://gitrw.chromium.org/vboot_reference.git| OLD | NEW |
|---|---|
| 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
| 3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
| 4 * | 4 * |
| 5 * Functions for querying, manipulating and locking rollback indices | 5 * Functions for querying, manipulating and locking rollback indices |
| 6 * stored in the TPM NVRAM. | 6 * stored in the TPM NVRAM. |
| 7 */ | 7 */ |
| 8 | 8 |
| 9 #include "rollback_index.h" | 9 #include "rollback_index.h" |
| 10 | 10 |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 223 } else if (kernel_versions < backup_versions) { | 223 } else if (kernel_versions < backup_versions) { |
| 224 /* This cannot happen. We're screwed. */ | 224 /* This cannot happen. We're screwed. */ |
| 225 return TPM_E_INTERNAL_INCONSISTENCY; | 225 return TPM_E_INTERNAL_INCONSISTENCY; |
| 226 } | 226 } |
| 227 RETURN_ON_FAILURE(SafeWrite(KERNEL_VERSIONS_BACKUP_NV_INDEX, | 227 RETURN_ON_FAILURE(SafeWrite(KERNEL_VERSIONS_BACKUP_NV_INDEX, |
| 228 (uint8_t*) &kernel_versions, sizeof(uint32_t))); | 228 (uint8_t*) &kernel_versions, sizeof(uint32_t))); |
| 229 return TPM_SUCCESS; | 229 return TPM_SUCCESS; |
| 230 } | 230 } |
| 231 | 231 |
| 232 /* Checks for transitions between protected mode to developer mode. When going | 232 /* Checks for transitions between protected mode to developer mode. When going |
| 233 * into developer mode, clear the TPM. | 233 * into or out of developer mode, clear the TPM. |
| 234 */ | 234 */ |
| 235 static uint32_t CheckDeveloperModeTransition(uint32_t current_developer) { | 235 static uint32_t CheckDeveloperModeTransition(uint32_t current_developer) { |
| 236 uint32_t past_developer; | 236 uint32_t past_developer; |
| 237 RETURN_ON_FAILURE(TlclRead(DEVELOPER_MODE_NV_INDEX, | 237 RETURN_ON_FAILURE(TlclRead(DEVELOPER_MODE_NV_INDEX, |
| 238 (uint8_t*) &past_developer, | 238 (uint8_t*) &past_developer, |
| 239 sizeof(past_developer))); | 239 sizeof(past_developer))); |
| 240 if (past_developer != current_developer) { | 240 if (past_developer != current_developer) { |
| 241 RETURN_ON_FAILURE(TPMClearAndReenable()); | 241 RETURN_ON_FAILURE(TPMClearAndReenable()); |
| 242 RETURN_ON_FAILURE(SafeWrite(DEVELOPER_MODE_NV_INDEX, | 242 RETURN_ON_FAILURE(SafeWrite(DEVELOPER_MODE_NV_INDEX, |
| 243 (uint8_t*) ¤t_developer, | 243 (uint8_t*) ¤t_developer, |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 330 #ifdef DISABLE_ROLLBACK_TPM | 330 #ifdef DISABLE_ROLLBACK_TPM |
| 331 | 331 |
| 332 /* Dummy implementations which don't support TPM rollback protection */ | 332 /* Dummy implementations which don't support TPM rollback protection */ |
| 333 | 333 |
| 334 uint32_t RollbackFirmwareSetup(int developer_mode) { | 334 uint32_t RollbackFirmwareSetup(int developer_mode) { |
| 335 #ifndef CHROMEOS_ENVIRONMENT | 335 #ifndef CHROMEOS_ENVIRONMENT |
| 336 /* Initialize the TPM, but ignore return codes. In ChromeOS | 336 /* Initialize the TPM, but ignore return codes. In ChromeOS |
| 337 * environment, don't even talk to the TPM. */ | 337 * environment, don't even talk to the TPM. */ |
| 338 TlclLibInit(); | 338 TlclLibInit(); |
| 339 TlclStartup(); | 339 TlclStartup(); |
| 340 TlclSelfTestFull(); | |
|
semenzato
2010/08/05 19:50:53
This has changed a lot and I don't understand why
| |
| 340 #endif | 341 #endif |
| 341 return TPM_SUCCESS; | 342 return TPM_SUCCESS; |
| 342 } | 343 } |
| 343 | 344 |
| 344 uint32_t RollbackFirmwareRead(uint16_t* key_version, uint16_t* version) { | 345 uint32_t RollbackFirmwareRead(uint16_t* key_version, uint16_t* version) { |
| 345 *key_version = *version = 0; | 346 *key_version = *version = 0; |
| 346 return TPM_SUCCESS; | 347 return TPM_SUCCESS; |
| 347 } | 348 } |
| 348 | 349 |
| 349 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version) { | 350 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version) { |
| 350 return TPM_SUCCESS; | 351 return TPM_SUCCESS; |
| 351 } | 352 } |
| 352 | 353 |
| 353 uint32_t RollbackFirmwareLock(void) { | 354 uint32_t RollbackFirmwareLock(void) { |
| 354 return TPM_SUCCESS; | 355 return TPM_SUCCESS; |
| 355 } | 356 } |
| 356 | 357 |
| 357 uint32_t RollbackKernelRecovery(int developer_mode) { | 358 uint32_t RollbackKernelRecovery(int developer_mode) { |
| 358 #ifndef CHROMEOS_ENVIRONMENT | 359 #ifndef CHROMEOS_ENVIRONMENT |
| 359 /* Initialize the TPM, but ignore return codes. In ChromeOS | 360 /* Initialize the TPM, but ignore return codes. In ChromeOS |
| 360 * environment, don't even talk to the TPM. */ | 361 * environment, don't even talk to the TPM. */ |
| 361 TlclLibInit(); | 362 TlclLibInit(); |
| 362 TlclStartup(); | 363 TlclStartup(); |
| 364 TlclSelfTestFull(); | |
| 363 #endif | 365 #endif |
| 364 return TPM_SUCCESS; | 366 return TPM_SUCCESS; |
| 365 } | 367 } |
| 366 | 368 |
| 367 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version) { | 369 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version) { |
| 368 *key_version = *version = 0; | 370 *key_version = *version = 0; |
| 369 return TPM_SUCCESS; | 371 return TPM_SUCCESS; |
| 370 } | 372 } |
| 371 | 373 |
| 372 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version) { | 374 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version) { |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 449 | 451 |
| 450 uint32_t RollbackKernelLock(void) { | 452 uint32_t RollbackKernelLock(void) { |
| 451 if (!g_rollback_recovery_mode) { | 453 if (!g_rollback_recovery_mode) { |
| 452 return TlclLockPhysicalPresence(); | 454 return TlclLockPhysicalPresence(); |
| 453 } else { | 455 } else { |
| 454 return TPM_SUCCESS; | 456 return TPM_SUCCESS; |
| 455 } | 457 } |
| 456 } | 458 } |
| 457 | 459 |
| 458 #endif // DISABLE_ROLLBACK_TPM | 460 #endif // DISABLE_ROLLBACK_TPM |
| OLD | NEW |
