Move ContinueSelfTest to a later point to save time.

firmware/lib/tpm_lite/tlcl.c

 /* Copyright (c) 2010-2011 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 /* A lightweight TPM command library.
  *
  * The general idea is that TPM commands are array of bytes whose
  * fields are mostly compile-time constant.  The goal is to build much
  * of the commands at compile time (or build time) and change some of
@@ skipping 26 matching lines @@
   uint32_t code;
   FromTpmUint32(buffer + sizeof(uint16_t) + sizeof(uint32_t), &code);
   return code;
 }
 
 /* Gets the return code field of a TPM result. */
 static INLINE int TpmReturnCode(const uint8_t* buffer) {
   return TpmCommandCode(buffer);
 }
 
-/* Sends a TPM command and gets a response.  Returns 0 if success or the TPM
- * error code if error. */
-static uint32_t TlclSendReceive(const uint8_t* request, uint8_t* response,
-                                int max_length) {
-
+/* Like TlclSendReceive below, but do not retry if NEEDS_SELFTEST or
+ * DOING_SELFTEST errors are returned.
+ */
+static uint32_t TlclSendReceiveNoRetry(const uint8_t* request,
+                                       uint8_t* response, int max_length) {
   uint32_t result;
 
 #ifdef EXTRA_LOGGING
   VBDEBUG(("TPM: command: %x%x %x%x%x%x %x%x%x%x\n",
            request[0], request[1],
            request[2], request[3], request[4], request[5],
            request[6], request[7], request[8], request[9]));
 #endif
 
   result = TlclStubSendReceive(request, TpmCommandSize(request),
@@ skipping 14 matching lines @@
            response[6], response[7], response[8], response[9]));
 #endif
 
   VBDEBUG(("TPM: command 0x%x returned 0x%x\n",
            TpmCommandCode(request), result));
 
   return result;
 }
 
 
+/* Sends a TPM command and gets a response.  Returns 0 if success or the TPM
+ * error code if error. Waits for self test to complete if needed. */
+static uint32_t TlclSendReceive(const uint8_t* request, uint8_t* response,
+                                int max_length) {
+  uint32_t result = TlclSendReceiveNoRetry(request, response, max_length);
+  if (result == TPM_E_NEEDS_SELFTEST || result == TPM_E_DOING_SELFTEST) {
+    result = TlclContinueSelfTest();
+    if (result != TPM_SUCCESS) {
+      return result;
+    }
+#ifdef TPM_BLOCKING_CONTINUESELFTEST
+    result = TlclSendReceiveNoRetry(request, response, max_length);
+#else
+    /* This needs serious testing.  The TPM specification says: iii. The caller
+     * MUST wait for the actions of TPM_ContinueSelfTest to complete before
+     * reissuing the command C1.  But, how do we know that the actions have
+     * completed other than trying again? */
+    do {
+      result = TlclSendReceiveNoRetry(request, response, max_length);
+    } while (result == TPM_E_DOING_SELFTEST);

[Randall Spangler, 2011/03/16 19:23:06]

If the TPM gets in a wonky state, this could block forever and brick the system.
 I'd rather have the command fail and throw us into recovery mode than lock up.

One way to handle that would be to pass an allow_retries flag down through
everything (because sigh, no global variables), and then turn that off if the
recovery button is pressed.

[Luigi Semenzato, 2011/03/16 20:51:59]

Ah, now I remember, that's why we wanted the compilation-time flag.

+#endif
+  }
+  return result;
+}
+
 /* Sends a command and returns the error code. */
 static uint32_t Send(const uint8_t* command) {
   uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
   return TlclSendReceive(command, response, sizeof(response));
 }
 
 /* Exported functions. */
 
 uint32_t TlclLibInit(void) {
   return TlclStubInit();
@@ skipping 13 matching lines @@
   VBDEBUG(("TPM: Resume\n"));
   return Send(tpm_resume_cmd.buffer);
 }
 
 uint32_t TlclSelfTestFull(void) {
   VBDEBUG(("TPM: Self test full\n"));
   return Send(tpm_selftestfull_cmd.buffer);
 }
 
 uint32_t TlclContinueSelfTest(void) {
+  uint8_t response[TPM_LARGE_ENOUGH_COMMAND_SIZE];
   VBDEBUG(("TPM: Continue self test\n"));
-  return Send(tpm_continueselftest_cmd.buffer);
+  /* Call the No Retry version of SendReceive to avoid recursion. */
+  return TlclSendReceiveNoRetry(tpm_continueselftest_cmd.buffer,
+                                response, sizeof(response));
 }
 
 uint32_t TlclDefineSpace(uint32_t index, uint32_t perm, uint32_t size) {
   struct s_tpm_nv_definespace_cmd cmd;
   VBDEBUG(("TPM: TlclDefineSpace(0x%x, 0x%x, %d)\n", index, perm, size));
   Memcpy(&cmd, &tpm_nv_definespace_cmd, sizeof(cmd));
   ToTpmUint32(cmd.buffer + tpm_nv_definespace_cmd.index, index);
   ToTpmUint32(cmd.buffer + tpm_nv_definespace_cmd.perm, perm);
   ToTpmUint32(cmd.buffer + tpm_nv_definespace_cmd.size, size);
   return Send(cmd.buffer);
@@ skipping 193 matching lines @@
   Memcpy(&cmd, &tpm_getpermissions_cmd, sizeof(cmd));
   ToTpmUint32(cmd.buffer + tpm_getpermissions_cmd.index, index);
   result = TlclSendReceive(cmd.buffer, response, sizeof(response));
   if (result != TPM_SUCCESS)
     return result;
 
   nvdata = response + kTpmResponseHeaderLength + sizeof(size);
   FromTpmUint32(nvdata + kNvDataPublicPermissionsOffset, permissions);
   return result;
 }