diff options
-rw-r--r-- | common/new_nvmem.c | 33 | ||||
-rw-r--r-- | include/new_nvmem.h | 19 |
2 files changed, 44 insertions, 8 deletions
diff --git a/common/new_nvmem.c b/common/new_nvmem.c index 445d731f86..01d3bd69f1 100644 --- a/common/new_nvmem.c +++ b/common/new_nvmem.c @@ -2995,13 +2995,7 @@ static void dump_contents(const struct nn_container *ch) ccprintf("\n"); } -/* - * Clear tpm data from nvmem. First fill up the current top page with erased - * objects, then compact the flash storage, removing all TPM related objects. - * This would guarantee that all pages where TPM objecs were stored would be - * erased. - */ -int nvmem_erase_tpm_data(void) +int nvmem_erase_tpm_data_selective(const uint32_t *objs_to_erase) { const uint8_t *key; const uint8_t *val; @@ -3024,6 +3018,31 @@ int nvmem_erase_tpm_data(void) (ch->container_type != NN_OBJ_TPM_EVICTABLE)) continue; + /* If not all TPM objects need to be erased. */ + if (objs_to_erase) { + uint32_t curent_obj; + const uint32_t *obj; + + /* Index of the current NVMEM object. */ + memcpy(&curent_obj, ch + 1, sizeof(curent_obj)); + + /* + * Iterate over indices of the subset of objects which + * need to be erased. + */ + obj = objs_to_erase; + do { + if (curent_obj == *obj) + break; + } while (*(++obj)); + + /* + * If current NVMEM object is not in the list, do not + * erase it. + */ + if (!*obj) + continue; + } delete_object(&at, ch); } diff --git a/include/new_nvmem.h b/include/new_nvmem.h index 37399702f8..9aa551c761 100644 --- a/include/new_nvmem.h +++ b/include/new_nvmem.h @@ -134,7 +134,24 @@ struct access_tracker { enum ec_error_list new_nvmem_init(void); enum ec_error_list new_nvmem_migrate(unsigned int nvmem_act_partition); enum ec_error_list new_nvmem_save(void); -int nvmem_erase_tpm_data(void); + +/* + * nvmem_erase_tpm_data_selective + * + * Delete from NVMEM TPM NVMEM objects listed in the zero terminated array of + * indices. If the pointer to the array is NULL - delete all TPM objects. + * + * Once deletion is completed, fill up the current top page with erased + * objects, then compact the flash storage. This will ensure that the NVMEM + * does not contain erased instances of deleted objects. + */ +int nvmem_erase_tpm_data_selective(const uint32_t *objs_to_erase); + +/* Erase all TMP NVMEM objects. */ +static inline int nvmem_erase_tpm_data(void) +{ + return nvmem_erase_tpm_data_selective(NULL); +} #if defined(TEST_BUILD) && !defined(TEST_FUZZ) #define NVMEM_TEST_BUILD |