summaryrefslogtreecommitdiff
path: root/src/security
diff options
context:
space:
mode:
Diffstat (limited to 'src/security')
-rw-r--r--src/security/vboot/secdata_tpm.c52
1 files changed, 27 insertions, 25 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 04162b0578..a757f02f98 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -165,45 +165,47 @@ static uint32_t safe_write(uint32_t index, const void *data, uint32_t length)
return tlcl_write(index, data, length);
}
-static uint32_t set_firmware_space(const void *firmware_blob)
-{
- RETURN_ON_FAILURE(tlcl_define_space(FIRMWARE_NV_INDEX,
- VB2_SECDATA_SIZE));
- RETURN_ON_FAILURE(safe_write(FIRMWARE_NV_INDEX, firmware_blob,
- VB2_SECDATA_SIZE));
- return TPM_SUCCESS;
-}
-
-static uint32_t set_kernel_space(const void *kernel_blob)
+static uint32_t set_space(const char *name, uint32_t index, const void *data,
+ uint32_t length)
{
uint32_t rv;
- rv = tlcl_define_space(KERNEL_NV_INDEX, sizeof(secdata_kernel));
+ rv = tlcl_define_space(index, length);
if (rv == TPM_E_NV_DEFINED) {
- VBDEBUG("%s: kernel space already exists\n", __func__);
- return TPM_SUCCESS;
+ /*
+ * Continue with writing: it may be defined, but not written
+ * to. In that case a subsequent tlcl_read() would still return
+ * TPM_E_BADINDEX on TPM 2.0. The cases when some non-firmware
+ * space is defined while the firmware space is not there
+ * should be rare (interrupted initialization), so no big harm
+ * in writing once again even if it was written already.
+ */
+ VBDEBUG("%s: %s space already exists\n", __func__, name);
+ rv = TPM_SUCCESS;
}
if (rv != TPM_SUCCESS)
return rv;
- return safe_write(KERNEL_NV_INDEX, kernel_blob, sizeof(secdata_kernel));
+ return safe_write(index, data, length);
}
-static uint32_t set_rec_hash_space(const uint8_t *data)
+static uint32_t set_firmware_space(const void *firmware_blob)
{
- uint32_t rv;
-
- rv = tlcl_define_space(REC_HASH_NV_INDEX, REC_HASH_NV_SIZE);
- if (rv == TPM_E_NV_DEFINED) {
- VBDEBUG("%s: MRC Hash space already exists\n", __func__);
- return TPM_SUCCESS;
- }
+ return set_space("firmware", FIRMWARE_NV_INDEX, firmware_blob,
+ VB2_SECDATA_SIZE);
+}
- if (rv != TPM_SUCCESS)
- return rv;
+static uint32_t set_kernel_space(const void *kernel_blob)
+{
+ return set_space("kernel", KERNEL_NV_INDEX, kernel_blob,
+ sizeof(secdata_kernel));
+}
- return safe_write(REC_HASH_NV_INDEX, data, REC_HASH_NV_SIZE);
+static uint32_t set_rec_hash_space(const uint8_t *data)
+{
+ return set_space("MRC Hash", REC_HASH_NV_INDEX, data,
+ REC_HASH_NV_SIZE);
}
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 19:11:52 +0000