cr50: Make sure TPM wipe only clears TPM data.

Previously, wiping the TPM would wipe all of NvMem, however, it really
should only clear the TPM's NvMem space.  This commit adds a function to
clear a given NvMem user's space and makes the TPM only clear its space.

BUG=chrome-os-partner:61597
BRANCH=None
TEST=Add code for using nvmem vars, create a test variable, add a user
to snappy, unlock the console, verify that the user is no longer present
on the system and the test nvmem var still exists.
TEST=make -j buildall

Change-Id: Ic98baa5166a1ef9ae76e910b1b9ab100300e947f
Signed-off-by: Aseda Aboagye <aaboagye@google.com>
Reviewed-on: https://chromium-review.googlesource.com/445803
Commit-Ready: Aseda Aboagye <aaboagye@chromium.org>
Tested-by: Aseda Aboagye <aaboagye@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 5 insertions, 6 deletions

diff --git a/include/nvmem.h b/include/nvmem.h
index 87de8b9cae..e9fae3d11d 100644
--- a/include/nvmem.h
+++ b/include/nvmem.h
@@ -174,14 +174,13 @@ int nvmem_move(uint32_t src_offset, uint32_t dest_offset, uint32_t size,
 int nvmem_commit(void);
 
 /*
- * Reinitialzse all NvMem partitions
+ * Clear out a user's data across all partitions.
  *
- * This function should be called when NvMem needs to be wiped out.
- *
- * @return EC_SUCCESS if flash operations are successful.
- *         EC_ERROR_UNKNOWN otherwise.
+ * @param user:   The user who's data should be cleared.
+ * @return        EC_SUCCESS if the user's data across all partitions was
+ *                cleared.  Error othrwise.
  */
-int nvmem_setup(void);
+int nvmem_erase_user_data(enum nvmem_users user);
 
 /*
  * Temporarily stopping NVMEM commits could be beneficial. One use case is