diff options
| author | Aseda Aboagye <aaboagye@google.com> | 2017-02-13 10:57:26 -0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-02-23 01:19:07 -0800 |
| commit | d7303404a59a296fad9085db23fa18fe97f0f5c3 (patch) | |
| tree | 5b20b0f8f182f60519509c68a46f2e63e27c2433 /common | |
| parent | 3ce5e5d8b3ebdd9abf9d182082a81e29bd899d2b (diff) | |
| download | chrome-ec-d7303404a59a296fad9085db23fa18fe97f0f5c3.tar.gz | |
cr50: Make sure TPM wipe only clears TPM data.
Previously, wiping the TPM would wipe all of NvMem, however, it really
should only clear the TPM's NvMem space. This commit adds a function to
clear a given NvMem user's space and makes the TPM only clear its space.
BUG=chrome-os-partner:61597
BRANCH=None
TEST=Add code for using nvmem vars, create a test variable, add a user
to snappy, unlock the console, verify that the user is no longer present
on the system and the test nvmem var still exists.
TEST=make -j buildall
Change-Id: Ic98baa5166a1ef9ae76e910b1b9ab100300e947f
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/445803
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'common')
| -rw-r--r-- | common/nvmem.c | 27 | ||||
| -rw-r--r-- | common/tpm_registers.c | 4 |
2 files changed, 19 insertions, 12 deletions
diff --git a/common/nvmem.c b/common/nvmem.c index 7ffde9d977..cb4abc3287 100644 --- a/common/nvmem.c +++ b/common/nvmem.c @@ -358,34 +358,41 @@ static int nvmem_get_partition_off(int user, uint32_t offset, return EC_SUCCESS; } -int nvmem_setup(void) +int nvmem_erase_user_data(enum nvmem_users user) { int part; int ret; + uint32_t user_offset, user_size; - CPRINTS("Configuring NVMEM Flash Partition"); + if (user >= NVMEM_NUM_USERS) + return EC_ERROR_INVAL; - part = nvmem_act_partition; - nvmem_act_partition = 0; + CPRINTS("Erasing NVMEM Flash Partition user: %d", user); ret = EC_SUCCESS; + /* Find offset within cache. */ + user_offset = nvmem_user_start_offset[user]; + user_size = nvmem_user_sizes[user]; + for (part = 0; part < NVMEM_NUM_PARTITIONS; part++) { int rv; - memset(nvmem_cache, 0xff, NVMEM_PARTITION_SIZE); + /* Lock the cache buffer. */ + nvmem_lock_cache(); + /* Erase the user's data. */ + memset(nvmem_cache + user_offset, 0xFF, user_size); + /* * Make sure the contents change between runs of - * nvmem_save() so that both flash partitions are + * nvmem_save() so that all flash partitions are * written with empty contents and different * generation numbers. */ ((struct nvmem_partition *)nvmem_cache)->tag.generation = part; - /* Lock the cache buffer (unlocked by nvmem_save() */ - nvmem_lock_cache(); - rv = nvmem_save(); - /* Even if one partition saving failed, let's keep going. */ + /* Make a best effort to clear each partition. */ + rv = nvmem_save(); if (rv != EC_SUCCESS) ret = rv; } diff --git a/common/tpm_registers.c b/common/tpm_registers.c index c2728522ae..cac79c725d 100644 --- a/common/tpm_registers.c +++ b/common/tpm_registers.c @@ -727,8 +727,8 @@ static void tpm_reset_now(int wipe_first) cprints(CC_TASK, "%s: force EC off", __func__); assert_ec_rst(); - /* Now wipe nvmem */ - wipe_result = nvmem_setup(); + /* Now wipe the TPM's nvmem */ + wipe_result = nvmem_erase_user_data(NVMEM_TPM); } else { wipe_result = EC_SUCCESS; } |