diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2021-06-30 11:52:35 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-06-30 20:24:13 +0000 |
commit | 1e68e66a387c91b63a7a79324f3c828f7f0fed4b (patch) | |
tree | 5bf903e8ec8bc9a3261a6e737b180f1e85cced13 | |
parent | 9d228f4679205c805117638e8d0953b174522c5a (diff) | |
download | chrome-ec-1e68e66a387c91b63a7a79324f3c828f7f0fed4b.tar.gz |
tpm_mode: do not proceed if nvmem commits can not be enabled
NVMEM commits are disabled for a few seconds after every TPM reset.
Setting TPM mode to 'disabled' requires the commits to be enabled
first, so that the NVMEM updates would be saved immediately.
Re-enabling the commits must be done by the same task which disables
them, i.e. the TPM task. This patch moves the invocation of
'nvmem_enable_commits()' to the main processing thread of the TPM mode
vendor command handler. When invoked through TPM it will be able to
properly reenable NVMEM commits. When invoked through USB it will fail
if TPM reset happened less than 3 seconds ago.
BUG=b:187831914
TEST=verified that when the TPM disable command is sent immediately
after TPM reset over USB it is rejected with error code 11, no
lockup/watchdog reset is observed.
Testing the AP sending the command will be done when debugging
NBR.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I035cd5db2c55fe5c9dd3679153bf9a2ec49210b6
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2998302
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
-rw-r--r-- | board/cr50/tpm2/tpm_mode.c | 4 | ||||
-rw-r--r-- | include/tpm_vendor_cmds.h | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/board/cr50/tpm2/tpm_mode.c b/board/cr50/tpm2/tpm_mode.c index 8282236caa..dea38abf02 100644 --- a/board/cr50/tpm2/tpm_mode.c +++ b/board/cr50/tpm2/tpm_mode.c @@ -22,7 +22,6 @@ static void disable_tpm(void) { - nvmem_enable_commits(); tpm_stop(); DCRYPTO_ladder_revoke(); nvmem_clear_cache(); @@ -72,6 +71,9 @@ static enum vendor_cmd_rc process_tpm_mode(struct vendor_cmd_params *p) * so that this vendor command can be responded to * before TPM stops. */ + if (nvmem_enable_commits() != EC_SUCCESS) + return VENDOR_RC_NVMEM_LOCKED; + hook_call_deferred(&disable_tpm_data, 10 * MSEC); break; default: diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 83a0f700f5..b127a05082 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -194,6 +194,7 @@ enum vendor_cmd_rc { VENDOR_RC_NO_SUCH_SUBCOMMAND = 8, VENDOR_RC_IN_PROGRESS = 9, VENDOR_RC_PASSWORD_REQUIRED = 10, + VENDOR_RC_NVMEM_LOCKED = 11, /* Maximum possible failure reason. */ VENDOR_RC_NO_SUCH_COMMAND = 127, |