diff options
author | Andrey Pronin <apronin@chromium.org> | 2018-08-01 20:57:14 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-08-07 18:08:54 -0700 |
commit | f33a10bba34c74e8b06e4bf1d157fbede13d5526 (patch) | |
tree | bff49a4e3a49b7290e30919fcb7bfb8699cc0f49 /include | |
parent | ea6d73395e9fc15228b2f01f1e2c319aa3e20005 (diff) | |
download | chrome-ec-f33a10bba34c74e8b06e4bf1d157fbede13d5526.tar.gz |
cr50: implement _plat__ShallSurviveOwnerClear
To persist some special indexes over TPM owner clear,
implement a _plat__ShallSurviveOwnerClear callback that
tells TPM2 stack, which indexes shall be kept.
As of now, only FWMP index shall be retained.
BRANCH=cr50
BUG=b:112099050
TEST=1) Create FWMP.
cryptohome --action=tpm_take_ownership [and wait]
cryptohome --action=set_firmware_management_parameters \
--flags=0xbb00
2) Clear the owner.
crossystem clear_tpm_owner_request=1
reboot
3) Verify that FWMP still exists, but cannot be overwritten.
cryptohome --action=get_firmware_management_parameters
(but the following fails:)
cryptohome --action=set_firmware_management_parameters \
--flags=0xcc00
cryptohome --action=remove_firmware_management_parameters
4) Verify that it can be written/removed after taking ownership.
cryptohome --action=tpm_take_ownership [and wait]
cryptohome --action=set_firmware_management_parameters \
--flags=0xdd00
cryptohome --action=remove_firmware_management_parameters
Change-Id: I3236d61adbfb7665c0a4bfc1a7addeaa1f0eb3ee
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1159854
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/tpm_nvmem.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/include/tpm_nvmem.h b/include/tpm_nvmem.h new file mode 100644 index 0000000000..2508c9ae65 --- /dev/null +++ b/include/tpm_nvmem.h @@ -0,0 +1,13 @@ +/* Copyright 2018 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * TPM NVMEM definitions. + */ +#ifndef __CROS_EC_TPM_NVMEM_H +#define __CROS_EC_TPM_NVMEM_H + +#define FIRMWARE_NV_INDEX 0x1007 +#define FWMP_NV_INDEX 0x100a + +#endif /* __CROS_EC_TPM_NVMEM_H */ |