tpm2_lite: use null password authorization for ReadLock

Most of the indexes used in practice, have AUTHREAD set with null
password authentication. The only index, for which READ_STCLEAR is
set and TlclReadLock() is called is the one used by mount-encrypted.
It has AUTHREAD with empty password and should be lockable after
platform hierarchy is disabled. So, use null password authorization
instead of platform authorization in TlclReadLock().

TEST=Start with OOBE, corporate enroll, reboot, verify that the system
     doesn't go back to OOBE. Check mount-encrypted.log on start: it
     should contain "Read-locking NVRAM area succeeded".

Change-Id: Iaac78ba4dd048edac992adfab6fb94b69b2e989a
Commit-Ready: Andrey Pronin <>
Tested-by: Andrey Pronin <>
Reviewed-by: Vadim Bendebury <>
1 file changed