diff options
Diffstat (limited to 'src/vendorcode')
| -rw-r--r-- | src/vendorcode/google/chromeos/Kconfig | 14 | ||||
| -rw-r--r-- | src/vendorcode/google/chromeos/Makefile.inc | 1 | ||||
| -rw-r--r-- | src/vendorcode/google/chromeos/tpm2.c | 45 |
3 files changed, 60 insertions, 0 deletions
diff --git a/src/vendorcode/google/chromeos/Kconfig b/src/vendorcode/google/chromeos/Kconfig index 238b4e51b1..97dfc60c22 100644 --- a/src/vendorcode/google/chromeos/Kconfig +++ b/src/vendorcode/google/chromeos/Kconfig @@ -127,6 +127,20 @@ config CHROMEOS_FWID_VERSION This is the second part of the FWID written to various regions of a Chrome OS firmware image to identify its version. +config CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME + bool + default y + depends on TPM2 && RESUME_PATH_SAME_AS_BOOT + help + Disable the platform heirarchy on resume path if the firmware + is involved in resume. The hierarchy is disabled prior to jumping + to the OS. Note that this option is sepcific to TPM2 boards. + This option is auto selected if CHROMEOS because it matches with + vboot_reference model which disables the platform hierarchy in + the boot loader. However, those operations need to be symmetric + on normal boot as well as resume and coreboot is only involved + in the resume piece w.r.t. the platform hierarchy. + menu "GBB configuration" config GBB_HWID diff --git a/src/vendorcode/google/chromeos/Makefile.inc b/src/vendorcode/google/chromeos/Makefile.inc index 878b0684c0..f0762bcb55 100644 --- a/src/vendorcode/google/chromeos/Makefile.inc +++ b/src/vendorcode/google/chromeos/Makefile.inc @@ -24,6 +24,7 @@ ramstage-$(CONFIG_HAVE_ACPI_TABLES) += acpi.c ramstage-$(CONFIG_CHROMEOS_RAMOOPS) += ramoops.c romstage-y += vpd_decode.c ramstage-y += vpd_decode.c cros_vpd.c vpd_mac.c vpd_serialno.c vpd_calibration.c +ramstage-$(CONFIG_CHROMEOS_DISABLE_PLATFORM_HIERARCHY_ON_RESUME) += tpm2.c ramstage-$(CONFIG_HAVE_REGULATORY_DOMAIN) += wrdd.c ramstage-$(CONFIG_USE_SAR) += sar.c ifeq ($(CONFIG_ARCH_MIPS),) diff --git a/src/vendorcode/google/chromeos/tpm2.c b/src/vendorcode/google/chromeos/tpm2.c new file mode 100644 index 0000000000..fd1dac9a35 --- /dev/null +++ b/src/vendorcode/google/chromeos/tpm2.c @@ -0,0 +1,45 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2017 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <bootstate.h> +#include <console/console.h> +#include <tpm_lite/tlcl.h> +#include <vb2_api.h> + +static void disable_platform_hierarchy(void *unused) +{ + int ret; + + if (!IS_ENABLED(CONFIG_TPM2)) + return; + + if (!IS_ENABLED(CONFIG_RESUME_PATH_SAME_AS_BOOT)) + return; + + ret = tlcl_lib_init(); + + if (ret != VB2_SUCCESS) { + printk(BIOS_ERR, "tlcl_lib_init() failed: %x\n", ret); + return; + } + + ret = tlcl_disable_platform_hierarchy(); + if (ret != TPM_SUCCESS) + printk(BIOS_ERR, "Platform hierarchy disablement failed: %x\n", + ret); +} + +BOOT_STATE_INIT_ENTRY(BS_OS_RESUME, BS_ON_ENTRY, disable_platform_hierarchy, + NULL); |