vboot2: tpm2 factory initialization

Hardware / Coreboot - Vadim Bendebury [chromium.org] - 11 July 2016 17:27 UTC

This patch adds a TPM2 specific path in the vboot2 initialization sequence when the device is turned on in the factory for the first time, namely two secure NVRAM spaces are created, with different access privileges.

The higher privilege space can be modified only be the RO firmware, and the lower privilege space can be modified by both RO and RW firmware.

The API is being modified to hide the TPM implementation details from the caller.

Some functions previously exported as global are in fact not used anywhere else, they are being defined static.

BRANCH=none BUG=chrome-os-partner:50645 TEST=when this code is enabled the two secure spaces are successfully created during factory initialization.

Original-Commit-Id: 5f082d6a9b095c3efc283b7a49eac9b4f2bcb6ec Original-Change-Id: I917b2f74dfdbd214d7f651ce3d4b80f4a18def20

10ea104 vboot2: tpm2 factory initialization.
src/include/antirollback.h | 16 --
.../google/chromeos/vboot2/antirollback.c | 187 ++++++++++++++------
.../google/chromeos/vboot2/secdata_mock.c | 10 --
3 files changed, 131 insertions(+), 82 deletions(-)

Upstream: review.coreboot.org

  • Share