diff options
| -rw-r--r-- | board/cr50/build.mk | 1 | ||||
| -rw-r--r-- | board/cr50/tpm2/manufacture.c | 43 | ||||
| -rw-r--r-- | include/tpm_manufacture.h | 17 |
3 files changed, 61 insertions, 0 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index a5023f1e0c..f1b1b18998 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -42,6 +42,7 @@ board-y += tpm2/ecies.o board-y += tpm2/hash.o board-y += tpm2/hash_data.o board-y += tpm2/hkdf.o +board-y += tpm2/manufacture.o board-y += tpm2/platform.o board-y += tpm2/rsa.o board-y += tpm2/stubs.o diff --git a/board/cr50/tpm2/manufacture.c b/board/cr50/tpm2/manufacture.c new file mode 100644 index 0000000000..b2c214c38e --- /dev/null +++ b/board/cr50/tpm2/manufacture.c @@ -0,0 +1,43 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "console.h" +#include "tpm_manufacture.h" + +#include "Global.h" +#include "NV_fp.h" +#include "Platform.h" +#include "TPM_Types.h" +#include "TpmBuildSwitches.h" +#include "tpm_types.h" + +#define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ## args) + +#define EK_CERT_NV_START_INDEX 0x01C00000 + +int tpm_manufactured(void) +{ + uint32_t nv_ram_index; + const uint32_t rsa_ek_nv_index = EK_CERT_NV_START_INDEX; + const uint32_t ecc_ek_nv_index = EK_CERT_NV_START_INDEX + 1; + + /* + * If nvram_index (value written at NV RAM offset of zero) is all + * ones, or either endorsement certificate is not installed, consider + * the chip un-manufactured. + * + * Thus, wiping flash NV ram allows to re-manufacture the chip. + */ + _plat__NvMemoryRead(0, sizeof(nv_ram_index), &nv_ram_index); + if ((nv_ram_index == ~0) || + (NvIsUndefinedIndex(rsa_ek_nv_index) == TPM_RC_SUCCESS) || + (NvIsUndefinedIndex(ecc_ek_nv_index) == TPM_RC_SUCCESS)) { + CPRINTF("%s: NOT manufactured\n", __func__); + return 0; + } + + CPRINTF("%s: manufactured\n", __func__); + return 1; +} diff --git a/include/tpm_manufacture.h b/include/tpm_manufacture.h new file mode 100644 index 0000000000..57eba367f6 --- /dev/null +++ b/include/tpm_manufacture.h @@ -0,0 +1,17 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* + * This header declares the TPM manufacture related interface. + * Individual boards are expected to provide implementations. + */ + +#ifndef __CROS_EC_TPM_MANUFACTURE_H +#define __CROS_EC_TPM_MANUFACTURE_H + +/* Returns non-zero if the TPM manufacture steps have been completed. */ +int tpm_manufactured(void); + +#endif /* __CROS_EC_TPM_MANUFACTURE_H */ |