Gitiles
Code Review Sign In
review.coreboot.org / coreboot / a2f08aa5c4420053d80ca23992b9e61888976f7c^! / .
commita2f08aa5c4420053d80ca23992b9e61888976f7c[log] [tgz]
authorJon Murphy <jpmurphy@google.com>Tue Sep 05 11:43:14 2023 -0600
committerRaul Rangel <rrangel@chromium.org>Thu Sep 28 16:55:03 2023 +0000
treeec265453e1f5548edc98efcdd765fa56f7ee6cde
parentdb4e93ba1a927527f4a095aa8395c31c87d2438d [diff]
drivers/tpm: Add tpm failure handling

Add additional failure mode logic for the TPM to enable an
automated recovery mode for GSC hangs.

BUG=b:296439237
TEST=Force the error by hard coding the return code and observe the
device entering hibernate.
BRANCH=None

Change-Id: Ieec7e9227d538130354dea8b772d0306cdda1237
Signed-off-by: Jon Murphy <jpmurphy@google.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/77667
Reviewed-by: Eric Lai <eric_lai@quanta.corp-partner.google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

diff --git a/src/security/tpm/Kconfig b/src/security/tpm/Kconfig
index 39134c1..c06150d 100644
--- a/src/security/tpm/Kconfig
+++ b/src/security/tpm/Kconfig

@@ -172,3 +172,12 @@
 	default 3
 
 endmenu # Trusted Platform Module (tpm)
+
+config TPM_SETUP_HIBERNATE_ON_ERR
+	bool
+	depends on EC_GOOGLE_CHROMEEC
+	help
+	  Select this to force a device to hibernate on the next AP shutdown when a TPM
+	  setup error occurs. This will cause a cold boot of the system and offer an
+	  opportunity to recover the TPM should it be hung. This is only effective if
+	  the Z-State brings the power rail down.

diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c
index ab38085..11983b9 100644
--- a/src/security/vboot/vboot_logic.c
+++ b/src/security/vboot/vboot_logic.c

@@ -4,6 +4,7 @@
 #include <assert.h>
 #include <console/console.h>
 #include <bootmode.h>
+#include <ec/google/chromeec/ec.h>
 #include <fmap.h>
 #include <security/tpm/tspi/crtm.h>
 #include <security/tpm/tss/vendor/cr50/cr50.h>
@@ -271,9 +272,23 @@
 	 * check the return value here because vb2api_fw_phase1 will catch
 	 * invalid secdata and tell us what to do (=reboot). */
 	timestamp_add_now(TS_TPMINIT_START);
-	if (vboot_setup_tpm(ctx) == TPM_SUCCESS) {
+	rv = vboot_setup_tpm(ctx);
+	if (rv == TPM_SUCCESS) {
 		antirollback_read_space_firmware(ctx);
 		antirollback_read_space_kernel(ctx);
+	} else {
+		vb2api_fail(ctx, VB2_RECOVERY_RO_TPM_S_ERROR, rv);
+		if (CONFIG(TPM_SETUP_HIBERNATE_ON_ERR) &&
+				rv == TPM_CB_COMMUNICATION_ERROR) {
+			printk(BIOS_ERR, "Failed to communicate with TPM\n"
+					"Next reboot will hibernate to reset TPM");
+			/* Command the EC to hibernate on next AP shutdown */
+			if (google_chromeec_reboot(
+					EC_REBOOT_HIBERNATE,
+					EC_REBOOT_FLAG_ON_AP_SHUTDOWN)) {
+				printk(BIOS_ERR, "Failed to get EC to schedule hibernate");
+			}
+		}
 	}
 	timestamp_add_now(TS_TPMINIT_END);