diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-07-20 10:18:11 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-30 22:41:06 -0700 |
| commit | c14114832c002a772e6dd3b27932805e9f361218 (patch) | |
| tree | 305d548c4e48843296ba558c760e28ebbc6e6863 /common/tpm_registers.c | |
| parent | ef213ce62df85749d159547d0282b9519a4e111a (diff) | |
| download | chrome-ec-c14114832c002a772e6dd3b27932805e9f361218.tar.gz | |
cr50: provide chip factory mode support
When in factory mode, we should not be trying to figure out board
strapping options, just enable SPI interface so that the tester can
communicate with the chip.
Also, to close the loop with the tester, let's add indication of the
cert installation result, by setting the two top bits of the DUMMY
(aka underrun) character to 1 and the lower bits to the endorsement
operation result (0 means success, nonzero values communicate
different failure modes) and by preventing the TPM driver from sending
anything but underrun chars on the SPI interface.
BRANCH=cr50
BUG=b:63686091
TEST=pending
Change-Id: I1a22ed6988ad87dd929a393359c4604e6ecd3b58
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/578651
Reviewed-by: Nick Sanders <nsanders@chromium.org>
Diffstat (limited to 'common/tpm_registers.c')
| -rw-r--r-- | common/tpm_registers.c | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/common/tpm_registers.c b/common/tpm_registers.c index 7d4ecccfbf..e4da661c4f 100644 --- a/common/tpm_registers.c +++ b/common/tpm_registers.c @@ -17,6 +17,7 @@ #include "nvmem.h" #include "printf.h" #include "signed_header.h" +#include "sps.h" #include "system.h" #include "system_chip.h" #include "task.h" @@ -543,6 +544,12 @@ void tpm_register_interface(interface_restart_func interface_restart) static void tpm_init(void) { + /* + * 0xc0 Means successful endorsement. Actual endorsement reasult code + * is added in lower bits to indicate endorsement failure, if any. + */ + uint8_t underrun_char = 0xc0; + /* This is more related to TPM task activity than TPM transactions */ cprints(CC_TASK, "%s", __func__); @@ -580,6 +587,8 @@ static void tpm_init(void) _TPM_Init(); if (!tpm_manufactured()) { + enum manufacturing_status endorse_result; + /* * If tpm has not been manufactured yet - this needs to run on * every startup. It will wipe out NV RAM, among other things. @@ -587,13 +596,29 @@ static void tpm_init(void) TPM_Manufacture(1); _TPM_Init(); _plat__SetNvAvail(); - tpm_endorse(); + endorse_result = tpm_endorse(); + + ccprintf("[%T Endorsement %s]\n", + (endorse_result == mnf_success) ? + "succeeded" : "failed"); + + if (chip_factory_mode()) { + underrun_char |= endorse_result; + + ccprintf("[%T Setting underrun character to 0x%x]\n", + underrun_char); + sps_tx_status(underrun_char); + } } else { + if (chip_factory_mode()) + sps_tx_status(underrun_char | mnf_manufactured); + _plat__SetNvAvail(); } - /* Reinitialize TPM interface. */ - if_restart(); + /* Reinitialize TPM interface unless in chip factory mode. */ + if (!chip_factory_mode()) + if_restart(); } size_t tpm_get_burst_size(void) @@ -759,8 +784,12 @@ static void tpm_reset_now(int wipe_first) */ nvmem_enable_commits(); - /* Prevent NVRAM commits until further notice. */ - nvmem_disable_commits(); + /* + * Prevent NVRAM commits until further notice, unless running in + * factory mode. + */ + if (!chip_factory_mode()) + nvmem_disable_commits(); /* Re-initialize our registers */ tpm_init(); |