diff options
| -rw-r--r-- | board/cr50/board.h | 1 | ||||
| -rw-r--r-- | board/cr50/wp.c | 30 | ||||
| -rw-r--r-- | common/ccd_config.c | 4 |
3 files changed, 34 insertions, 1 deletions
diff --git a/board/cr50/board.h b/board/cr50/board.h index cf179d5d11..edbfe263f2 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -268,6 +268,7 @@ void power_button_record(void); /* Functions needed by CCD config */ int board_battery_is_present(void); int board_fwmp_allows_unlock(void); +int board_vboot_dev_mode_enabled(void); void board_reboot_ap(void); int board_wipe_tpm(void); int board_is_first_factory_boot(void); diff --git a/board/cr50/wp.c b/board/cr50/wp.c index 41a676ff91..ab8d363a35 100644 --- a/board/cr50/wp.c +++ b/board/cr50/wp.c @@ -239,16 +239,31 @@ int board_wipe_tpm(void) } /****************************************************************************/ -/* FWMP TPM NVRAM space support */ +/* Verified boot TPM NVRAM space support */ /* * These definitions and the structure layout were manually copied from * src/platform/vboot_reference/firmware/lib/include/rollback_index.h. at * git sha c7282f6. */ +#define FIRMWARE_NV_INDEX 0x1007 #define FWMP_NV_INDEX 0x100a #define FWMP_HASH_SIZE 32 #define FWMP_DEV_DISABLE_CCD_UNLOCK (1 << 6) +#define FIRMWARE_FLAG_DEV_MODE 0x02 + +struct RollbackSpaceFirmware { + /* Struct version, for backwards compatibility */ + uint8_t struct_version; + /* Flags (see FIRMWARE_FLAG_* above) */ + uint8_t flags; + /* Firmware versions */ + uint32_t fw_versions; + /* Reserved for future expansion */ + uint8_t reserved[3]; + /* Checksum (v2 and later only) */ + uint8_t crc8; +} __packed; /* Firmware management parameters */ struct RollbackSpaceFwmp { @@ -320,6 +335,19 @@ int board_fwmp_allows_unlock(void) #endif } +int board_vboot_dev_mode_enabled(void) +{ + struct RollbackSpaceFirmware fw; + + if (tpm_read_success == + read_tpm_nvmem(FIRMWARE_NV_INDEX, sizeof(fw), &fw)) { + return !!(fw.flags & FIRMWARE_FLAG_DEV_MODE); + } + + /* If not found or other error, assume dev mode is disabled */ + return 0; +} + /****************************************************************************/ /* TPM vendor-specific commands */ diff --git a/common/ccd_config.c b/common/ccd_config.c index 4c49180123..74b20faed7 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -677,6 +677,10 @@ static int command_ccd_info(void) cflush(); } + ccprintf("TPM:%s%s\n", + board_fwmp_allows_unlock() ? "" : " fwmp_lock", + board_vboot_dev_mode_enabled() ? " dev_mode" : ""); + ccputs("Use 'ccd help' to print subcommands\n"); return EC_SUCCESS; } |