loader: panic on TPM init failure

F/2569

Author: danielinux

src/loader.c

@@ -124,7 +124,9 @@ int main(void)
     uart_send_current_version();
 #endif
 #ifdef WOLFBOOT_TPM
-    wolfBoot_tpm2_init();
+    if (wolfBoot_tpm2_init() != 0) {
+        wolfBoot_panic();
+    }
 #endif
 #ifdef WOLFCRYPT_SECURE_MODE
     wcs_Init();

tools/unit-tests/Makefile

@@ -49,7 +49,7 @@ TESTS:=unit-parser unit-fdt unit-extflash unit-string unit-spi-flash unit-aes128
        unit-enc-nvm-flagshome unit-delta unit-update-flash unit-update-flash-delta \
        unit-update-flash-self-update \
        unit-update-flash-enc unit-update-ram unit-update-ram-nofixed unit-pkcs11_store unit-psa_store unit-disk \
-       unit-update-disk unit-multiboot unit-boot-x86-fsp unit-qspi-flash unit-tpm-rsa-exp \
+       unit-update-disk unit-multiboot unit-boot-x86-fsp unit-loader-tpm-init unit-qspi-flash unit-tpm-rsa-exp \
        unit-image-nopart unit-image-sha384 unit-image-sha3-384 unit-store-sbrk \
        unit-tpm-blob unit-policy-create unit-policy-sign unit-rot-auth unit-sdhci-response-bits \
        unit-sdhci-disk-unaligned unit-sign-encrypted-output
@@ -235,6 +235,12 @@ unit-boot-x86-fsp: ../../include/target.h unit-boot-x86_fsp.c
 		-DUCODE0_ADDRESS=0 -ffunction-sections -fdata-sections $(LDFLAGS) \
 		-Wl,--gc-sections
 
+unit-loader-tpm-init: ../../include/target.h unit-loader-tpm-init.c
+	gcc -o $@ $^ $(CFLAGS) -DWOLFBOOT_LOADER_MAIN -DWOLFBOOT_TPM \
+		-DWOLFBOOT_HOOK_PANIC -DWOLFBOOT_SIGN_ECC256 \
+		-DWOLFBOOT_HASH_SHA256 -ffunction-sections -fdata-sections \
+		$(LDFLAGS) -Wl,--gc-sections
+
 unit-mock-state: ../../include/target.h unit-mock-state.c
 	gcc -o $@ $^ $(CFLAGS) $(LDFLAGS)
 

tools/unit-tests/unit-loader-tpm-init.c

@@ -0,0 +1,98 @@
+#include <check.h>
+#include <setjmp.h>
+#include <stdio.h>
+#include <stdint.h>
+
+static int mock_tpm_init_rc;
+static int start_calls;
+static jmp_buf exit_env;
+
+void hal_init(void)
+{
+}
+
+uint16_t spi_flash_probe(void)
+{
+    return 0;
+}
+
+int wolfBoot_tpm2_init(void)
+{
+    return mock_tpm_init_rc;
+}
+
+void wolfBoot_start(void)
+{
+    start_calls++;
+    longjmp(exit_env, 2);
+}
+
+void wolfBoot_hook_panic(void)
+{
+    longjmp(exit_env, 1);
+}
+
+#include "../../src/loader.c"
+
+static void setup(void)
+{
+    mock_tpm_init_rc = 0;
+    start_calls = 0;
+}
+
+START_TEST(test_loader_panics_when_tpm_init_fails)
+{
+    int exit_reason;
+
+    mock_tpm_init_rc = -1;
+    exit_reason = setjmp(exit_env);
+    if (exit_reason == 0) {
+        ck_assert_int_eq(loader_main(), 0);
+    }
+
+    ck_assert_int_eq(exit_reason, 1);
+    ck_assert_int_eq(start_calls, 0);
+}
+END_TEST
+
+START_TEST(test_loader_starts_boot_when_tpm_init_succeeds)
+{
+    int exit_reason;
+
+    exit_reason = setjmp(exit_env);
+    if (exit_reason == 0) {
+        ck_assert_int_eq(loader_main(), 0);
+    }
+
+    ck_assert_int_eq(exit_reason, 2);
+    ck_assert_int_eq(start_calls, 1);
+}
+END_TEST
+
+static Suite *loader_suite(void)
+{
+    Suite *s;
+    TCase *tc;
+
+    s = suite_create("loader");
+    tc = tcase_create("loader_main");
+    tcase_add_checked_fixture(tc, setup, NULL);
+    tcase_add_test(tc, test_loader_panics_when_tpm_init_fails);
+    tcase_add_test(tc, test_loader_starts_boot_when_tpm_init_succeeds);
+    suite_add_tcase(s, tc);
+    return s;
+}
+
+int main(void)
+{
+    Suite *s;
+    SRunner *sr;
+    int failed;
+
+    s = loader_suite();
+    sr = srunner_create(s);
+    srunner_run_all(sr, CK_NORMAL);
+    failed = srunner_ntests_failed(sr);
+    srunner_free(sr);
+    return failed == 0 ? 0 : 1;
+}