diff options
| author | Namyoon Woo <namyoon@chromium.org> | 2018-10-31 17:35:09 -0700 |
|---|---|---|
| committer | Vadim Bendebury <vbendeb@chromium.org> | 2019-09-21 13:46:57 -0700 |
| commit | 25db435d6f7c1fef3177e54f17a5a8ea42534bb2 (patch) | |
| tree | 02252dcb07d0eac104661369555b29a43884df92 /include | |
| parent | bb69bfff835f5ac10d78466711784284bd1ddd6f (diff) | |
| download | chrome-ec-25db435d6f7c1fef3177e54f17a5a8ea42534bb2.tar.gz | |
cr50: revoke key ladder on disabling TPM
Disabling TPM will do revoke H1 key laddder.
Querying TPM_MODE or enabling TPM_MODE will fail if H1 Key
Ladder is already revoked.
BUG=b:118504817
BRANCH=cr50
TEST=Manually tested with TPM disabling and Resume or Warm Reboot.
(1) Resume
$ trunks_send --raw 80 01 00 00 00 0c 00 00 01 45 00 01
80010000000A00000000
$ gsctool -a -m disable
TPM Mode: disabled (2)
$ echo mem > /sys/power/state
(press key on chromebook either after three seconds or in a second.)
(2) Warm Reboot
$ gsctool -a -m disable
(press refresh + power button or run kernel command 'reboot')
Check Chrome os boot ok.
No TPM command failures were observed (in CR50 console).
(3) Windows Warm Reboot or Resume are checked.
Change-Id: I32fffc432a9a6068ea324a97225974c581cb9359
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 2b9ee186544863f29a84477aa46a80a57d8f09e0)
Reviewed-on: https://chromium-review.googlesource.com/c/1465009
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit daa8a3a52b2289e807738ed8be61870a3383a00c)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1548161
(cherry picked from commit 2fea626df59acaf9683e8f077a9daf9b338097e1)
Diffstat (limited to 'include')
| -rw-r--r-- | include/nvmem.h | 5 | ||||
| -rw-r--r-- | include/tpm_vendor_cmds.h | 10 |
2 files changed, 14 insertions, 1 deletions
diff --git a/include/nvmem.h b/include/nvmem.h index 1ca09fff38..c705bc4b1c 100644 --- a/include/nvmem.h +++ b/include/nvmem.h @@ -205,6 +205,11 @@ void nvmem_disable_commits(void); */ int nvmem_enable_commits(void); +/* + * Clear all NVMEM cache in SRAM. + */ +void nvmem_clear_cache(void); + #ifdef __cplusplus } #endif diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index a3b260cf05..39ef3b8b57 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -77,7 +77,15 @@ enum vendor_cmd_cc { * in 'enum tpm_modes', tpm_registers.h. * If the input size is zero, it won't change TPM_MODE. * If either the input size is zero or the input value is valid, - * it will response with the current tpm_mode value in uint8_t format. + * it will respond with the current tpm_mode value in uint8_t format. + * + * Return code: + * VENDOR_RC_SUCCESS: completed successfully. + * VENDOR_RC_INTERNAL_ERROR: failed for an internal reason. + * VENDOR_RC_NOT_ALLOWED: failed in changing TPM_MODE, + * since it is already set. + * VENDOR_RC_NO_SUCH_SUBCOMMAND: failed because the given input + * is undefined. */ VENDOR_CC_TPM_MODE = 40, /* |