Support 'tpmc setbgloballock' for tpm2 case

Some scripts call 'tpmc setbgloballock' or 'tpmc block'. For tpm2 it should be equivalent to pplock, i.e. perform rollback protection actions: writelock for NVRAM firmware index and disable platform hierarchy. BRANCH=none BUG=chrome-os-partner:55210 TEST=run 'tpmc block' on kevin, check that it attempts pplock Change-Id: I51fae6bd111cf3ff3c1dfbed7441868abad8fc15 Reviewed-on: https://chromium-review.googlesource.com/361381 Commit-Ready: Dan Shi <dshi@google.com> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org>
2026-01-08 16:41:55 +00:00 · 2016-07-18 11:23:12 -07:00
parent a15f82296d
commit a071c76978
1 changed files with 4 additions and 1 deletions
--- a/utility/tpmc.c
+++ b/utility/tpmc.c
@@ -450,7 +450,10 @@ command_record command_table[] = {
 #endif
  { "lockphysicalpresence", "pplock", "lock (turn off) PP until reboot",
    TlclLockPhysicalPresence },
-#ifndef TPM2_MODE
+#ifdef TPM2_MODE
+  { "setbgloballock", "block", "set rollback protection lock until reboot",
+    TlclLockPhysicalPresence },
+#else
  { "setbgloballock", "block", "set the bGlobalLock until reboot",
    TlclSetGlobalLock },
 #endif