diff options
author | Randall Spangler <rspangler@chromium.org> | 2010-09-15 15:57:58 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2010-09-15 15:57:58 -0700 |
commit | 6eee220fcdfd557b77c40e123293f16fe548731b (patch) | |
tree | 9ce3fd8fd0622e8fb1e22cdb50c40af53a42fa5e /firmware/lib/rollback_index.c | |
parent | 89feaed8dc146a8dde63556650610585d2b70e4d (diff) | |
download | vboot-6eee220fcdfd557b77c40e123293f16fe548731b.tar.gz |
Fix one-time init
Change-Id: Ie8b4f5b1b7493b16b69eb41531ec3362d4b3679f
BUG=chrome-os-partner:1101
TEST=manual testing of affected TPM on CRB
Review URL: http://codereview.chromium.org/3388008
Diffstat (limited to 'firmware/lib/rollback_index.c')
-rw-r--r-- | firmware/lib/rollback_index.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c index fdd75c6f..a9bcf9e8 100644 --- a/firmware/lib/rollback_index.c +++ b/firmware/lib/rollback_index.c @@ -107,22 +107,37 @@ static uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware* rsf, ROLLBACK_SPACE_FIRMWARE_VERSION, 0, 0, 0}; static const RollbackSpaceKernel rsk_init = { ROLLBACK_SPACE_KERNEL_VERSION, ROLLBACK_SPACE_KERNEL_UID, 0, 0}; - uint8_t nvlocked = 0; + TPM_PERMANENT_FLAGS pflags; + uint32_t result; VBDEBUG(("TPM: One-time initialization\n")); - RETURN_ON_FAILURE(TlclFinalizePhysicalPresence()); + result = TlclGetPermanentFlags(&pflags); + if (result != TPM_SUCCESS) + return result; + + /* TPM may come from the factory without physical presence finalized. Fix + * if necessary. */ + VBDEBUG(("TPM: physicalPresenceLifetimeLock=%d\n", + pflags.physicalPresenceLifetimeLock)); + if (!pflags.physicalPresenceLifetimeLock) { + VBDEBUG(("TPM: Finalizing physical presence\n")); + RETURN_ON_FAILURE(TlclFinalizePhysicalPresence()); + } /* The TPM will not enforce the NV authorization restrictions until the * execution of a TPM_NV_DefineSpace with the handle of TPM_NV_INDEX_LOCK. * Here we create that space if it doesn't already exist. */ - RETURN_ON_FAILURE(TlclGetFlags(NULL, NULL, &nvlocked)); - VBDEBUG(("TPM: nvlocked=%d\n", nvlocked)); - if (!nvlocked) { + VBDEBUG(("TPM: nvLocked=%d\n", pflags.nvLocked)); + if (!pflags.nvLocked) { VBDEBUG(("TPM: Enabling NV locking\n")); RETURN_ON_FAILURE(TlclSetNvLocked()); } + /* Clear TPM owner, in case the TPM is already owned for some reason. */ + VBDEBUG(("TPM: Clearing owner\n")); + RETURN_ON_FAILURE(TlclForceClear()); + /* Initializes the firmware and kernel spaces */ Memcpy(rsf, &rsf_init, sizeof(RollbackSpaceFirmware)); Memcpy(rsk, &rsk_init, sizeof(RollbackSpaceKernel)); |