Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2190)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: firmware/lib/include/rollback_index.h

Issue 3084030: Add structs for TPM NV simplification (Closed) Base URL: ssh://gitrw.chromium.org/vboot_reference.git
Patch Set: Use new structs Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | firmware/lib/rollback_index.c » ('j') | firmware/lib/rollback_index.c » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: firmware/lib/include/rollback_index.h
diff --git a/firmware/lib/include/rollback_index.h b/firmware/lib/include/rollback_index.h
index df132e76c661790edff7c53f24b3aca8760c5e4e..f13b6ede0c35ab4dd8b79fb9d41c6be355deb005 100644
--- a/firmware/lib/include/rollback_index.h
+++ b/firmware/lib/include/rollback_index.h
@@ -12,30 +12,47 @@
#include "sysincludes.h"
#include "tss_constants.h"
-/* Rollback version types. */
-#define FIRMWARE_VERSIONS 0
-#define KERNEL_VERSIONS 1
-
-/* Initialization mode */
-#define RO_RECOVERY_MODE 0
-#define RO_NORMAL_MODE 1
-#define RW_NORMAL_MODE 2
-
/* TPM NVRAM location indices. */
-#define FIRST_ROLLBACK_NV_INDEX 0x1001 /* First index used here */
-#define FIRMWARE_VERSIONS_NV_INDEX 0x1001
-#define KERNEL_VERSIONS_NV_INDEX 0x1002
-#define TPM_IS_INITIALIZED_NV_INDEX 0x1003
-#define KERNEL_VERSIONS_BACKUP_NV_INDEX 0x1004
-#define KERNEL_MUST_USE_BACKUP_NV_INDEX 0x1005
-#define DEVELOPER_MODE_NV_INDEX 0x1006
-#define LAST_ROLLBACK_NV_INDEX 0x1006 /* Last index used here */
-
-/* Unique ID to detect kernel space redefinition */
-#define KERNEL_SPACE_UID "GRWL" /* unique ID with secret meaning */
-#define KERNEL_SPACE_UID_SIZE (sizeof(KERNEL_SPACE_UID) - 1)
-#define KERNEL_SPACE_INIT_DATA ((uint8_t*) "\0\0\0\0" KERNEL_SPACE_UID)
-#define KERNEL_SPACE_SIZE (sizeof(uint32_t) + KERNEL_SPACE_UID_SIZE)
+#define FIRMWARE_NV_INDEX 0x1007
+#define KERNEL_NV_INDEX 0x1008
+
+/* Structure definitions for TPM spaces */
+
+__pragma(pack(push, 1)) /* Support packing for MSVC. */
+
+/* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */
+#define ROLLBACK_SPACE_KERNEL_VERSION 1
+#define ROLLBACK_SPACE_KERNEL_UID 0x4752574C /* 'GRWL' */
+typedef struct RollbackSpaceKernel {
+ uint8_t struct_version; /* Struct version, for backwards
+ * compatibility */
+ uint32_t uid; /* Unique ID to detect space redefinition */
+ uint32_t kernel_versions; /* Kernel versions */
+ uint32_t reserved; /* Reserved for future expansion */
+} __attribute__((packed)) RollbackSpaceKernel;
+
+
+/* Flags for firmware space */
+/* Last boot was developer mode. TPM ownership is cleared when
+ * transitioning to/from developer mode. */
+#define FLAG_LAST_BOOT_DEVELOPER 0x01
+/* There have been one or more boots which left PP unlocked, so the
+ * contents of the kernel space are untrusted and must be restored
+ * from the backup copy. */
+#define FLAG_KERNEL_SPACE_USE_BACKUP 0x02
+
+#define ROLLBACK_SPACE_FIRMWARE_VERSION 1
+/* Firmware space - FIRMWARE_NV_INDEX, locked with global lock. */
+typedef struct RollbackSpaceFirmware {
+ uint8_t struct_version; /* Struct version, for backwards compatibility */
+ uint8_t flags; /* Flags (see FLAG_* above) */
+ uint32_t fw_versions; /* Firmware versions */
+ uint32_t reserved; /* Reserved for future expansion */
+ RollbackSpaceKernel kernel_backup; /* Backup of kernel space */
+} __attribute__((packed)) RollbackSpaceFirmware;
+
+__pragma(pack(pop)) /* Support packing for MSVC. */
+
/* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
@@ -72,10 +89,12 @@ Call from LoadKernel()
/* Setup must be called. Pass developer_mode=nonzero if in developer
* mode. */
-uint32_t RollbackFirmwareSetup(int developer_mode);
-/* Read and Write may be called after Setup. */
-uint32_t RollbackFirmwareRead(uint16_t* key_version, uint16_t* version);
+/* TODO: use a 32-bit version instead of 2 version pieces */
+uint32_t RollbackFirmwareSetup(int developer_mode, uint16_t* key_version,
+ uint16_t* version);
+
/* Write may be called if the versions change */
+/* TODO: use a 32-bit version instead of 2 version pieces */
Luigi Semenzato 2010/08/12 01:12:30 Maybe have Gaurav review this (future) change.
uint32_t RollbackFirmwareWrite(uint16_t key_version, uint16_t version);
/* Lock must be called */
@@ -92,6 +111,7 @@ uint32_t RollbackKernelRecovery(int developer_mode);
/* Read and write may be called if not in developer mode. If called in
* recovery mode, the effect is undefined. */
+/* TODO: use a 32-bit version instead of 2 version pieces */
uint32_t RollbackKernelRead(uint16_t* key_version, uint16_t* version);
uint32_t RollbackKernelWrite(uint16_t key_version, uint16_t version);
@@ -100,10 +120,6 @@ uint32_t RollbackKernelLock(void);
/* The following functions are here for testing only. */
-/* Store 1 in *|initialized| if the TPM NVRAM spaces have been initialized, 0
- * otherwise. Return TPM errors. */
-uint32_t GetSpacesInitialized(int* initialized);
-
/* Issue a TPM_Clear and reenable/reactivate the TPM. */
uint32_t TPMClearAndReenable(void);
« no previous file with comments | « no previous file | firmware/lib/rollback_index.c » ('j') | firmware/lib/rollback_index.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698