2 files changed, 64 insertions, 0 deletions

diff --git a/board/cr50/tpm_nvmem_ops.c b/board/cr50/tpm_nvmem_ops.c
index 34e0c76879..90bddfb313 100644
--- a/board/cr50/tpm_nvmem_ops.c
+++ b/board/cr50/tpm_nvmem_ops.c
@@ -53,3 +53,42 @@ enum tpm_read_rv read_tpm_nvmem(uint16_t obj_index,
 
 	return tpm_read_success;
 }
+
+enum tpm_read_rv read_tpm_nvmem_hidden(uint16_t object_index,
+				       uint16_t object_size,
+				       void *obj_value)
+{
+	if (NvGetHiddenObject(HR_HIDDEN | object_index,
+			      object_size,
+			      obj_value) == TPM_RC_SUCCESS) {
+		return tpm_read_success;
+	} else {
+		return tpm_read_not_found;
+	}
+}
+
+enum tpm_write_rv write_tpm_nvmem_hidden(uint16_t object_index,
+					 uint16_t object_size,
+					 void *obj_value,
+					 int commit)
+{
+	enum tpm_write_rv ret = tpm_write_fail;
+
+	uint32_t handle = object_index | HR_HIDDEN;
+
+	if (!NvIsDefinedHiddenObject(handle) &&
+	    NvAddHiddenObject(handle,
+			      object_size,
+			      obj_value) == TPM_RC_SUCCESS) {
+		ret = tpm_write_created;
+	} else if (NvWriteHiddenObject(handle,
+				       object_size,
+				       obj_value) == TPM_RC_SUCCESS) {
+		ret = tpm_write_updated;
+	}
+
+	if (commit && !NvCommit())
+		ret = tpm_write_fail;
+
+	return ret;
+}
diff --git a/board/cr50/tpm_nvmem_ops.h b/board/cr50/tpm_nvmem_ops.h
index 77247e0615..d01c804c4e 100644
--- a/board/cr50/tpm_nvmem_ops.h
+++ b/board/cr50/tpm_nvmem_ops.h
@@ -13,8 +13,33 @@ enum tpm_read_rv {
 	tpm_read_too_small
 };
 
+enum tpm_write_rv {
+	tpm_write_created,
+	tpm_write_updated,
+	tpm_write_fail
+};
+
+enum tpm_nv_hidden_object {
+	TPM_HIDDEN_U2F_KEK
+};
+
 enum tpm_read_rv read_tpm_nvmem(uint16_t object_index,
 				uint16_t object_size,
 				void *obj_value);
 
+/*
+ * The following functions must only be called from the TPM task,
+ * and only after TPM initialization is complete (specifically,
+ * after NvInitStatic).
+ */
+
+enum tpm_read_rv read_tpm_nvmem_hidden(uint16_t object_index,
+				       uint16_t object_size,
+				       void *obj_value);
+
+enum tpm_write_rv write_tpm_nvmem_hidden(uint16_t object_index,
+					 uint16_t object_size,
+					 void *obj_value,
+					 int commit);
+
 #endif  /* ! __EC_BOARD_CR50_TPM_NVMEM_OPS_H */