diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2022-02-22 22:02:38 -0800 |
|---|---|---|
| committer | Vadim Bendebury <vbendeb@chromium.org> | 2022-03-02 23:01:45 +0000 |
| commit | ffa5254316cbbafa0c6a1a20fb20016ab7868441 (patch) | |
| tree | 9d7a63262ecabe8ed2800cf0c4c5bce5dccfe731 /board/cr50/fips_cmd.c | |
| parent | 31ff2cfb3a2c6604d0c64dc9410615c8594e1be5 (diff) | |
| download | chrome-ec-ffa5254316cbbafa0c6a1a20fb20016ab7868441.tar.gz | |
u2f: do not commit state changes on TPM command context.
g2f_attestation_cert() is another function which is invoked on the TPM
command context, when virtual TPM NVMEM spaces are read.
One of the side effects of invoking of g2f_attestation_cert() is the
creation of the U2F state, if it did not exist before. In this case
the state should not be immediately committed to the NVMEM, the commit
will happen when the TPM command execution is completed.
BUG=b:199981251
TEST=running ./test/tpm_test/tpmtest.py does not trigger the 'attempt
to commit in unlocked state' message any more.
'make buildall' and 'make CRYTPO_TEST=1 BOARD=cr50' pass
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I708e8807ffd3207cc6ab84a0e380908e715f7a15
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3482487
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Diffstat (limited to 'board/cr50/fips_cmd.c')
| -rw-r--r-- | board/cr50/fips_cmd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index c37766eba9..8e66c36c92 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -81,7 +81,7 @@ static void print_u2f_keys_status(void) hmac_len = read_tpm_nvmem_size(TPM_HIDDEN_U2F_KEK); drbg_len = read_tpm_nvmem_size(TPM_HIDDEN_U2F_KH_SALT); - load_result = u2f_load_or_create_state(&state, false); + load_result = u2f_load_or_create_state(&state, false, false); CPRINTS("U2F HMAC len: %u, U2F Entropy len: %u, U2F load:%u, " "State DRBG len:%u", hmac_len, |