diff options
| author | Andrey Pronin <apronin@google.com> | 2023-04-26 20:08:37 -0700 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-05-03 19:42:55 +0000 |
| commit | 0eb116559a3aa6344aaeae35a327aecd1f10456d (patch) | |
| tree | 995a07e1541516ef5e84b12898d1b5791810b286 | |
| parent | 05534e11aca09b24931bff651f6b15c1fade338f (diff) | |
| download | chrome-ec-0eb116559a3aa6344aaeae35a327aecd1f10456d.tar.gz | |
cr50: handle unwritten spaces in read_tpm_nvmem
This CL checks if the space was defined but not written, and if so,
returns TPM_READ_NOT_FOUND from read_tpm_nvmem().
BUG=b:276384456
TEST=with crrev.com/c/2494503, verify that calling chkfwmp
prints "read_tpm_nvmem: object at 0x100a not written"
and then the following when the space is not written:
```
FWMP read result: 1
ccd unlock allowed: 1
policy update allowed: 1
```
To create an unwritten space, run
tpm_manager_client define_space --index=0x100a --size=40
Change-Id: I8eff2be8da1e28204216d4dbbd54e57e8a8127b3
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4483017
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit 03328f1087025caa68f410763f87bbb131d377c9)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4491105
Tested-by: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Jett Rink <jettrink@chromium.org>
(cherry picked from commit 678681cc738c8f16825b9d5b11999fd8b91598a4)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4503745
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/tpm_nvmem_ops.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/board/cr50/tpm_nvmem_ops.c b/board/cr50/tpm_nvmem_ops.c index 92e8721b0a..634a540239 100644 --- a/board/cr50/tpm_nvmem_ops.c +++ b/board/cr50/tpm_nvmem_ops.c @@ -38,6 +38,16 @@ enum tpm_read_rv read_tpm_nvmem(uint16_t obj_index, NvReadIndexInfo(object_handle, handle_addr, &nvIndex); /* + * Check that the index was written to. Otherwise, behave as if the + * index doesn't exist. + */ + if (nvIndex.publicArea.attributes.TPMA_NV_WRITTEN == 0) { + CPRINTF("%s: object at 0x%x not written\n", + __func__, obj_index); + return TPM_READ_NOT_FOUND; + } + + /* * We presume it is readable and are not checking the access * limitations. */ |