Revert "Cherry-pick: Tolerate lack of TPM reset in common cases."
Rong tested the soft-reset work fine without this CL. So revert it.
This reverts commit a7d21625a11dc912459efe20b8541e48630bdbd4.
Change-Id: I504d50af7ed1a4c54452a72d8536c57c8c63231b
Reviewed-on: http://gerrit.chromium.org/gerrit/1947
Reviewed-by: Tom Wai-Hong Tam <waihong@chromium.org>
Tested-by: Tom Wai-Hong Tam <waihong@chromium.org>
diff --git a/firmware/arch/arm/include/biosincludes.h b/firmware/arch/arm/include/biosincludes.h
index b2793d5..84778e3 100644
--- a/firmware/arch/arm/include/biosincludes.h
+++ b/firmware/arch/arm/include/biosincludes.h
@@ -43,9 +43,4 @@
#define UINT64_MAX (UINT64_C(0xffffffffffffffffULL))
#endif
-/* This workaround applies to Kaen prototypes and is not expected to be needed
- * in the final products. See crosbug.com/15759.
- */
-#define TEGRA_SOFT_REBOOT_WORKAROUND
-
#endif /*__ARCH_ARM_BIOSINCLUDES_H__ */
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index 27b6165..697bd0e 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -15,10 +15,6 @@
static int g_rollback_recovery_mode = 0;
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
-static int soft_reset = 0;
-#endif
-
/* disable MSVC warning on const logical expression (as in } while(0);) */
__pragma(warning (disable: 4127))
@@ -51,21 +47,6 @@
if (result == TPM_E_MAXNVWRITES) {
RETURN_ON_FAILURE(TPMClearAndReenable());
return TlclWrite(index, data, length);
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
- } else if ((result == TPM_E_BAD_PRESENCE ||
- result == TPM_E_AREA_LOCKED) &&
- soft_reset == 1) {
- /* Ignore writes that failed because the TPM wasn't unlocked.
- *
- * This may have security implications. 1. It may delay updating the
- * version number, therefore widening the window for a rollback attack.
- * 2. It may prevent noticing transitions between developer mode and normal
- * mode, in which case the TPM owner will not be cleared when
- * transitioning. See crosbug.com/15759. Note that this code path is not
- * taken on systems where a CPU reset implies a TPM reset.
- */
- return TPM_SUCCESS;
-#endif
} else {
return result;
}
@@ -209,22 +190,7 @@
RETURN_ON_FAILURE(TlclLibInit());
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
- result = TlclStartup();
- if (result == TPM_E_INVALID_POSTINIT) {
- /* Some prototype hardware doesn't reset the TPM on a CPU reset. We try to
- * tolerate this failure, which is possible in most cases.
- */
- VBDEBUG(("TPM: soft reset detected\n", result));
- soft_reset = 1;
- } else if (result != TPM_SUCCESS) {
- VBDEBUG(("TPM: TlclStartup returned %08x\n", result));
- return result;
- }
-#else
RETURN_ON_FAILURE(TlclStartup());
-#endif
-
/* Some TPMs start the self test automatically at power on. In that case we
* don't need to call ContinueSelfTest. On some (other) TPMs,
* ContinueSelfTest may block. In that case, we definitely don't want to
@@ -244,20 +210,7 @@
RETURN_ON_FAILURE(TlclContinueSelfTest());
#endif
result = TlclAssertPhysicalPresence();
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
- /*
- * If soft_reset is true, the failure to assert PP is expected because the
- * TPM is locked from a previous boot. In this case we will never execute
- * the PhysicalPresenceCMDEnable below, but that's OK because this is a
- * warm boot and at some point in the past we must have cold-booted with
- * this firmware (one would hope), so that situation (TPM delivered with PP
- * disabled) has already been resolved.
- */
- if (soft_reset) {
- result = TPM_SUCCESS;
- }
-#endif
- if (result != TPM_SUCCESS) {
+ if (result != 0) {
/* It is possible that the TPM was delivered with the physical presence
* command disabled. This tries enabling it, then tries asserting PP
* again.
@@ -484,18 +437,7 @@
if (g_rollback_recovery_mode) {
return TPM_SUCCESS;
} else {
-#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
- TPM_STCLEAR_FLAGS flags;
- uint32_t result = TlclLockPhysicalPresence();
- if (result == TPM_SUCCESS) {
- return result;
- }
- RETURN_ON_FAILURE(TlclGetSTClearFlags(&flags));
- /* Ignore PP locking failure if PP is already locked. */
- return flags.physicalPresenceLock == 1 ? TPM_SUCCESS : result;
-#else
return TlclLockPhysicalPresence();
-#endif
}
}
