OLD | NEW |
---|---|
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for querying, manipulating and locking rollback indices | 5 * Functions for querying, manipulating and locking rollback indices |
6 * stored in the TPM NVRAM. | 6 * stored in the TPM NVRAM. |
7 */ | 7 */ |
8 | 8 |
9 #include "rollback_index.h" | 9 #include "rollback_index.h" |
10 | 10 |
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
223 } else if (kernel_versions < backup_versions) { | 223 } else if (kernel_versions < backup_versions) { |
224 /* This cannot happen. We're screwed. */ | 224 /* This cannot happen. We're screwed. */ |
225 return TPM_E_INTERNAL_INCONSISTENCY; | 225 return TPM_E_INTERNAL_INCONSISTENCY; |
226 } | 226 } |
227 RETURN_ON_FAILURE(SafeWrite(KERNEL_VERSIONS_BACKUP_NV_INDEX, | 227 RETURN_ON_FAILURE(SafeWrite(KERNEL_VERSIONS_BACKUP_NV_INDEX, |
228 (uint8_t*) &kernel_versions, sizeof(uint32_t))); | 228 (uint8_t*) &kernel_versions, sizeof(uint32_t))); |
229 return TPM_SUCCESS; | 229 return TPM_SUCCESS; |
230 } | 230 } |
231 | 231 |
232 /* Checks for transitions between protected mode to developer mode. When going | 232 /* Checks for transitions between protected mode to developer mode. When going |
233 * into developer mode, clear the TPM. | 233 * into or out of developer mode, clear the TPM. |
234 */ | 234 */ |
235 static uint32_t CheckDeveloperModeTransition(uint32_t current_developer) { | 235 static uint32_t CheckDeveloperModeTransition(uint32_t current_developer) { |
236 uint32_t past_developer; | 236 uint32_t past_developer; |
237 RETURN_ON_FAILURE(TlclRead(DEVELOPER_MODE_NV_INDEX, | 237 RETURN_ON_FAILURE(TlclRead(DEVELOPER_MODE_NV_INDEX, |
238 (uint8_t*) &past_developer, | 238 (uint8_t*) &past_developer, |
239 sizeof(past_developer))); | 239 sizeof(past_developer))); |
240 if (past_developer != current_developer) { | 240 if (past_developer != current_developer) { |
241 RETURN_ON_FAILURE(TPMClearAndReenable()); | 241 RETURN_ON_FAILURE(TPMClearAndReenable()); |
242 RETURN_ON_FAILURE(SafeWrite(DEVELOPER_MODE_NV_INDEX, | 242 RETURN_ON_FAILURE(SafeWrite(DEVELOPER_MODE_NV_INDEX, |
243 (uint8_t*) ¤t_developer, | 243 (uint8_t*) ¤t_developer, |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
330 #ifdef DISABLE_ROLLBACK_TPM | 330 #ifdef DISABLE_ROLLBACK_TPM |
331 | 331 |
332 /* Dummy implementations which don't support TPM rollback protection */ | 332 /* Dummy implementations which don't support TPM rollback protection */ |
333 | 333 |
334 uint32_t RollbackFirmwareSetup(int developer_mode) { | 334 uint32_t RollbackFirmwareSetup(int developer_mode) { |
335 #ifndef CHROMEOS_ENVIRONMENT | 335 #ifndef CHROMEOS_ENVIRONMENT |
336 /* Initialize the TPM, but ignore return codes. In ChromeOS | 336 /* Initialize the TPM, but ignore return codes. In ChromeOS |
337 * environment, don't even talk to the TPM. */ | 337 * environment, don't even talk to the TPM. */ |
338 TlclLibInit(); | 338 TlclLibInit(); |
339 TlclStartup(); | 339 TlclStartup(); |
340 TlclSelfTestFull(); | |
semenzato
2010/08/05 19:50:53
This has changed a lot and I don't understand why
| |
340 #endif | 341 #endif |
341 return TPM_SUCCESS; | 342 return TPM_SUCCESS; |
342 } | 343 } |
343 | 344 |
344 uint32_t RollbackFirmwareRead(uint16_t* key_version, uint16_t* version) { | 345 uint32_t RollbackFirmwareRead(uint16_t* key_version, uint16_t* version) { |
345 *key_version = *version = 0; | 346 *key_version = *version = 0; |
346 return TPM_SUCCESS; | 347 return TPM_SUCCESS; |
347 } | 348 } |
348 | 349 |
349 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version) { | 350 uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version) { |
350 return TPM_SUCCESS; | 351 return TPM_SUCCESS; |
351 } | 352 } |
352 | 353 |
353 uint32_t RollbackFirmwareLock(void) { | 354 uint32_t RollbackFirmwareLock(void) { |
354 return TPM_SUCCESS; | 355 return TPM_SUCCESS; |
355 } | 356 } |
356 | 357 |
357 uint32_t RollbackKernelRecovery(int developer_mode) { | 358 uint32_t RollbackKernelRecovery(int developer_mode) { |
358 #ifndef CHROMEOS_ENVIRONMENT | 359 #ifndef CHROMEOS_ENVIRONMENT |
359 /* Initialize the TPM, but ignore return codes. In ChromeOS | 360 /* Initialize the TPM, but ignore return codes. In ChromeOS |
360 * environment, don't even talk to the TPM. */ | 361 * environment, don't even talk to the TPM. */ |
361 TlclLibInit(); | 362 TlclLibInit(); |
362 TlclStartup(); | 363 TlclStartup(); |
364 TlclSelfTestFull(); | |
363 #endif | 365 #endif |
364 return TPM_SUCCESS; | 366 return TPM_SUCCESS; |
365 } | 367 } |
366 | 368 |
367 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version) { | 369 uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version) { |
368 *key_version = *version = 0; | 370 *key_version = *version = 0; |
369 return TPM_SUCCESS; | 371 return TPM_SUCCESS; |
370 } | 372 } |
371 | 373 |
372 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version) { | 374 uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version) { |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
449 | 451 |
450 uint32_t RollbackKernelLock(void) { | 452 uint32_t RollbackKernelLock(void) { |
451 if (!g_rollback_recovery_mode) { | 453 if (!g_rollback_recovery_mode) { |
452 return TlclLockPhysicalPresence(); | 454 return TlclLockPhysicalPresence(); |
453 } else { | 455 } else { |
454 return TPM_SUCCESS; | 456 return TPM_SUCCESS; |
455 } | 457 } |
456 } | 458 } |
457 | 459 |
458 #endif // DISABLE_ROLLBACK_TPM | 460 #endif // DISABLE_ROLLBACK_TPM |
OLD | NEW |