03bf301d82
There is no code which uses the backup space in TPM created for vboot
nvram.
All chromebooks currently supported at the trunk store vboot nvram
in flash directly or as a backup.
BUG=chrome-os-partner:47915
BRANCH=none
TEST=emerge-samus coreboot
Change-Id: I9445dfd822826d668b3bfed8ca50dc9386f2b2b0
Signed-off-by: Patrick Georgi <pgeorgi@chromium.org>
Original-Commit-Id: 5cee2d54c9
Original-Change-Id: Ied0cec0ed489df3b39f6b9afd3941f804557944f
Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/395507
Original-Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://review.coreboot.org/16997
Tested-by: build bot (Jenkins)
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Martin Roth <martinroth@google.com>
79 lines
2.1 KiB
C
79 lines
2.1 KiB
C
/* Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*
|
|
* Functions for querying, manipulating and locking rollback indices
|
|
* stored in the TPM NVRAM.
|
|
*/
|
|
|
|
#ifndef ANTIROLLBACK_H_
|
|
#define ANTIROLLBACK_H_
|
|
|
|
#include "tpm_lite/tss_constants.h"
|
|
|
|
struct vb2_context;
|
|
enum vb2_pcr_digest;
|
|
|
|
/* TPM NVRAM location indices. */
|
|
#define FIRMWARE_NV_INDEX 0x1007
|
|
#define KERNEL_NV_INDEX 0x1008
|
|
/* 0x1009 used to be used as a backup space. Think of conflicts if you
|
|
* want to use 0x1009 for something else. */
|
|
|
|
/* Structure definitions for TPM spaces */
|
|
|
|
/* Flags for firmware space */
|
|
|
|
/*
|
|
* Last boot was developer mode. TPM ownership is cleared when transitioning
|
|
* to/from developer mode.
|
|
*/
|
|
#define FLAG_LAST_BOOT_DEVELOPER 0x01
|
|
|
|
/* All functions return TPM_SUCCESS (zero) if successful, non-zero if error */
|
|
|
|
uint32_t antirollback_read_space_firmware(struct vb2_context *ctx);
|
|
|
|
/**
|
|
* Write may be called if the versions change.
|
|
*/
|
|
uint32_t antirollback_write_space_firmware(struct vb2_context *ctx);
|
|
|
|
/**
|
|
* Lock must be called.
|
|
*/
|
|
uint32_t antirollback_lock_space_firmware(void);
|
|
|
|
/****************************************************************************/
|
|
|
|
/*
|
|
* The following functions are internal apis, listed here for use by unit tests
|
|
* only.
|
|
*/
|
|
|
|
/**
|
|
* Ask vboot for a digest and extend a TPM PCR with it.
|
|
*/
|
|
uint32_t tpm_extend_pcr(struct vb2_context *ctx, int pcr,
|
|
enum vb2_pcr_digest which_digest);
|
|
|
|
/**
|
|
* Issue a TPM_Clear and reenable/reactivate the TPM.
|
|
*/
|
|
uint32_t tpm_clear_and_reenable(void);
|
|
|
|
/**
|
|
* Perform one-time initializations.
|
|
*
|
|
* Create the NVRAM spaces, and set their initial values as needed. Sets the
|
|
* nvLocked bit and ensures the physical presence command is enabled and
|
|
* locked.
|
|
*/
|
|
uint32_t factory_initialize_tpm(struct vb2_context *ctx);
|
|
|
|
/**
|
|
* Start the TPM and establish the root of trust for the antirollback mechanism.
|
|
*/
|
|
uint32_t setup_tpm(struct vb2_context *ctx);
|
|
|
|
#endif /* ANTIROLLBACK_H_ */
|