Vadim Bendebury | b9126fe | 2017-03-22 16:16:34 -0700 | [diff] [blame] | 1 | /* |
| 2 | * This file is part of the coreboot project. |
| 3 | * |
| 4 | * Copyright 2017 Google Inc. |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; version 2 of the License. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | */ |
| 15 | |
| 16 | #include <bootstate.h> |
| 17 | #include <console/console.h> |
| 18 | #include <ec/google/chromeec/ec.h> |
| 19 | #include <elog.h> |
| 20 | #include <halt.h> |
Philipp Deppenwiese | d88fb36 | 2017-10-18 20:26:18 +0200 | [diff] [blame] | 21 | #include <security/tpm/tss.h> |
Vadim Bendebury | b9126fe | 2017-03-22 16:16:34 -0700 | [diff] [blame] | 22 | #include <vb2_api.h> |
Philipp Deppenwiese | fea2429 | 2017-10-17 17:02:29 +0200 | [diff] [blame] | 23 | #include <security/vboot/vboot_common.h> |
Vadim Bendebury | b9126fe | 2017-03-22 16:16:34 -0700 | [diff] [blame] | 24 | |
| 25 | static void enable_update(void *unused) |
| 26 | { |
| 27 | int ret; |
| 28 | uint8_t num_restored_headers; |
| 29 | |
| 30 | /* Nothing to do on recovery mode. */ |
| 31 | if (vboot_recovery_mode_enabled()) |
| 32 | return; |
| 33 | |
| 34 | ret = tlcl_lib_init(); |
| 35 | |
| 36 | if (ret != VB2_SUCCESS) { |
| 37 | printk(BIOS_ERR, "tlcl_lib_init() failed for CR50 update: %x\n", |
| 38 | ret); |
| 39 | return; |
| 40 | } |
| 41 | |
| 42 | /* Reboot in 1000 ms if necessary. */ |
| 43 | ret = tlcl_cr50_enable_update(1000, &num_restored_headers); |
| 44 | |
| 45 | if (ret != TPM_SUCCESS) { |
| 46 | printk(BIOS_ERR, "Attempt to enable CR50 update failed: %x\n", |
| 47 | ret); |
| 48 | return; |
| 49 | } |
| 50 | |
| 51 | /* If no headers were restored there is no reset forthcoming. */ |
| 52 | if (!num_restored_headers) |
| 53 | return; |
| 54 | |
| 55 | elog_add_event(ELOG_TYPE_CR50_UPDATE); |
| 56 | |
| 57 | /* clear current post code avoid chatty eventlog on subsequent boot*/ |
| 58 | post_code(0); |
| 59 | |
| 60 | printk(BIOS_INFO, "Waiting for CR50 reset to pick up update.\n"); |
| 61 | |
Aaron Durbin | 6db1b2f | 2018-10-12 12:33:34 -0600 | [diff] [blame] | 62 | if (IS_ENABLED(CONFIG_POWER_OFF_ON_CR50_UPDATE)) |
Vadim Bendebury | b9126fe | 2017-03-22 16:16:34 -0700 | [diff] [blame] | 63 | poweroff(); |
Vadim Bendebury | b9126fe | 2017-03-22 16:16:34 -0700 | [diff] [blame] | 64 | halt(); |
| 65 | } |
| 66 | BOOT_STATE_INIT_ENTRY(BS_PAYLOAD_LOAD, BS_ON_ENTRY, enable_update, NULL); |