diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2021-06-30 11:52:35 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-10-19 22:24:10 +0000 |
| commit | 6bdf14ac14ac99f838412fba46d148ca77dfbb08 (patch) | |
| tree | 1e82f8e021bc5fc7f41ce6685e86d6f6910dc327 | |
| parent | 437ecdc3620f6a77d95833d778ed9b79dbeca6c7 (diff) | |
| download | chrome-ec-6bdf14ac14ac99f838412fba46d148ca77dfbb08.tar.gz | |
tpm_mode: do not proceed if nvmem commits can not be enabled
NVMEM commits are disabled for a few seconds after every TPM reset.
Setting TPM mode to 'disabled' requires the commits to be enabled
first, so that the NVMEM updates would be saved immediately.
Re-enabling the commits must be done by the same task which disables
them, i.e. the TPM task. This patch moves the invocation of
'nvmem_enable_commits()' to the main processing thread of the TPM mode
vendor command handler. When invoked through TPM it will be able to
properly reenable NVMEM commits. When invoked through USB it will fail
if TPM reset happened less than 3 seconds ago.
BUG=b:187831914
TEST=verified that when the TPM disable command is sent immediately
after TPM reset over USB it is rejected with error code 11, no
lockup/watchdog reset is observed.
Testing the AP sending the command will be done when debugging
NBR.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I035cd5db2c55fe5c9dd3679153bf9a2ec49210b6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2998302
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit 1e68e66a387c91b63a7a79324f3c828f7f0fed4b)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229790
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
| -rw-r--r-- | board/cr50/tpm2/tpm_mode.c | 4 | ||||
| -rw-r--r-- | include/tpm_vendor_cmds.h | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/board/cr50/tpm2/tpm_mode.c b/board/cr50/tpm2/tpm_mode.c index 9d249fc106..8b83081e88 100644 --- a/board/cr50/tpm2/tpm_mode.c +++ b/board/cr50/tpm2/tpm_mode.c @@ -22,7 +22,6 @@ static void disable_tpm(void) { - nvmem_enable_commits(); tpm_stop(); DCRYPTO_ladder_revoke(); nvmem_clear_cache(); @@ -83,6 +82,9 @@ static enum vendor_cmd_rc process_tpm_mode(struct vendor_cmd_params *p) * so that this vendor command can be responded to * before TPM stops. */ + if (nvmem_enable_commits() != EC_SUCCESS) + return VENDOR_RC_NVMEM_LOCKED; + hook_call_deferred(&disable_tpm_data, 10 * MSEC); break; default: diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index ac42cd6507..afced77648 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -193,6 +193,7 @@ enum vendor_cmd_rc { VENDOR_RC_NO_SUCH_SUBCOMMAND = 8, VENDOR_RC_IN_PROGRESS = 9, VENDOR_RC_PASSWORD_REQUIRED = 10, + VENDOR_RC_NVMEM_LOCKED = 11, /* Maximum possible failure reason. */ VENDOR_RC_NO_SUCH_COMMAND = 127, |