| Index: firmware/lib/vboot_firmware.c
|
| diff --git a/firmware/lib/vboot_firmware.c b/firmware/lib/vboot_firmware.c
|
| index b88dc20942b78899376682ec4aadb1f851e33d7f..e5d6f79e5a198a7e1c2950398ac3c6b7816488df 100644
|
| --- a/firmware/lib/vboot_firmware.c
|
| +++ b/firmware/lib/vboot_firmware.c
|
| @@ -41,6 +41,7 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
| uint64_t lowest_key_version = 0xFFFF;
|
| uint64_t lowest_fw_version = 0xFFFF;
|
| uint32_t status;
|
| + int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags ? 1 : 0);
|
| int good_index = -1;
|
| int index;
|
|
|
| @@ -61,17 +62,21 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
| }
|
|
|
| /* Initialize the TPM and read rollback indices. */
|
| - status = RollbackFirmwareSetup(params->boot_flags & BOOT_FLAG_DEVELOPER);
|
| - if (0 != status) {
|
| - VBDEBUG(("Unable to setup TPM.\n"));
|
| - return (status == TPM_E_MUST_REBOOT ?
|
| - LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| - }
|
| - status = RollbackFirmwareRead(&tpm_key_version, &tpm_fw_version);
|
| - if (0 != status) {
|
| - VBDEBUG(("Unable to read stored versions.\n"));
|
| - return (status == TPM_E_MUST_REBOOT ?
|
| - LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| + if (!is_dev) {
|
| + /* TODO: should use the TPM all the time; for now, only use when
|
| + * not in developer mode. */
|
| + status = RollbackFirmwareSetup(params->boot_flags & BOOT_FLAG_DEVELOPER);
|
| + if (0 != status) {
|
| + VBDEBUG(("Unable to setup TPM.\n"));
|
| + return (status == TPM_E_MUST_REBOOT ?
|
| + LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| + }
|
| + status = RollbackFirmwareRead(&tpm_key_version, &tpm_fw_version);
|
| + if (0 != status) {
|
| + VBDEBUG(("Unable to read stored versions.\n"));
|
| + return (status == TPM_E_MUST_REBOOT ?
|
| + LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| + }
|
| }
|
|
|
| /* Allocate our internal data */
|
| @@ -225,24 +230,31 @@ int LoadFirmware(LoadFirmwareParams* params) {
|
| (lowest_key_version == tpm_key_version &&
|
| lowest_fw_version > tpm_fw_version)) {
|
|
|
| + if (!is_dev) {
|
| + /* TODO: should use the TPM all the time; for now, only use
|
| + * when not in developer mode. */
|
| + status = RollbackFirmwareWrite((uint16_t)lowest_key_version,
|
| + (uint16_t)lowest_fw_version);
|
| + if (0 != status) {
|
| + VBDEBUG(("Unable to write stored versions.\n"));
|
| + return (status == TPM_E_MUST_REBOOT ?
|
| + LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| + }
|
| + }
|
| + }
|
|
|
| - status = RollbackFirmwareWrite((uint16_t)lowest_key_version,
|
| - (uint16_t)lowest_fw_version);
|
| + if (!is_dev) {
|
| + /* TODO: should use the TPM all the time; for now, only use
|
| + * when not in developer mode. */
|
| + /* Lock firmware versions in TPM */
|
| + status = RollbackFirmwareLock();
|
| if (0 != status) {
|
| - VBDEBUG(("Unable to write stored versions.\n"));
|
| + VBDEBUG(("Unable to lock firmware versions.\n"));
|
| return (status == TPM_E_MUST_REBOOT ?
|
| LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| }
|
| }
|
|
|
| - /* Lock firmware versions in TPM */
|
| - status = RollbackFirmwareLock();
|
| - if (0 != status) {
|
| - VBDEBUG(("Unable to lock firmware versions.\n"));
|
| - return (status == TPM_E_MUST_REBOOT ?
|
| - LOAD_FIRMWARE_REBOOT : LOAD_FIRMWARE_RECOVERY);
|
| - }
|
| -
|
| /* Success */
|
| VBDEBUG(("Will boot firmware index %d\n", (int)params->firmware_index));
|
| return LOAD_FIRMWARE_SUCCESS;
|
|
|
Chromium Code Reviews
Issue 3041005:
Add lots of debugging to TPM library. (Closed)
Base URL: ssh://gitrw.chromium.org/vboot_reference.git