diff options
Diffstat (limited to 'src/security/vboot/secdata_tpm.c')
-rw-r--r-- | src/security/vboot/secdata_tpm.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 0ae956276c..b60a1bb315 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -80,6 +80,22 @@ static uint32_t read_space_firmware(struct vb2_context *ctx) return TPM_E_CORRUPTED_STATE; } +uint32_t antirollback_read_space_kernel(struct vb2_context *ctx) +{ + uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE; + + RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX, ctx->secdata_kernel, + size)); + + if (vb2api_secdata_kernel_check(ctx, &size) + == VB2_ERROR_SECDATA_KERNEL_INCOMPLETE) + /* Re-read. vboot will run the check and handle errors. */ + RETURN_ON_FAILURE(tlcl_read(KERNEL_NV_INDEX, + ctx->secdata_kernel, size)); + + return TPM_SUCCESS; +} + static uint32_t read_space_rec_hash(uint8_t *data) { RETURN_ON_FAILURE(tlcl_read(REC_HASH_NV_INDEX, data, @@ -440,6 +456,15 @@ uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) VB2_SECDATA_FIRMWARE_SIZE); } +uint32_t antirollback_write_space_kernel(struct vb2_context *ctx) +{ + /* Learn the expected size. */ + uint8_t size = VB2_SECDATA_KERNEL_MIN_SIZE; + vb2api_secdata_kernel_check(ctx, &size); + + return write_secdata(KERNEL_NV_INDEX, ctx->secdata_kernel, size); +} + uint32_t antirollback_read_space_rec_hash(uint8_t *data, uint32_t size) { if (size != REC_HASH_NV_SIZE) { |