diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-01-18 17:51:56 -0800 |
|---|---|---|
| committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2018-03-13 23:50:25 +0000 |
| commit | 332807476c4e14e83c94a0360afaef4f58a493b9 (patch) | |
| tree | 6db66b2d6504d357e35326c77097f6b14076a691 | |
| parent | cbc9181dda65cab43524aa4c5c97a1c903fcdee5 (diff) | |
| download | chrome-ec-332807476c4e14e83c94a0360afaef4f58a493b9.tar.gz | |
cr50: vendor command to report tpm state
This vendor command allows the host to retrieve the internal TPM
state. The first version of the command will return the failure
information collected during assert, if it ever happened, retry
counter value and the maximum retry counter value to be able to detect
if TPM is in lockout.
The structure is packed, it is serialized before being sent to the
host.
BRANCH=none
BUG=chrome-os-partner:60555
TEST=when running on a reef with a depthcharge image capable of
displaying TPM state on errors observed state information added
to the recovery screen text display.
Original Change-Id: I9d37f7a971013ce802f63218d43697fab68276c9
Original Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original Reviewed-on: https://chromium-review.googlesource.com/430952
Original Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original Reviewed-by: Andrey Pronin <apronin@chromium.org>
Change-Id: Ie9adae2c98342ea902c47cd2073e96a445a0d533
Reviewed-on: https://chromium-review.googlesource.com/958882
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marco Chen <marcochen@chromium.org>
Commit-Queue: Marco Chen <marcochen@chromium.org>
| -rw-r--r-- | board/cr50/build.mk | 1 | ||||
| -rw-r--r-- | board/cr50/tpm2/tpm_state.c | 68 | ||||
| -rw-r--r-- | include/tpm_vendor_cmds.h | 4 |
3 files changed, 73 insertions, 0 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index f7cc0370b6..1d8647d496 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -44,6 +44,7 @@ board-y += tpm2/manufacture.o board-y += tpm2/platform.o board-y += tpm2/rsa.o board-y += tpm2/stubs.o +board-y += tpm2/tpm_state.o board-y += tpm2/trng.o board-y += tpm2/upgrade.o board-y += wp.o diff --git a/board/cr50/tpm2/tpm_state.c b/board/cr50/tpm2/tpm_state.c new file mode 100644 index 0000000000..a9b9fdd8f8 --- /dev/null +++ b/board/cr50/tpm2/tpm_state.c @@ -0,0 +1,68 @@ +/* + * Copyright 2017 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "config.h" + +#include "Global.h" +#include "board.h" +#include "console.h" +#include "endian.h" +#include "extension.h" +#include "system.h" +#include "util.h" + +#define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ## args) + +/* + * The below structure represents the body of the response to the 'report tpm + * state' vendor command. + * + * It will be transferred over the wire, so it needs to be + * serialized/deserialized, and it is likely to change, so its contents must + * be versioned. + */ +#define TPM_STATE_VERSION 1 +struct tpm_state { + uint32_t version; + uint32_t fail_line; /* s_failLIne */ + uint32_t fail_code; /* s_failCode */ + char func_name[4]; /* s_failFunction, limited to 4 chars */ + uint32_t failed_tries; /* gp.failedTries */ + uint32_t max_tries; /* gp.maxTries */ + /* The below fields are present in version 2 and above. */ +} __packed; + +static void serialize_u32(void *buf, uint32_t value) +{ + value = htobe32(value); + memcpy(buf, &value, sizeof(value)); +} + +static enum vendor_cmd_rc report_tpm_state(enum vendor_cmd_cc code, + void *buf, + size_t input_size, + size_t *response_size) +{ + struct tpm_state *state = buf; + + CPRINTS("%s", __func__); + + memset(state, 0, sizeof(*state)); + + serialize_u32(&state->version, TPM_STATE_VERSION); + serialize_u32(&state->fail_code, s_failCode); + serialize_u32(&state->fail_line, s_failLine); + serialize_u32(&state->failed_tries, gp.failedTries); + serialize_u32(&state->max_tries, gp.maxTries); + if (s_failFunction) + memcpy(state->func_name, (void *)&s_failFunction, + sizeof(state->func_name)); + + *response_size = sizeof(*state); + + return VENDOR_RC_SUCCESS; +} +DECLARE_VENDOR_COMMAND(VENDOR_CC_REPORT_TPM_STATE, report_tpm_state); diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index f81abf70d0..89d0b8e770 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -34,6 +34,10 @@ enum vendor_cmd_cc { VENDOR_CC_INVALIDATE_INACTIVE_RW = 20, VENDOR_CC_COMMIT_NVMEM = 21, + /* A gap left for the deep sleep control command. */ + + VENDOR_CC_REPORT_TPM_STATE = 23, + LAST_VENDOR_COMMAND = 65535, }; |