The Cr50 console provides access to all sorts of dangerous
commands. To protect user secrets, we must erase the persistent
storage before unlocking the console.
Note that this will not powerwash the AP, leaving you with the
impression that you've just forgotten your password. You'll have
to manually powerwash (Ctrl+Alt+Shift+R) afterwards. That will be
addressed in a future CL.
BUG=chrome-os-partner:55728
BRANCH=none
TEST=make buildall, test on Gru
Lock the console if it's not already ("lock enable"), then unlock
it with "lock disable". Confirm that the NVMEM region is erased
following a successful unlock process.
Change-Id: Iebcd69c9f757f5ab5d496218f065197d3f1f746c
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/382666
Reviewed-by: Randall Spangler <rspangler@chromium.org>
TPM2.0 needs more NvMem space and currently the whole block is
contiguous in memory with 2 partitions. This CL removes the
requirement that the partitions are in contiguous which allows for 1
partition to placed at top of RW_A and the other at RW_B.
This CL does not change the size of each partition as that will be
done in a subsequent CL.
BRANCH=none
BUG=chrome-os-partner:56798
TEST=manual
Tested with the unit test 'make runtests TEST_LIST_HOST=nvmem' and
verified that all tests pass.
Tested on Kevin, erased the existing NvMem area and verified that TPM
was still manufactured and executed the command: trunks_client --own
Erased parition 0 and 1 in the new locations and repeated the tests.
Change-Id: I295441f94dccdf5a152c32603c2638ffac23f471
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/378675
Commit-Ready: Bill Richardson <wfrichar@chromium.org>
Tested-by: Bill Richardson <wfrichar@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
The nvmem space defined in the ec code base for the cr50 board is used
by the TPM2 library, which has its own nvram size definition. The two
definitions must match.
On top of the fact that the definitions are not locked to each other,
there is a third completely unrelated nvram size definition in
board/cr50/board.c.
This patch unifies nvmem size definitions between cr50 and tpm2
repositories by adding a compile time check for the size to be the
same on both sides.
Also, it turns out that two certificates (RSA and ECC) together do not
quite fit into the cr50 TPM nvram. Hence the total allocated nvmem
space is being increased to 20K (note that the actual nvram size
available to the TPM is less than half of this).
BRANCH=none
BUG=chrome-os-partner:55898
TEST=tpm does not lock up any more when 'tpm_client --own' is ran on the
Kevin-tpm2 command line
CQ-DEPEND=CL:367010
Change-Id: I20b4f54118bd2fa12e5bd5741d6c58fbe91f65d1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/366796
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Used #define CONFIG_FLASH_NVMEM to have functions in
/board/tpm2/NVMem.c utlitize on chip Nvmem functions.
On chip NV Memory availability is tied to an internal nvmem
error state which itself only depends on finding at least one
valid partition.
Added nvmem_is_different and nvmem_move functions which were
needed to complete the tpm2 platform interface. In addition,
added unit tests to support these two new functions.
BUG=chrome-os-partner:44745
BRANCH=none
TEST=manual
make runtests TEST_LIST_HOST=nvmem and verify that all tests pass.
Tested with tcg_test utility to test reads/writes using the
command "build/test-tpm2/install/bin/compliance --ntpm
localhost:9883 --select CPCTPM_TC2_3_33_07_01".
Change-Id: I475fdd1331e28ede00f9b674c7bee1536fa9ea48
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/346236
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Full implementation of NvMem read, write, and commit functions.
Includes partition definitions, shared memory allocation, and
initialization function.
Includes a set of unit tests located in ec/test/nvmem.c which
verify functionality.
This module is required by Cr50, however this CL does not
include any Cr50 specific code.
BUG=chrome-os-partner:44745
BRANCH=none
TEST=manual
make runtests TEST_LIST_HOST=nvmem and verify that all tests pass
Change-Id: I515b094f2179dbcb75dd11ab5b14434caad37edd
Signed-off-by: Scott <scollyer@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/345632
Commit-Ready: Scott Collyer <scollyer@chromium.org>
Tested-by: Scott Collyer <scollyer@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
