use continue self test

firmware/lib/rollback_index.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for querying, manipulating and locking rollback indices
  * stored in the TPM NVRAM.
  */
 
 #include "rollback_index.h"
 
 #include "tlcl.h"
 #include "tss_constants.h"
 #include "utility.h"
 
-
 /* TPM PCR to use for storing dev mode measurements */
 #define DEV_MODE_PCR 0
 /* Input digests for PCR extend */
 #define DEV_MODE_ON_SHA1_DIGEST ((uint8_t*) "\xbf\x8b\x45\x30\xd8\xd2\x46\xdd" \
                                  "\x74\xac\x53\xa1\x34\x71\xbb\xa1\x79\x41" \
                                  "\xdf\xf7") /* SHA1("\x01") */
 #define DEV_MODE_OFF_SHA1_DIGEST ((uint8_t*) "\x5b\xa9\x3c\x9d\xb0\xcf\xf9\x3f"\
                                   "\x52\xb5\x21\xd7\x42\x0e\x43\xf6\xed\xa2" \
                                   "\x78\x4f") /* SHA1("\x00") */
 
@@ skipping 141 matching lines @@
   uint8_t disable;
   uint8_t deactivated;
   uint32_t result;
 
   VBDEBUG(("TPM: SetupTPM(r%d, d%d)\n", recovery_mode, developer_mode));
 
   /* TODO: TlclLibInit() should be able to return failure */
   TlclLibInit();
 
   RETURN_ON_FAILURE(TlclStartup());
-#ifdef USE_CONTINUE_SELF_TEST
-  /* TODO: ContinueSelfTest() should be faster than SelfTestFull, but
-   * may also not work properly in older TPM firmware.  For now, do
-   * the full self test. */
+  /* Use ContinueSelfTest rather than SelfTestFull().  It enables
+   * access to the subset of TPM commands we need in the firmware, and
+   * allows the full self test to run in paralle with firmware
+   * startup.  By the time we get to the OS, self test will have
+   * completed. */
   RETURN_ON_FAILURE(TlclContinueSelfTest());
-#else
-  RETURN_ON_FAILURE(TlclSelfTestFull());
-#endif
   result = TlclAssertPhysicalPresence();
   if (result != 0) {
     /* It is possible that the TPM was delivered with the physical presence
      * command disabled.  This tries enabling it, then tries asserting PP
      * again.
      */
     RETURN_ON_FAILURE(TlclPhysicalPresenceCMDEnable());
     RETURN_ON_FAILURE(TlclAssertPhysicalPresence());
   }
 
@@ skipping 60 matching lines @@
 #ifdef DISABLE_ROLLBACK_TPM
 
 /* Dummy implementations which don't support TPM rollback protection */
 
 uint32_t RollbackS3Resume(void) {
 #ifndef CHROMEOS_ENVIRONMENT
   /* Initialize the TPM, but ignore return codes.  In ChromeOS
    * environment, don't even talk to the TPM. */
   TlclLibInit();
   TlclResume();
-  TlclSelfTestFull();
+  TlclContinueSelfTest();
 #endif
   return TPM_SUCCESS;
 }
 
 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
 #ifndef CHROMEOS_ENVIRONMENT
   /* Initializes the TPM, but ignores return codes.  In ChromeOS
    * environment, doesn't even talk to the TPM. */
   TlclLibInit();
   TlclStartup();
-  TlclSelfTestFull();
+  TlclContinueSelfTest();
 #endif
 
   *version = 0;
   return TPM_SUCCESS;
 }
 
 uint32_t RollbackFirmwareWrite(uint32_t version) {
   return TPM_SUCCESS;
 }
 
@@ skipping 23 matching lines @@
 
 uint32_t RollbackKernelLock(void) {
   return TPM_SUCCESS;
 }
 
 #else
 
 uint32_t RollbackS3Resume(void) {
   uint32_t result;
   TlclLibInit();
-  /* Check for INVALID_POSTINIT error, so we don't have to worry if this ends
-   * up in hardware that keeps the TPM powered on during S3.
-   */
   result = TlclResume();
   if (result == TPM_E_INVALID_POSTINIT) {
+    /* We're on a platform where the TPM maintains power in S3, so
+       it's already initialized.  No need for a self-test. */
     return TPM_SUCCESS;
   }
   if (result != TPM_SUCCESS) {
     return result;
   }
-#ifdef USE_CONTINUE_SELF_TEST
-  /* TODO: ContinueSelfTest() should be faster than SelfTestFull, but
-   * may also not work properly in older TPM firmware.  For now, do
-   * the full self test. */
+
   RETURN_ON_FAILURE(TlclContinueSelfTest());
-#else
-  RETURN_ON_FAILURE(TlclSelfTestFull());
-#endif
+
   return TPM_SUCCESS;
 }
 
 
 uint32_t RollbackFirmwareSetup(int developer_mode, uint32_t* version) {
   RollbackSpaceFirmware rsf;
   uint8_t out_digest[20];  /* For PCR extend output */
 
   RETURN_ON_FAILURE(SetupTPM(0, developer_mode, &rsf));
   *version = rsf.fw_versions;
@@ skipping 78 matching lines @@
 
 uint32_t RollbackKernelLock(void) {
   if (g_rollback_recovery_mode) {
     return TPM_SUCCESS;
   } else {
     return TlclLockPhysicalPresence();
   }
 }
 
 #endif // DISABLE_ROLLBACK_TPM