cr50: Add a separate seed for kek, that resets on TPM clear.

This is so that U2F registrations are invalidated after the device goes through powerwash. TEST=test_that <..> firmware_Cr50U2fPowerwash, manual tests BRANCH=none BUG=b:112604850 Change-Id: I94257ec71adc7d49dcb676f0b1dc9aa1151116bd Signed-off-by: Louis Collard <louiscollard@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1308238 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org>
author: Louis Collard <louiscollard@chromium.org> 2018-10-31 09:28:33 +0800
committer: chrome-bot <chrome-bot@chromium.org> 2018-11-27 04:29:04 -0800
commit: 3397a5374e6ba7dac7ba06d6a4e74be95fa98d1f (patch)
tree: 06e3f2b7317d18efefd87d58867232039173c287 /board/cr50/tpm2
parent: a4308b11e2e41f033cdc3aa80f5ae613b131be07 (diff)
download: chrome-ec-3397a5374e6ba7dac7ba06d6a4e74be95fa98d1f.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c
index 964fe45dda..407a71f94d 100644
--- a/board/cr50/tpm2/platform.c
+++ b/board/cr50/tpm2/platform.c
@@ -10,6 +10,7 @@
 #include "pinweaver.h"
 #include "tpm_nvmem.h"
 #include "trng.h"
+#include "u2f_impl.h"
 #include "util.h"
 #include "version.h"
 
@@ -89,3 +90,9 @@ BOOL _plat__ShallSurviveOwnerClear(uint32_t  index)
 {
 	return index == HR_NV_INDEX + FWMP_NV_INDEX;
 }
+
+void _plat__OwnerClearCallback(void)
+{
+	// Invalidate existing u2f registrations.
+	u2f_gen_kek_seed(0 /* commit */);
+}
author	Louis Collard <louiscollard@chromium.org>	2018-10-31 09:28:33 +0800
committer	chrome-bot <chrome-bot@chromium.org>	2018-11-27 04:29:04 -0800
commit	3397a5374e6ba7dac7ba06d6a4e74be95fa98d1f (patch)
tree	06e3f2b7317d18efefd87d58867232039173c287 /board/cr50/tpm2
parent	a4308b11e2e41f033cdc3aa80f5ae613b131be07 (diff)
download	chrome-ec-3397a5374e6ba7dac7ba06d6a4e74be95fa98d1f.tar.gz