Chromium Code Reviews Chromium Code Reviews
Issue 6871044:
Do not advance kernel version in TPM if we are in firmware B trying a new firmware (Closed)
Base URL: ssh://gitrw.chromium.org:9222/vboot_reference.git@master| Index: firmware/lib/vboot_kernel.c |
| diff --git a/firmware/lib/vboot_kernel.c b/firmware/lib/vboot_kernel.c |
| index cfdd9b4c0b891b957f0bd21819a8908ccf59de4b..0e9c15ba7ecaa107efbfe8aa5918a5c7a19997e3 100644 |
| --- a/firmware/lib/vboot_kernel.c |
| +++ b/firmware/lib/vboot_kernel.c |
| @@ -597,13 +597,12 @@ int LoadKernel(LoadKernelParams* params) { |
| shcall->check_result = VBSD_LKC_CHECK_GOOD_PARTITION; |
| /* See if we need to update the TPM */ |
| - if (kBootRecovery != boot_mode && good_partition_key_block_valid) { |
| - /* We only update the TPM in normal and developer boot modes. In |
| - * developer mode, we only advanced lowest_version for kernels with valid |
| - * key blocks, and didn't count self-signed key blocks. In recovery |
| - * mode, the TPM stays PP-unlocked, so anything we write gets blown away |
| - * by the firmware when we go back to normal mode. */ |
| - VBDEBUG(("Boot_flags = not recovery\n")); |
| + if ((kBootNormal == boot_mode) && |
| + !((1 == shared->firmware_index) && (shared->flags & VBSD_FWB_TRIED))) { |
|
Will Drewry
2011/04/17 17:53:18
What case will shared->firmware_index==1 without V
|
| + /* We only update the TPM in normal mode. We don't advance the |
| + * TPM if we're trying a new firmware B, because that firmware |
| + * may have a key change and roll forward the TPM too soon. */ |
| + VBDEBUG(("Checking if TPM kernel version needs advancing\n")); |
| if ((lowest_version > tpm_version) && |
|
Will Drewry
2011/04/17 17:53:18
Since we only increment when the lowest_version of
gauravsh
2011/04/17 19:32:24
Belated comment: I'd really like to see a check fo
|
| (lowest_version != LOWEST_TPM_VERSION)) { |
