tpm: let the caller of TPM reset decide if the EC needs to be reset too

TPM reset sequence when TPM wipeout is requested has a side effect of
rebooting the entire device. This is not always desirable, in some
cases other actions need to happen before the device is rebooted.

This patch makes resetting the EC the TPM reset caller's responsibility,

BRANCH=cr50
BUG=none
TEST=verified that RMA reset and WP disable properly wipe out the TPM
      and reboot the device.

Change-Id: I6e827ce923a2454ae5b2e2597d1a4c9390bbb8b6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/733813
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>

3 files changed, 19 insertions, 21 deletions

diff --git a/board/cr50/wp.c b/board/cr50/wp.c
index 0edb681fcd..e4fc54c630 100644
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -189,6 +189,14 @@ int board_wipe_tpm(void)
 {
 	int rc;
 
+	/*
+	 * Blindly zapping the TPM space while the AP is awake and poking at
+	 * it will bork the TPM task and the AP itself, so force the whole
+	 * system off by holding the EC in reset.
+	 */
+	CPRINTS("%s: force EC off", __func__);
+	assert_ec_rst();
+
 	/* Wipe the TPM's memory and reset the TPM task. */
 	rc = tpm_reset_request(1, 1);
 	if (rc != EC_SUCCESS) {
@@ -204,9 +212,10 @@ int board_wipe_tpm(void)
 			     SYSTEM_RESET_HARD);
 
 		/*
-		 * That should never return, but if it did, pass through the
-		 * error we got.
+		 * That should never return, but if it did, release EC reset
+		 * and pass through the error we got.
 		 */
+		deassert_ec_rst();
 		return rc;
 	}
 
@@ -215,6 +224,10 @@ int board_wipe_tpm(void)
 	/* Tell the TPM task to re-enable NvMem commits. */
 	tpm_reinstate_nvmem_commits();
 
+	/* Let the rest of the system boot. */
+	CPRINTS("%s: release EC reset", __func__);
+	deassert_ec_rst();
+
 	return EC_SUCCESS;
 }
 
diff --git a/common/tpm_registers.c b/common/tpm_registers.c
index d97e5bc4f1..46d2b7fdf1 100644
--- a/common/tpm_registers.c
+++ b/common/tpm_registers.c
@@ -815,20 +815,11 @@ static void tpm_reset_now(int wipe_first)
 	/* This is more related to TPM task activity than TPM transactions */
 	cprints(CC_TASK, "%s(%d)", __func__, wipe_first);
 
-	if (wipe_first) {
-		/*
-		 * Blindly zapping the TPM space while the AP is awake and
-		 * poking at it will bork the TPM task and the AP itself, so
-		 * force the whole system off by holding the EC in reset.
-		 */
-		cprints(CC_TASK, "%s: force EC off", __func__);
-		assert_ec_rst();
-
+	if (wipe_first)
 		/* Now wipe the TPM's nvmem */
 		wipe_result = nvmem_erase_user_data(NVMEM_TPM);
-	} else {
+	else
 		wipe_result = EC_SUCCESS;
-	}
 
 	/*
 	 * Clear the TPM library's zero-init data.  Note that the linker script
@@ -866,12 +857,6 @@ static void tpm_reset_now(int wipe_first)
 		waiting_for_reset = TASK_ID_INVALID;
 	}
 
-	if (wipe_first) {
-		/* Allow AP & EC to boot again */
-		cprints(CC_TASK, "%s: allow EC to boot", __func__);
-		deassert_ec_rst();
-	}
-
 	cprints(CC_TASK, "%s: done", __func__);
 
 	/*
diff --git a/include/tpm_registers.h b/include/tpm_registers.h
index 38cb68ef9e..cf7fbe5758 100644
--- a/include/tpm_registers.h
+++ b/include/tpm_registers.h
@@ -37,8 +37,8 @@ void tpm_register_interface(interface_restart_func interface_restart);
  * returns EC_SUCCESS after the reset has completed, or an error code on
  * failure.
  *
- * If wipe_nvmem_first is true, the EC and AP will be forced off and TPM memory
- * will be erased before the TPM task is reset.
+ * If wipe_nvmem_first is true, the caller is expected to keep the rest of the
+ * system in reset until TPM wipeout is completed.
  */
 int tpm_reset_request(int wait_until_done, int wipe_nvmem_first);