Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(429)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: firmware/lib/rollback_index.c

Issue 3388008: Fix one-time init (Closed) Base URL: http://git.chromium.org/git/vboot_reference.git
Patch Set: pflags.ownership means capable of being owned, not owned Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | firmware/version.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Functions for querying, manipulating and locking rollback indices 5 * Functions for querying, manipulating and locking rollback indices
6 * stored in the TPM NVRAM. 6 * stored in the TPM NVRAM.
7 */ 7 */
8 8
9 #include "rollback_index.h" 9 #include "rollback_index.h"
10 10
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 /* Performs one-time initializations. Creates the NVRAM spaces, and sets their 100 /* Performs one-time initializations. Creates the NVRAM spaces, and sets their
101 * initial values as needed. Sets the nvLocked bit and ensures the physical 101 * initial values as needed. Sets the nvLocked bit and ensures the physical
102 * presence command is enabled and locked. 102 * presence command is enabled and locked.
103 */ 103 */
104 static uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware* rsf, 104 static uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware* rsf,
105 RollbackSpaceKernel* rsk) { 105 RollbackSpaceKernel* rsk) {
106 static const RollbackSpaceFirmware rsf_init = { 106 static const RollbackSpaceFirmware rsf_init = {
107 ROLLBACK_SPACE_FIRMWARE_VERSION, 0, 0, 0}; 107 ROLLBACK_SPACE_FIRMWARE_VERSION, 0, 0, 0};
108 static const RollbackSpaceKernel rsk_init = { 108 static const RollbackSpaceKernel rsk_init = {
109 ROLLBACK_SPACE_KERNEL_VERSION, ROLLBACK_SPACE_KERNEL_UID, 0, 0}; 109 ROLLBACK_SPACE_KERNEL_VERSION, ROLLBACK_SPACE_KERNEL_UID, 0, 0};
110 uint8_t nvlocked = 0; 110 TPM_PERMANENT_FLAGS pflags;
111 uint32_t result;
111 112
112 VBDEBUG(("TPM: One-time initialization\n")); 113 VBDEBUG(("TPM: One-time initialization\n"));
113 114
114 RETURN_ON_FAILURE(TlclFinalizePhysicalPresence()); 115 result = TlclGetPermanentFlags(&pflags);
116 if (result != TPM_SUCCESS)
117 return result;
118
119 /* TPM may come from the factory without physical presence finalized. Fix
120 * if necessary. */
121 VBDEBUG(("TPM: physicalPresenceLifetimeLock=%d\n",
122 pflags.physicalPresenceLifetimeLock));
123 if (!pflags.physicalPresenceLifetimeLock) {
124 VBDEBUG(("TPM: Finalizing physical presence\n"));
125 RETURN_ON_FAILURE(TlclFinalizePhysicalPresence());
126 }
115 127
116 /* The TPM will not enforce the NV authorization restrictions until the 128 /* The TPM will not enforce the NV authorization restrictions until the
117 * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK. 129 * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK.
118 * Here we create that space if it doesn't already exist. */ 130 * Here we create that space if it doesn't already exist. */
119 RETURN_ON_FAILURE(TlclGetFlags(NULL, NULL, &nvlocked)); 131 VBDEBUG(("TPM: nvLocked=%d\n", pflags.nvLocked));
120 VBDEBUG(("TPM: nvlocked=%d\n", nvlocked)); 132 if (!pflags.nvLocked) {
121 if (!nvlocked) {
122 VBDEBUG(("TPM: Enabling NV locking\n")); 133 VBDEBUG(("TPM: Enabling NV locking\n"));
123 RETURN_ON_FAILURE(TlclSetNvLocked()); 134 RETURN_ON_FAILURE(TlclSetNvLocked());
124 } 135 }
125 136
137 /* Clear TPM owner, in case the TPM is already owned for some reason. */
138 VBDEBUG(("TPM: Clearing owner\n"));
139 RETURN_ON_FAILURE(TlclForceClear());
140
126 /* Initializes the firmware and kernel spaces */ 141 /* Initializes the firmware and kernel spaces */
127 Memcpy(rsf, &rsf_init, sizeof(RollbackSpaceFirmware)); 142 Memcpy(rsf, &rsf_init, sizeof(RollbackSpaceFirmware));
128 Memcpy(rsk, &rsk_init, sizeof(RollbackSpaceKernel)); 143 Memcpy(rsk, &rsk_init, sizeof(RollbackSpaceKernel));
129 144
130 /* Defines and sets firmware and kernel spaces */ 145 /* Defines and sets firmware and kernel spaces */
131 RETURN_ON_FAILURE(SafeDefineSpace(FIRMWARE_NV_INDEX, 146 RETURN_ON_FAILURE(SafeDefineSpace(FIRMWARE_NV_INDEX,
132 TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE, 147 TPM_NV_PER_GLOBALLOCK | TPM_NV_PER_PPWRITE,
133 sizeof(RollbackSpaceFirmware))); 148 sizeof(RollbackSpaceFirmware)));
134 RETURN_ON_FAILURE(WriteSpaceFirmware(rsf)); 149 RETURN_ON_FAILURE(WriteSpaceFirmware(rsf));
135 RETURN_ON_FAILURE(SafeDefineSpace(KERNEL_NV_INDEX, TPM_NV_PER_PPWRITE, 150 RETURN_ON_FAILURE(SafeDefineSpace(KERNEL_NV_INDEX, TPM_NV_PER_PPWRITE,
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after
417 432
418 uint32_t RollbackKernelLock(void) { 433 uint32_t RollbackKernelLock(void) {
419 if (g_rollback_recovery_mode) { 434 if (g_rollback_recovery_mode) {
420 return TPM_SUCCESS; 435 return TPM_SUCCESS;
421 } else { 436 } else {
422 return TlclLockPhysicalPresence(); 437 return TlclLockPhysicalPresence();
423 } 438 }
424 } 439 }
425 440
426 #endif // DISABLE_ROLLBACK_TPM 441 #endif // DISABLE_ROLLBACK_TPM
OLDNEW
« no previous file with comments | « no previous file | firmware/version.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698