scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2026-01-10 17:41:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c66cbc3440b03440d591274b188ea62b2de7af80
OpenCellular/firmware
History
Andrey Pronin 4ad42032f4 tpm2_lite: use null password authorization for ReadLock 
Most of the indexes used in practice, have AUTHREAD set with null
password authentication. The only index, for which READ_STCLEAR is
set and TlclReadLock() is called is the one used by mount-encrypted.
It has AUTHREAD with empty password and should be lockable after
platform hierarchy is disabled. So, use null password authorization
instead of platform authorization in TlclReadLock().

BUG=chrome-os-partner:54708
BRANCH=none
TEST=Start with OOBE, corporate enroll, reboot, verify that the system
     doesn't go back to OOBE. Check mount-encrypted.log on start: it
     should contain "Read-locking NVRAM area succeeded".

Change-Id: Iaac78ba4dd048edac992adfab6fb94b69b2e989a
Reviewed-on: https://chromium-review.googlesource.com/410780
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2016-11-15 17:42:26 -08:00
..
2lib
vboot: Split partition and vblock verification from LoadKernel()
2016-11-14 16:42:19 -08:00
bdb
bdb: Add bdb_get_hash_by_index
2016-10-11 10:56:54 -07:00
include
tpm2_lite: implement TlclGetPermissions
2016-11-11 10:05:28 -08:00
lib
tpm2_lite: use null password authorization for ReadLock
2016-11-15 17:42:26 -08:00
lib20
vboot: Add vb2_unpack_key_buffer
2016-11-06 02:34:03 +00:00
lib21
vboot: Upgrade VerifyFirmwarePreamble() to vboot2.0
2016-07-26 19:42:38 -07:00
linktest
vboot: use vb2 verification functions for kernel verification
2016-10-29 19:41:08 -07:00
stub
tpm_lite_stub: clean up debug printouts in VbExTpmSendReceive
2016-11-10 12:25:29 -08:00
README
Rename Makefile's fwlib2 target to fwlib20.
2015-01-29 21:35:06 +00:00

README 

Here's what's what in the firmware/ directory.

include/
lib/

  These are the original structures and APIs used in the earliest
  Chromebooks and continuing through 2014. It never had a version as such to
  begin with, but we now refer to this implementation as "vboot1" or
  "vboot version 1.0".

linktest/
stub/

  These are stubs used to link the vboot1 libraries into host-side test
  executables so we can run some tests on the build machine instead of a
  Chromebook.

2lib/

  In 2014 we began work on a new vboot API. The first step was just a
  refactoring and renaming of the verification API. The public functions and
  external headers that are exported for use by the Chrome OS firmware (or
  anything else that wants to use vboot) live in here. The internal
  structures and implementations go elsewhere.

lib20/

  This is an early implementation of the public (2lib/) API. It is
  binary-compatible with vboot1, so although the interface details are
  different, any existing on-device structures or signatures created by the
  vboot1 tools can be validated using this implementation.

  This was deployed slightly before it was ready. That's not a problem,
  thanks to the binary compatibility, but this directory will be abandoned
  Real Soon Now, except for the product support branches.

lib21/

  This is where the current development of the second-generation vboot API
  is taking place. It uses the public (2lib/) API, but will NOT be binary
  compatible with vboot1 structs. Because of the early release of the lib20
  stuff, we're actually calling this lib21.
Reference in New Issue View Git Blame Copy Permalink