vboot: create TPM section in 2api.h

Group TPM-related API functions together in the same section. BUG=b:124141368, chromium:968464 TEST=make clean && make runtests BRANCH=none Signed-off-by: Joel Kitching <kitching@google.com> Change-Id: Ic7fb8b90c3c68a568d75f8c98738bf8cea744622 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2282321 Tested-by: Joel Kitching <kitching@chromium.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org>
2020-07-06 13:35:25 +08:00 · 2020-07-06 13:35:25 +08:00 · 1a2ddae3d9
parent 59fd331bfc
commit 1a2ddae3d9
1 changed files with 42 additions and 39 deletions
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@ -63,21 +63,6 @@
 */
 #define VB2_TRY(expr, ...) _VB2_TRY_IMPL(expr, ##__VA_ARGS__, NULL, 0)

-/* Modes for vb2ex_tpm_set_mode. */
-enum vb2_tpm_mode {
-	/*
-	 * TPM is enabled tentatively, and may be set to either
-	 * ENABLED or DISABLED mode.
-	 */
-	VB2_TPM_MODE_ENABLED_TENTATIVE = 0,
-
-	/* TPM is enabled, and mode may not be changed. */
-	VB2_TPM_MODE_ENABLED = 1,
-
-	/* TPM is disabled, and mode may not be changed. */
-	VB2_TPM_MODE_DISABLED = 2,
-};
-
 /* Flags for vb2_context.
 *
 * Unless otherwise noted, flags are set by verified boot and may be read (but
@ -128,7 +113,7 @@ enum vb2_context_flags {
 	/* Wipeout by the app should be requested. */
 	VB2_CONTEXT_FORCE_WIPEOUT_MODE = (1 << 8),

-	/* Erase TPM developer mode state if it is enabled. */
+	/* Erase developer mode state if it is enabled. */
 	VB2_CONTEXT_DISABLE_DEVELOPER_MODE = (1 << 9),

 	/*
@ -901,14 +886,6 @@ int vb2api_use_short_dev_screen_delay(struct vb2_context *ctx);
 /*****************************************************************************/
 /* APIs provided by the caller to verified boot */

-/**
- * Clear the TPM owner.
- *
- * @param ctx		Vboot context
- * @return VB2_SUCCESS, or error code on error.
- */
-vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx);
-
 /**
 * Read a verified boot resource.
 *
@ -967,21 +944,6 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size);
 vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
 					   uint32_t digest_size);

-/*
- * Set the current TPM mode value, and validate that it was changed.  If one
- * of the following occurs, the function call fails:
- *   - TPM does not understand the instruction (old version)
- *   - TPM has already left the TpmModeEnabledTentative mode
- *   - TPM responds with a mode other than the requested mode
- *   - Some other communication error occurs
- *  Otherwise, the function call succeeds.
- *
- * @param mode_val       Desired TPM mode to set.  May be one of ENABLED
- *                       or DISABLED from vb2_tpm_mode enum.
- * @returns VB2_SUCCESS, or non-zero error code.
- */
-vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val);
-
 /*
 * Abort vboot flow due to a failed assertion or broken assumption.
 *
@ -1007,6 +969,47 @@ void vb2ex_abort(void);
 */
 vb2_error_t vb2ex_commit_data(struct vb2_context *ctx);

+/*****************************************************************************/
+/* TPM functionality */
+
+/* Modes for vb2ex_tpm_set_mode. */
+enum vb2_tpm_mode {
+	/*
+	 * TPM is enabled tentatively, and may be set to either
+	 * ENABLED or DISABLED mode.
+	 */
+	VB2_TPM_MODE_ENABLED_TENTATIVE = 0,
+
+	/* TPM is enabled, and mode may not be changed. */
+	VB2_TPM_MODE_ENABLED = 1,
+
+	/* TPM is disabled, and mode may not be changed. */
+	VB2_TPM_MODE_DISABLED = 2,
+};
+
+/*
+ * Set the current TPM mode value, and validate that it was changed.  If one
+ * of the following occurs, the function call fails:
+ *   - TPM does not understand the instruction (old version)
+ *   - TPM has already left the TpmModeEnabledTentative mode
+ *   - TPM responds with a mode other than the requested mode
+ *   - Some other communication error occurs
+ *  Otherwise, the function call succeeds.
+ *
+ * @param mode_val       Desired TPM mode to set.  May be one of ENABLED
+ *                       or DISABLED from vb2_tpm_mode enum.
+ * @returns VB2_SUCCESS, or non-zero error code.
+ */
+vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val);
+
+/**
+ * Clear the TPM owner.
+ *
+ * @param ctx		Vboot context
+ * @return VB2_SUCCESS, or error code on error.
+ */
+vb2_error_t vb2ex_tpm_clear_owner(struct vb2_context *ctx);
+
 /*****************************************************************************/
 /* Auxiliary firmware (auxfw) */