Gitiles
Code Review Sign In
review.coreboot.org / vboot / 08bf680ff38c345928cf3907d6369d767c3df6ef^! / . / firmware / 2lib / include / 2api.h
commit08bf680ff38c345928cf3907d6369d767c3df6ef[log] [tgz]
authorMatt Delco <delco@google.com>Wed Feb 13 15:54:24 2019 -0800
committerchrome-bot <chrome-bot@chromium.org>Wed Mar 20 19:51:14 2019 -0700
treefb11094f87cf986b22d9a28676a961846c182438
parentd2b18dfbf91e6631516dfedce8bb4bf8696cc288 [diff] [blame]
2api: add callback for vb2ex_tpm_set_mode

Add vboot2 callback for tpm_set_mode.

This is mostly a cherry-pick of these:
https://chromium-review.googlesource.com/c/1354139
https://chromium-review.googlesource.com/c/1365293

The re-enable of the tpm is now performed by coreboot
so this version doesn't implement tpm_get_mode.

BUG=b:124358784
BRANCH=None
TEST=compile vboot_reference and depthcharge
CQ-DEPEND=CL:1471195

Change-Id: I4168b50650e22f35ad9c66d49f34b689c46a36e1
Signed-off-by: Matt Delco <delco@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1470962
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Keith Short <keithshort@chromium.org>

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index 55753e1..9bf6772 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h

@@ -29,6 +29,21 @@
 #include "2recovery_reasons.h"
 #include "2return_codes.h"
 
+/* Modes for vb2ex_tpm_set_mode. */
+enum vb2_tpm_mode {
+	/*
+	 * TPM is enabled tentatively, and may be set to either
+	 * ENABLED or DISABLED mode.
+	 */
+	VB2_TPM_MODE_ENABLED_TENTATIVE = 0,
+
+	/* TPM is enabled, and mode may not be changed. */
+	VB2_TPM_MODE_ENABLED = 1,
+
+	/* TPM is disabled, and mode may not be changed. */
+	VB2_TPM_MODE_DISABLED = 2,
+};
+
 /* Flags for vb2_context.
  *
  * Unless otherwise noted, flags are set by verified boot and may be read (but
@@ -697,4 +712,19 @@
 			 uint8_t *digest,
 			 uint32_t digest_size);
 
+/*
+ * Set the current TPM mode value, and validate that it was changed.  If one
+ * of the following occurs, the function call fails:
+ *   - TPM does not understand the instruction (old version)
+ *   - TPM has already left the TpmModeEnabledTentative mode
+ *   - TPM responds with a mode other than the requested mode
+ *   - Some other communication error occurs
+ *  Otherwise, the function call succeeds.
+ *
+ * @param mode_val       Desired TPM mode to set.  May be one of ENABLED
+ *                       or DISABLED from vb2_tpm_mode enum.
+ * @returns VB2_SUCCESS, or non-zero error code.
+ */
+int vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val);
+
 #endif  /* VBOOT_2_API_H_ */