Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / refs/heads/factory-gru-8652.B^! / .
commit59cafc2f7ad3700e3ecf4c7828f22a4ab27efc67[log] [tgz]
authorHung-Te Lin <hungte@chromium.org>Tue Nov 22 09:41:38 2016 +0800
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>Fri Nov 25 06:21:25 2016 +0000
treec8cad3b73431cff3b43cb2ce459fff3df6dadc20
parent3bbb0c53867d2a3c0b4ea0dc07cd4a07edffe9f9 [diff]
utility: Allow chromeos-tpm-recovery to return failure.

When some of the space re-creation procedure failed, chromeos-tpm-recovery
should exit with non-zero value and not saying TPM is successfully recovered.

However, there are few known issues:
 - 0x1009 is not needed in TPM2.
 - The space is not created in TPM2.
 - tlcl does not support define spaces with policies yet (crosbug.com/p/59594).

As a result, we want to return failure only if writing any of the two
spaces (0x1007, 0x1008) fails.

This change also revised chromeos-tpm-recovery so it won't exit with unbound
variable error due to early exit without having daemon_was_running variable.

BRANCH=None
BUG=chrome-os-partner:60099
TEST=For boards with TPM and TPM2, do:
     build_image --board $BOARD factory_install;
     Boot factory install shim, select 'I' and get TPM recovered.

Change-Id: I3f79b02cdf77ac61cf1361033c489604dcd603f2
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/412543
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit c66cbc3440b03440d591274b188ea62b2de7af80)
Reviewed-on: https://chromium-review.googlesource.com/414790

diff --git a/utility/chromeos-tpm-recovery b/utility/chromeos-tpm-recovery
index e7959d2..bcb1819 100755
--- a/utility/chromeos-tpm-recovery
+++ b/utility/chromeos-tpm-recovery

@@ -14,6 +14,8 @@
 dot_recovery=${DOT_RECOVERY:=/mnt/stateful_partition/.recovery}
 awk=/usr/bin/awk
 initctl=/sbin/initctl
+daemon_was_running=
+err=0
 
 tpm2_target() {
   # This is not an ideal way to tell if we are running on a tpm2 target, but
@@ -41,6 +43,16 @@
   log "$*: attempting to fix"
 }
 
+log_error() {
+  err=$((err + 1))
+  log "ERROR: $*"
+}
+
+
+log_warn() {
+  log "WARNING: $*"
+}
+
 tpm_clear_and_reenable () {
   $tpmc clear
 
@@ -75,7 +87,7 @@
 }
 
 restart_daemon_if_needed() {
-  if [ $daemon_was_running != 0 ]; then
+  if [ "$daemon_was_running" = 1 ]; then
     log "Restarting ${DAEMON}..."
     $initctl start "${DAEMON}" >/dev/null
   fi
@@ -150,13 +162,15 @@
 
 # Reset firmware and kernel spaces to default (rollback version 1/1)
 reset_space 0x1007 0x8001 0xa "02  00  01 00 01 00  00 00 00  4f" || \
-  log "could not fix firmware space"
+  log_error "could not fix firmware space"
 reset_space 0x1008 0x1 0xd "02  4c 57 52 47  01 00 01 00  00 00 00  55" || \
-  log "could not fix kernel space"
-# Don't need valid data in backup space, vboot can reset it as long as it exists
-reset_space 0x1009 0x1 0x10 "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" || \
-  log "could not fix backup space"
+  log_error "could not fix kernel space"
 
 restart_daemon_if_needed
 
-log "TPM has successfully been reset to factory defaults"
+if [ "$err" -eq 0 ]; then
+  log "TPM has successfully been reset to factory defaults"
+else
+  log_error "TPM was not fully recovered."
+  exit 1
+fi