diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2020-06-18 17:23:07 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-25 21:34:59 +0000 |
| commit | a33e33844859f5e3b2949cd085fce50acad29f86 (patch) | |
| tree | 0bcc8679a1022cd4cb281b00cf3a27357c62b56e /include/new_nvmem.h | |
| parent | 2d7cdfffa2fec56805406c50e8c3b58b6d0b617c (diff) | |
| download | chrome-ec-a33e33844859f5e3b2949cd085fce50acad29f86.tar.gz | |
NVMEM: selective erase of TPM objects
This patch adds another NVMEM API, which allows to erase stored TPM
objects selectively. The list of indices of the objects to be erases
is supplied in a zero terminated array.
The existing nvmem_erase_tpm_data() has been modified to erase only
selected objects, if the list of objects is supplied by the caller.
BUG=b:138578447
TEST=Using tpm_manager_client created a bogus NVMEM object, modified
Cr50 code to provide a CLI command which would invoke the new
NVMEM API function to delete the new object.
Invoked 'dump_nvmem' command before and after deleting the bogus
object. Observed the NVMEM contents compacted and the bogus
object deleted. Rebooted the device, observed proper Chrome OS
start up maintaining the existing user account.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3e299c8004141fa01ff20c290131b6526575c42e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2253324
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'include/new_nvmem.h')
| -rw-r--r-- | include/new_nvmem.h | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/include/new_nvmem.h b/include/new_nvmem.h index 37399702f8..9aa551c761 100644 --- a/include/new_nvmem.h +++ b/include/new_nvmem.h @@ -134,7 +134,24 @@ struct access_tracker { enum ec_error_list new_nvmem_init(void); enum ec_error_list new_nvmem_migrate(unsigned int nvmem_act_partition); enum ec_error_list new_nvmem_save(void); -int nvmem_erase_tpm_data(void); + +/* + * nvmem_erase_tpm_data_selective + * + * Delete from NVMEM TPM NVMEM objects listed in the zero terminated array of + * indices. If the pointer to the array is NULL - delete all TPM objects. + * + * Once deletion is completed, fill up the current top page with erased + * objects, then compact the flash storage. This will ensure that the NVMEM + * does not contain erased instances of deleted objects. + */ +int nvmem_erase_tpm_data_selective(const uint32_t *objs_to_erase); + +/* Erase all TMP NVMEM objects. */ +static inline int nvmem_erase_tpm_data(void) +{ + return nvmem_erase_tpm_data_selective(NULL); +} #if defined(TEST_BUILD) && !defined(TEST_FUZZ) #define NVMEM_TEST_BUILD |