added reboot return codes to load kernel and firmware

firmware/lib/vboot_kernel.c

 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Functions for loading a kernel from disk.
  * (Firmware portion)
  */
 
 #include "vboot_kernel.h"
 
@@ skipping 111 matching lines @@
   uint8_t* kbuf = NULL;
   int found_partitions = 0;
   int good_partition = -1;
   uint16_t tpm_key_version = 0;
   uint16_t tpm_kernel_version = 0;
   uint64_t lowest_key_version = 0xFFFF;
   uint64_t lowest_kernel_version = 0xFFFF;
   int is_dev = (BOOT_FLAG_DEVELOPER & params->boot_flags ? 1 : 0);
   int is_rec = (BOOT_FLAG_RECOVERY & params->boot_flags ? 1 : 0);
   int is_normal = (!is_dev && !is_rec);
+  uint32_t status;
 
   /* Clear output params in case we fail */
   params->partition_number = 0;
   params->bootloader_address = 0;
   params->bootloader_size = 0;
 
   /* Let the TPM know if we're in recovery mode */
   if (is_rec) {
     if (0 != RollbackKernelRecovery(is_dev ? 1 : 0)) {
       VBDEBUG(("Error setting up TPM for recovery kernel\n"));
       /* Ignore return code, since we need to boot recovery mode to
        * fix the TPM. */
     }
   }
 
   if (is_normal) {
     /* Read current kernel key index from TPM.  Assumes TPM is already
      * initialized. */
-    if (0 != RollbackKernelRead(&tpm_key_version, &tpm_kernel_version)) {
+    status = RollbackKernelRead(&tpm_key_version, &tpm_kernel_version);
+    if (0 != status) {
       VBDEBUG(("Unable to get kernel versions from TPM\n"));
-      return LOAD_KERNEL_RECOVERY;
+      return (status == TPM_E_MUST_REBOOT ?
+              LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY);
     }
   } else if (is_dev && !is_rec) {
     /* In developer mode, we ignore the kernel subkey, and just use
      * the SHA-512 hash to verify the key block. */
     kernel_subkey = NULL;
   }
 
   do {
     /* Read GPT data */
     gpt.sector_bytes = (uint32_t)blba;
@@ skipping 197 matching lines @@
       /* We only update the TPM in normal boot mode.  In developer
        * mode, the kernel is self-signed by the developer, so we can't
        * trust the key version and wouldn't want to roll the TPM
        * forward.  In recovery mode, the TPM stays PP-unlocked, so
        * anything we write gets blown away by the firmware when we go
        * back to normal mode. */
       VBDEBUG(("Boot_flags = is_normal\n"));
       if ((lowest_key_version > tpm_key_version) ||
           (lowest_key_version == tpm_key_version &&
            lowest_kernel_version > tpm_kernel_version)) {
-        if (0 != RollbackKernelWrite((uint16_t)lowest_key_version,
-                                     (uint16_t)lowest_kernel_version)) {
+
+        status = RollbackKernelWrite((uint16_t)lowest_key_version,
+                                     (uint16_t)lowest_kernel_version);
+        if (0 != status) {
           VBDEBUG(("Error writing kernel versions to TPM.\n"));
-          return LOAD_KERNEL_RECOVERY;
+      return (status == TPM_E_MUST_REBOOT ?
+              LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY);
         }
       }
     }
 
     /* Lock the kernel versions */
-    if (0 != RollbackKernelLock()) {
+    status = RollbackKernelLock();
+    if (0 != status) {
       VBDEBUG(("Error locking kernel versions.\n"));
       /* Don't reboot to recovery mode if we're already there */
       if (!is_rec)
-        return LOAD_KERNEL_RECOVERY;
+        return (status == TPM_E_MUST_REBOOT ?
+                LOAD_KERNEL_REBOOT : LOAD_KERNEL_RECOVERY);
     }
 
     /* Success! */
     return LOAD_KERNEL_SUCCESS;
   }
 
   // Handle error cases
   if (found_partitions)
     return LOAD_KERNEL_INVALID;
   else
     return LOAD_KERNEL_NOT_FOUND;
 }