diff options
Diffstat (limited to 'common/tpm_registers.c')
-rw-r--r-- | common/tpm_registers.c | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/common/tpm_registers.c b/common/tpm_registers.c index 5a71dea1b2..66b6bcbf81 100644 --- a/common/tpm_registers.c +++ b/common/tpm_registers.c @@ -17,6 +17,7 @@ #include "signed_header.h" #include "system.h" #include "task.h" +#include "tpm_manufacture.h" #include "tpm_registers.h" #include "util.h" #include "watchdog.h" @@ -447,12 +448,8 @@ void tpm_register_get(uint32_t regaddr, uint8_t *dest, uint32_t data_size) CPRINTF("\n"); } - static void tpm_init(void) { - uint32_t saved_value; - const uint32_t manufacturing_done = 0x12344321; - set_tpm_state(tpm_state_idle); tpm_.regs.access = tpm_reg_valid_sts; tpm_.regs.sts = (tpm_family_tpm2 << tpm_family_shift) | @@ -463,22 +460,24 @@ static void tpm_init(void) /* - * TODO(ngm): CRBUG/50115, initialize state expected by TPM2 - * compliance tests. + * Make sure NV RAM metadata is initialized, needed to check + * manufactured status. This is a speculative call which will have to + * be repeated in case the TPM has not been through the manufacturing + * sequence yet. * - * Until it is done properly, use location at offset 0 in the generic - * section of NVRAM to store the manufacturing status. Otherwise the - * NV RAM is wiped out on every reboot. + * No harm in calling it twice in that case. */ - nvmem_read(0, sizeof(saved_value), &saved_value, NVMEM_CR50); - if (saved_value != manufacturing_done) { + _TPM_Init(); + + if (!tpm_manufactured()) { + /* + * If tpm has not been manufactured yet - this needs to run on + * every startup. It will wipe out NV RAM, among other things. + */ TPM_Manufacture(1); - saved_value = manufacturing_done; - nvmem_write(0, sizeof(saved_value), &saved_value, NVMEM_CR50); - nvmem_commit(); + _TPM_Init(); } - _TPM_Init(); _plat__SetNvAvail(); } |