mount-encrypted needs to be aware of TPM ownership status, and
will also want to issue a read lock for the early access NVRAM
index.
BRANCH=none
BUG=chromium:625037
TEST=mount-encrypted shows ownership at boot with kevin
Change-Id: I42f43f91d892137e1c46c7cacd88e3b749ce7f04
Reviewed-on: https://chromium-review.googlesource.com/366443
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Build a special version of TPM Lightweight Command Library in
libvboot_host for TPM2. Create the framework for implementation, stub
functions for now. libvboot_host is used by tpmc and other user-space
utilities that talk directly to tpm bypassing trunks/trousers.
BRANCH=none
BUG=chrome-os-partner:54981
BUG=chrome-os-partner:55210
TEST=Boot on kevin, verify that 'tpmc read' works.
Change-Id: I4cc41028041193041defc319687697eb9edb1f3e
Reviewed-on: https://chromium-review.googlesource.com/358623
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
The firmware needs to lock the kernel rollback index before starting
up the kernel. The TPM2_NV_WriteLock command is used for that.
We also want to limit the amount of control the user space apps have
over TPM. With TPM1.2 it was achieved by deasserting physical
presence. TPM2 specification allows to achieve the same goal by
disabling Platform Hierarchy, which is active out of reset.
BRANCH=none
BUG=chrome-os-partner:50465
TEST=verified that all commands succeed and chrome OS boots up fine.
Change-Id: Ia5893460e0b29f1945cb2aae45a5f10b08fe1ed1
Reviewed-on: https://chromium-review.googlesource.com/358351
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
The latest TPM specification uses different command codes, command
structures and return codes.
Let's put definitions for different TPM versions into different
include files.
CQ-DEPEND=CL:357831
BRANCH=none
BUG=chrome-os-partner:50645
TEST=with the rest of the patches applied kevin/gru boards boot into
chrome OS with rollback counters read from/written to TPM2
Change-Id: Ie13696d4e5098a4ea5e338e84334d257e5c704a7
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356751
Reviewed-by: Randall Spangler <rspangler@chromium.org>
