Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: firmware/lib/vboot_firmware.c

Issue 6685075: Add TPM version checking (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@master
Patch Set: Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « firmware/lib/rollback_index.c ('k') | firmware/lib/vboot_kernel.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * High-level firmware API for loading and verifying rewritable firmware. 5 * High-level firmware API for loading and verifying rewritable firmware.
6 * (Firmware portion) 6 * (Firmware portion)
7 */ 7 */
8 8
9 #include "gbb_header.h" 9 #include "gbb_header.h"
10 #include "load_firmware_fw.h" 10 #include "load_firmware_fw.h"
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
118 if (0 != status) { 118 if (0 != status) {
119 VBDEBUG(("Unable to setup TPM and read stored versions.\n")); 119 VBDEBUG(("Unable to setup TPM and read stored versions.\n"));
120 VBPERFEND("VB_TPMI"); 120 VBPERFEND("VB_TPMI");
121 if (status == TPM_E_MUST_REBOOT) 121 if (status == TPM_E_MUST_REBOOT)
122 retval = LOAD_FIRMWARE_REBOOT; 122 retval = LOAD_FIRMWARE_REBOOT;
123 else 123 else
124 recovery = VBNV_RECOVERY_RO_TPM_ERROR; 124 recovery = VBNV_RECOVERY_RO_TPM_ERROR;
125 goto LoadFirmwareExit; 125 goto LoadFirmwareExit;
126 } 126 }
127 shared->fw_version_tpm_start = tpm_version; 127 shared->fw_version_tpm_start = tpm_version;
128 shared->fw_version_tpm = tpm_version;
128 VBPERFEND("VB_TPMI"); 129 VBPERFEND("VB_TPMI");
129 130
130 /* Read try-b count and decrement if necessary */ 131 /* Read try-b count and decrement if necessary */
131 VbNvGet(vnc, VBNV_TRY_B_COUNT, &try_b_count); 132 VbNvGet(vnc, VBNV_TRY_B_COUNT, &try_b_count);
132 if (0 != try_b_count) { 133 if (0 != try_b_count) {
133 VbNvSet(vnc, VBNV_TRY_B_COUNT, try_b_count - 1); 134 VbNvSet(vnc, VBNV_TRY_B_COUNT, try_b_count - 1);
134 shared->flags |= VBSD_FWB_TRIED; 135 shared->flags |= VBSD_FWB_TRIED;
135 } 136 }
136 VbNvSet(vnc, VBNV_TRIED_FIRMWARE_B, try_b_count ? 1 : 0); 137 VbNvSet(vnc, VBNV_TRIED_FIRMWARE_B, try_b_count ? 1 : 0);
137 138
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after
340 status = RollbackFirmwareWrite((uint32_t)lowest_version); 341 status = RollbackFirmwareWrite((uint32_t)lowest_version);
341 VBPERFEND("VB_TPMU"); 342 VBPERFEND("VB_TPMU");
342 if (0 != status) { 343 if (0 != status) {
343 VBDEBUG(("Unable to write stored versions.\n")); 344 VBDEBUG(("Unable to write stored versions.\n"));
344 if (status == TPM_E_MUST_REBOOT) 345 if (status == TPM_E_MUST_REBOOT)
345 retval = LOAD_FIRMWARE_REBOOT; 346 retval = LOAD_FIRMWARE_REBOOT;
346 else 347 else
347 recovery = VBNV_RECOVERY_RO_TPM_ERROR; 348 recovery = VBNV_RECOVERY_RO_TPM_ERROR;
348 goto LoadFirmwareExit; 349 goto LoadFirmwareExit;
349 } 350 }
351 shared->fw_version_tpm = (uint32_t)lowest_version;
350 } 352 }
351 353
352 /* Lock firmware versions in TPM */ 354 /* Lock firmware versions in TPM */
353 VBPERFSTART("VB_TPML"); 355 VBPERFSTART("VB_TPML");
354 status = RollbackFirmwareLock(); 356 status = RollbackFirmwareLock();
355 VBPERFEND("VB_TPML"); 357 VBPERFEND("VB_TPML");
356 if (0 != status) { 358 if (0 != status) {
357 VBDEBUG(("Unable to lock firmware versions.\n")); 359 VBDEBUG(("Unable to lock firmware versions.\n"));
358 if (status == TPM_E_MUST_REBOOT) 360 if (status == TPM_E_MUST_REBOOT)
359 retval = LOAD_FIRMWARE_REBOOT; 361 retval = LOAD_FIRMWARE_REBOOT;
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
396 uint32_t status = RollbackS3Resume(); 398 uint32_t status = RollbackS3Resume();
397 399
398 /* If we can't resume, just do a full reboot. No need to go to recovery 400 /* If we can't resume, just do a full reboot. No need to go to recovery
399 * mode here, since if the TPM is really broken we'll catch it on the 401 * mode here, since if the TPM is really broken we'll catch it on the
400 * next boot. */ 402 * next boot. */
401 if (status == TPM_SUCCESS) 403 if (status == TPM_SUCCESS)
402 return LOAD_FIRMWARE_SUCCESS; 404 return LOAD_FIRMWARE_SUCCESS;
403 else 405 else
404 return LOAD_FIRMWARE_REBOOT; 406 return LOAD_FIRMWARE_REBOOT;
405 } 407 }
OLDNEW
« no previous file with comments | « firmware/lib/rollback_index.c ('k') | firmware/lib/vboot_kernel.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698