From a33e33844859f5e3b2949cd085fce50acad29f86 Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Thu, 18 Jun 2020 17:23:07 -0700 Subject: NVMEM: selective erase of TPM objects This patch adds another NVMEM API, which allows to erase stored TPM objects selectively. The list of indices of the objects to be erases is supplied in a zero terminated array. The existing nvmem_erase_tpm_data() has been modified to erase only selected objects, if the list of objects is supplied by the caller. BUG=b:138578447 TEST=Using tpm_manager_client created a bogus NVMEM object, modified Cr50 code to provide a CLI command which would invoke the new NVMEM API function to delete the new object. Invoked 'dump_nvmem' command before and after deleting the bogus object. Observed the NVMEM contents compacted and the bogus object deleted. Rebooted the device, observed proper Chrome OS start up maintaining the existing user account. Signed-off-by: Vadim Bendebury Change-Id: I3e299c8004141fa01ff20c290131b6526575c42e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2253324 Reviewed-by: Vadim Sukhomlinov Reviewed-by: Andrey Pronin Commit-Queue: Andrey Pronin --- include/new_nvmem.h | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'include/new_nvmem.h') diff --git a/include/new_nvmem.h b/include/new_nvmem.h index 37399702f8..9aa551c761 100644 --- a/include/new_nvmem.h +++ b/include/new_nvmem.h @@ -134,7 +134,24 @@ struct access_tracker { enum ec_error_list new_nvmem_init(void); enum ec_error_list new_nvmem_migrate(unsigned int nvmem_act_partition); enum ec_error_list new_nvmem_save(void); -int nvmem_erase_tpm_data(void); + +/* + * nvmem_erase_tpm_data_selective + * + * Delete from NVMEM TPM NVMEM objects listed in the zero terminated array of + * indices. If the pointer to the array is NULL - delete all TPM objects. + * + * Once deletion is completed, fill up the current top page with erased + * objects, then compact the flash storage. This will ensure that the NVMEM + * does not contain erased instances of deleted objects. + */ +int nvmem_erase_tpm_data_selective(const uint32_t *objs_to_erase); + +/* Erase all TMP NVMEM objects. */ +static inline int nvmem_erase_tpm_data(void) +{ + return nvmem_erase_tpm_data_selective(NULL); +} #if defined(TEST_BUILD) && !defined(TEST_FUZZ) #define NVMEM_TEST_BUILD -- cgit v1.2.1