tpm2: add tlcl_force_clear and use it before factory init

tlcl_force_clear() needs to be issued each time when the device mode
switches between normal/development/recovery.

This patch adds command implementation using TPM_Clear TPM2 command,
and also invokes it before factory initialization.

BRANCH=none
BUG=chrome-os-partner:50645
TEST=verified that TPM_Clear command succeeds at factory startup and
     the boot proceeds normally.

Change-Id: Ia431390870cbe448bc1b6f1755ed17953be9bdf1
Signed-off-by: Martin Roth <martinroth@chromium.org>
Original-Commit-Id: 347ff17b97da45fa4df547ff32f9dd2c8972cefd
Original-Change-Id: I2a0e62527ad46f9dd060afe5e75c7e4d56752849
Original-Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/358095
Original-Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Original-Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Reviewed-on: https://review.coreboot.org/15636
Tested-by: build bot (Jenkins)
Reviewed-by: Philipp Deppenwiese <zaolin.daisuki@googlemail.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/src/vendorcode/google/chromeos/vboot2/antirollback.c b/src/vendorcode/google/chromeos/vboot2/antirollback.c
index bce2ca118a..5b738c4897 100644
--- a/src/vendorcode/google/chromeos/vboot2/antirollback.c
+++ b/src/vendorcode/google/chromeos/vboot2/antirollback.c
@@ -145,6 +145,7 @@ static uint32_t set_kernel_space(const void *kernel_blob)
 
 static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 {
+	RETURN_ON_FAILURE(tlcl_force_clear());
 	RETURN_ON_FAILURE(set_firmware_space(ctx->secdata));
 	RETURN_ON_FAILURE(set_kernel_space(secdata_kernel));
 	return TPM_SUCCESS;