diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2016-07-03 15:24:23 -0700 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2016-07-13 23:59:32 +0200 |
commit | 7ee057c700dd3481eae9a4b3ee13831798fe8ea5 (patch) | |
tree | 7f9a661e2aadb6b4f43c2256bb47b877cddf50e7 /src/device/smbus_ops.c | |
parent | 6acb9a6012de11d998716fd024a3adccbba9b5c3 (diff) | |
download | coreboot-7ee057c700dd3481eae9a4b3ee13831798fe8ea5.tar.xz |
tpm2: use pcr0 dependent nvram space policy definitions
The TPM2 specification allows defining NV ram spaces in a manner
that makes it impossible to remove the space until a certain PCR is in
a certain state.
This comes in handy when defining spaces for rollback counters: make
their removal depend on PCR0 being in the default state. Then extend
PCR0 to any value. This guarantees that the spaces can not be deleted.
Also, there is no need t create firmware and kernel rollback spaces
with different privileges: they both can be created with the same set of
properties, the firmware space could be locked by the RO firmware, and
the kernel space could be locked by the RW firmware thus providing
necessary privilege levels.
BRANCH=none
BUG=chrome-os-partner:50645, chrome-os-partner:55063
TEST=with the rest of the patches applied it is possible to boot into
Chrome OS maintaining two rollback counter spaces in the TPM NV
ram locked at different phases of the boot process.
Change-Id: I889b2c4c4831ae01c093f33c09b4d98a11d758da
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 36317f5e85107b1b2e732a5bb2a38295120560cd
Original-Change-Id: I69e5ada65a5f15a8c04be9def92a8e1f4b753d9a
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358094
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-on: https://review.coreboot.org/15635
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>
Diffstat (limited to 'src/device/smbus_ops.c')
0 files changed, 0 insertions, 0 deletions