diff options
author | Howard Yang <hcyang@google.com> | 2023-03-16 14:10:45 +0800 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-04-06 02:58:52 +0000 |
commit | faa0d9248bf6e7fbdaf441a6b76723455f707c4f (patch) | |
tree | e668f0bb432dc43875840f6ba0877593f38a197f /board | |
parent | 1bc5ed4c9d9bd17141fbc3ea05954061e8b7c211 (diff) | |
download | chrome-ec-faa0d9248bf6e7fbdaf441a6b76723455f707c4f.tar.gz |
cr50: Clear pairing secret upon TPM clear
The pairing secret (Pk) used for biometrics PinWeaver protocol needs to
be cleared during TPM clear.
BUG=b:262040869
TEST=(with depended CL) pinweaver_client biometrics_selftest
Cq-Depend: chromium:4337481
Change-Id: Ie07869f75aea64a7950d04693722b74c11a913ca
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4344442
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board')
-rw-r--r-- | board/cr50/tpm2/platform.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c index 5bbc927f08..e65dd44a1f 100644 --- a/board/cr50/tpm2/platform.c +++ b/board/cr50/tpm2/platform.c @@ -8,7 +8,9 @@ #include "ccd_config.h" #include "console.h" -#include "pinweaver_cr50.h" +#include "nvmem_vars.h" +#include "pinweaver.h" +#include "pinweaver_eal.h" #include "tpm_nvmem.h" #include "tpm_nvmem_ops.h" #include "dcrypto.h" @@ -133,8 +135,13 @@ BOOL _plat__ShallSurviveOwnerClear(uint32_t index) void _plat__OwnerClearCallback(void) { + int result; enum ec_error_list rv; + /* Invalidate existing biometrics pairing secrets. */ + result = setvar(PW_FP_PK, sizeof(PW_FP_PK) - 1, NULL, 0); + if (result) + CPRINTF("%s: failed (%d)\n", __func__, result); /* Invalidate existing u2f registrations. */ rv = u2f_gen_kek_seed(); if (rv != EC_SUCCESS) |