Add clear TPM owner request

This adds two new flags to crossystem: clear_tpm_owner_request clear_tpm_owner_done The first one requests that the firmware clear the TPM owner on the next boot. When the firmware does this, it will set clear_tpm_owner_request=0, and set clear_tpm_owner_done=1. The OS can use the done-flag as a hint that trusted things guarded by the TPM are no longer trustable. BUG=chromium-os:31974 TEST=manual crossystem // both flags initially 0 crossystem clear_tpm_owner_request=1 crossystem clear_tpm_owner_done=1 // request=1, done=0; done can be cleared but not set by crossystem reboot tpmc getownership // owned=no crossystem // request=0, done=1 crossystem clear_tpm_owner_done=0 crossystem // both flags 0 again Signed-off-by: Randall Spangler <rspangler@chromium.org> Change-Id: I49f83f3c39c3efc3945116c51a241d255c2e42cd Reviewed-on: https://gerrit.chromium.org/gerrit/25646
2025-11-24 02:05:01 +00:00 · 2012-06-19 10:03:53 -07:00
parent 59576e11e5
commit 29e8807ea0
12 changed files with 122 additions and 26 deletions
--- a/firmware/lib/vboot_api_init.c
+++ b/firmware/lib/vboot_api_init.c
@@ -29,6 +29,7 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
  int is_hw_dev = 0;
  int is_virt_dev = 0;
  uint32_t disable_dev_request = 0;
+  uint32_t clear_tpm_owner_request = 0;
  int is_dev = 0;

  VBDEBUG(("VbInit() input flags 0x%x\n", iparams->flags));
@@ -136,12 +137,16 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
    if (gbb->flags & GBB_FLAG_FORCE_DEV_SWITCH_ON)
      is_hw_dev = 1;

+    /* Check if we've been explicitly asked to clear the TPM owner */
+    VbNvGet(&vnc, VBNV_CLEAR_TPM_OWNER_REQUEST, &clear_tpm_owner_request);
+
    VBPERFSTART("VB_TPMI");
    /* Initialize the TPM. If the developer mode state has changed since the
     * last boot, we need to clear TPM ownership. If the TPM space is
     * initialized by this call, the virtual dev-switch will be disabled by
     * default) */
    tpm_status = RollbackFirmwareSetup(recovery, is_hw_dev, disable_dev_request,
+                                       clear_tpm_owner_request,
                                       /* two outputs on success */
                                       &is_virt_dev, &tpm_version);
    VBPERFEND("VB_TPMI");
@@ -180,6 +185,10 @@ VbError_t VbInit(VbCommonParams* cparams, VbInitParams* iparams) {
    }
    if (disable_dev_request && !is_virt_dev)
      VbNvSet(&vnc, VBNV_DISABLE_DEV_REQUEST, 0);
+    if (clear_tpm_owner_request) {
+      VbNvSet(&vnc, VBNV_CLEAR_TPM_OWNER_REQUEST, 0);
+      VbNvSet(&vnc, VBNV_CLEAR_TPM_OWNER_DONE, 1);
+    }
  }

  /* Allow BIOS to load arbitrary option ROMs? */