diff options
| author | Namyoon Woo <namyoon@google.com> | 2018-06-14 18:17:35 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-06-21 01:05:47 -0700 |
| commit | 47eb2d5fe7c7ff3bed6f5a33836ec19182d17941 (patch) | |
| tree | 7c9b147c62cd0991129351221cc2431585a5e5d7 /board/cr50/build.mk | |
| parent | 725b337a61b6250f72f392e7a6df330b7c7bcae6 (diff) | |
| download | chrome-ec-47eb2d5fe7c7ff3bed6f5a33836ec19182d17941.tar.gz | |
cr50: Disabling TPM or enabling TPM.
This patch introduces a new firmware status, TPM mode along with
a new TPM vendor command VENDOR_CC_TPM_MODE. TPM mode indicates whether
TPM is enabled or disabled. Initially, this value shall be
TPM_MODE_ENABLED_TENTATIVE, which means TPM is enabled but can be
changed. VENDOR_CC_TPM_MODE changes this value either as
TPM_MODE_ENABLED or TPM_MODE_DISABLED. This is for one time use only until
next TPM reset event.
Once TPM is disabled, any subsequent TPM commands shall fail.
TPM_MODE_TPM_MODE command may be issued with input size as zero, which
would not change TPM mode value. Either with the valid input value or
without any input value, it returns the current TPM mode value in uint8_t
type.
This adds 160 bytes in binary.
BUG=b:77543596
BRANCH=cr50
TEST=manually
(chroot) ./extra/usb_updater/gsctool -h
Usage: gsctool [options] [<binary image>]
Options:
-m,--tpm_mode [enable|disable]
Query or control tpm mode
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(chroot) ./extra/usb_updater/gsctool -m enable
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(chroot) gsctool -m enable
Error 7 in enabling TPM.
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(dut) reboot
(chroot) ./extra/usb_updater/gsctool -m disable
(dut) gsctool -a -i
Problems reading from TPM, got 10 bytes
Error: Failed to send vendor command 25
(dut) tpm_version
[ERROR:... TRUNKS_RC_WRITE_ERROR
(dut) tpm-manager
[INFO:tpm_manager_v2.cc(51)] Initializing TPM.
[tpm_manager.TakeOwnershipReply] {
status:STATUS_NOT_AVAILABLE
}
(dut) reboot
(chroot) ./extra/usb_updater/gsctool -m
TPM Mode: enabled (0)
(dut) gsctool -a -i
Board ID space: XXXXXXXX:XXXXXXXX:XXXXXXXX
(dut) tpm_version
TPM2.0 Version Info:
...
(dut) tpm-manager
[INFO:tpm_manager_v2.cc(51)] Initializing TPM.
[INFO:tpm_manager_v2.cc(66)] TPM initialization successful (21 ms).
Change-Id: I1453d1a8d03f13cc7fc203863cbc50bf84c9dd8c
Signed-off-by: Namyoon Woo <namyoon@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1105614
Commit-Ready: Namyoon Woo <namyoon@chromium.org>
Tested-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'board/cr50/build.mk')
| -rw-r--r-- | board/cr50/build.mk | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index 58254ed8aa..83ffd04db6 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -52,6 +52,7 @@ board-y += tpm2/manufacture.o board-y += tpm2/platform.o board-y += tpm2/rsa.o board-y += tpm2/stubs.o +board-y += tpm2/tpm_mode.o board-y += tpm2/tpm_state.o board-y += tpm2/trng.o board-y += tpm_nvmem_read.o |