rollback_index: Add recovery parameter to RollbackKernelLock.
RollbackKernelLock previously checked a global to determine recovery
mode state. Since we have two copies of vboot_reference in firmware
(in coreboot and depthcharge), this creates a problem with
synchronization. Remove the global entirely and instead pass the
recovery state to RollbackKernelLock.
BUG=chrome-os-partner:20913.
TEST=Manual. Boot factory install shim in recovery mode and verify TPM
clear operations succeed. Boot in dev mode and verify "Lock physical
presence" print on UART.
BRANCH=FalcoPeppy.
Signed-off-by: Shawn Nematbakhsh <shawnn@chromium.org>
Change-Id: I4e751d4a9ca60cd57c5c662ce86eba595fb22ba2
Reviewed-on: https://gerrit.chromium.org/gerrit/62874
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
diff --git a/firmware/lib/include/rollback_index.h b/firmware/lib/include/rollback_index.h
index 748dce9..386ad77 100644
--- a/firmware/lib/include/rollback_index.h
+++ b/firmware/lib/include/rollback_index.h
@@ -117,7 +117,7 @@
/**
* Lock must be called. Internally, it's ignored in recovery mode.
*/
-uint32_t RollbackKernelLock(void);
+uint32_t RollbackKernelLock(int recovery_mode);
/****************************************************************************/
diff --git a/firmware/lib/mocked_rollback_index.c b/firmware/lib/mocked_rollback_index.c
index e866f13..6f026a3 100644
--- a/firmware/lib/mocked_rollback_index.c
+++ b/firmware/lib/mocked_rollback_index.c
@@ -49,7 +49,7 @@
}
-uint32_t RollbackFirmwareLock(void) {
+uint32_t RollbackFirmwareLock(int recovery_mode) {
return TPM_SUCCESS;
}
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index 3744f4b..619ba01 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -38,8 +38,6 @@
#undef DISABLE_ROLLBACK_TPM
#endif
-static int g_rollback_recovery_mode = 0;
-
#define RETURN_ON_FAILURE(tpm_command) do { \
uint32_t result_; \
if ((result_ = (tpm_command)) != TPM_SUCCESS) { \
@@ -355,10 +353,6 @@
VBDEBUG(("TPM: SetupTPM(r%d, d%d)\n", recovery_mode, developer_mode));
- /* Global variables are usable in recovery mode */
- if (recovery_mode)
- g_rollback_recovery_mode = 1;
-
RETURN_ON_FAILURE(TlclLibInit());
#ifdef TEGRA_SOFT_REBOOT_WORKAROUND
@@ -540,7 +534,7 @@
return TPM_SUCCESS;
}
-uint32_t RollbackKernelLock(void)
+uint32_t RollbackKernelLock(int recovery_mode)
{
return TPM_SUCCESS;
}
@@ -635,9 +629,9 @@
return WriteSpaceKernel(&rsk);
}
-uint32_t RollbackKernelLock(void)
+uint32_t RollbackKernelLock(int recovery_mode)
{
- if (g_rollback_recovery_mode)
+ if (recovery_mode)
return TPM_SUCCESS;
else
return TlclLockPhysicalPresence();
diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 895a81d..f253e92 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -970,7 +970,7 @@
sizeof(kparams->partition_guid));
/* Lock the kernel versions. Ignore errors in recovery mode. */
- tpm_status = RollbackKernelLock();
+ tpm_status = RollbackKernelLock(shared->recovery_reason);
if (0 != tpm_status) {
VBDEBUG(("Error locking kernel versions.\n"));
if (!shared->recovery_reason) {
diff --git a/firmware/linktest/main.c b/firmware/linktest/main.c
index 2a55248..abbc165 100644
--- a/firmware/linktest/main.c
+++ b/firmware/linktest/main.c
@@ -36,7 +36,7 @@
RollbackFirmwareLock();
RollbackKernelRead(0);
RollbackKernelWrite(0);
- RollbackKernelLock();
+ RollbackKernelLock(0);
/* tpm_bootmode.c */
SetTPMBootModeState(0, 0, 0);
diff --git a/tests/rollback_index2_tests.c b/tests/rollback_index2_tests.c
index 1a07cb0..384895f 100644
--- a/tests/rollback_index2_tests.c
+++ b/tests/rollback_index2_tests.c
@@ -938,19 +938,19 @@
/* Test lock (recovery off) */
ResetMocks(0, 0);
- TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock()");
+ TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()");
TEST_STR_EQ(mock_calls,
"TlclLockPhysicalPresence()\n",
"tlcl calls");
ResetMocks(1, TPM_E_IOERROR);
- TEST_EQ(RollbackKernelLock(), TPM_E_IOERROR,
+ TEST_EQ(RollbackKernelLock(0), TPM_E_IOERROR,
"RollbackKernelLock() error");
/* Test lock with recovery on; shouldn't lock PP */
SetupTPM(1, 0, 0, 0, &rsf);
ResetMocks(0, 0);
- TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock() in recovery");
+ TEST_EQ(RollbackKernelLock(1), 0, "RollbackKernelLock() in recovery");
TEST_STR_EQ(mock_calls, "", "no tlcl calls");
}
diff --git a/tests/rollback_index3_tests.c b/tests/rollback_index3_tests.c
index 9434a5a..2fc1f05 100644
--- a/tests/rollback_index3_tests.c
+++ b/tests/rollback_index3_tests.c
@@ -37,7 +37,7 @@
TEST_EQ(version, 0, "rkr version");
TEST_EQ(RollbackKernelWrite(0), 0, "RollbackKernelWrite()");
- TEST_EQ(RollbackKernelLock(), 0, "RollbackKernelLock()");
+ TEST_EQ(RollbackKernelLock(0), 0, "RollbackKernelLock()");
return gTestSuccess ? 0 : 255;
}
diff --git a/tests/vboot_api_kernel4_tests.c b/tests/vboot_api_kernel4_tests.c
index 81628a4..e2155f5 100644
--- a/tests/vboot_api_kernel4_tests.c
+++ b/tests/vboot_api_kernel4_tests.c
@@ -94,7 +94,7 @@
return rkw_retval;
}
-uint32_t RollbackKernelLock(void)
+uint32_t RollbackKernelLock(int recovery_mode)
{
return rkl_retval;
}
