scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-23 17:55:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add clear TPM owner request

Browse Source 
This adds two new flags to crossystem:
   clear_tpm_owner_request
   clear_tpm_owner_done

The first one requests that the firmware clear the TPM owner on the
next boot.  When the firmware does this, it will set
clear_tpm_owner_request=0, and set clear_tpm_owner_done=1.  The OS can
use the done-flag as a hint that trusted things guarded by the TPM are
no longer trustable.

BUG=chromium-os:31974
TEST=manual

crossystem
  // both flags initially 0
crossystem clear_tpm_owner_request=1
crossystem clear_tpm_owner_done=1
  // request=1, done=0; done can be cleared but not set by crossystem
reboot
tpmc getownership
  // owned=no
crossystem
  // request=0, done=1
crossystem clear_tpm_owner_done=0
crossystem
  // both flags 0 again

Signed-off-by: Randall Spangler <rspangler@chromium.org>
Change-Id: I49f83f3c39c3efc3945116c51a241d255c2e42cd
Reviewed-on: https://gerrit.chromium.org/gerrit/25646
This commit is contained in:
Randall Spangler
2012-06-19 10:03:53 -07:00
committed by Gerrit
parent 59576e11e5
commit 29e8807ea0
12 changed files with 122 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
firmware/lib/include/rollback_index.h
View File

@@ -1,4 +1,4 @@
/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
/* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
@@ -70,6 +70,7 @@ uint32_t RollbackS3Resume(void);
/* This must be called. */
uint32_t RollbackFirmwareSetup(int recovery_mode, int is_hw_dev,
int disable_dev_request,
int clear_tpm_owner_request,
/* two outputs on success */
int *is_virt_dev, uint32_t *tpm_version);
@@ -118,7 +119,8 @@ uint32_t OneTimeInitializeTPM(RollbackSpaceFirmware* rsf,
/* SetupTPM starts the TPM and establishes the root of trust for the
* anti-rollback mechanism. */
uint32_t SetupTPM(int recovery_mode, int developer_mode,
int disable_dev_request, RollbackSpaceFirmware* rsf);
int disable_dev_request, int clear_tpm_owner_request,
RollbackSpaceFirmware* rsf);
/* Utility function to turn the virtual dev-mode flag on or off. 0=off, 1=on */
uint32_t SetVirtualDevMode(int val);