tpm2_lite: use null password authorization for ReadLock
Most of the indexes used in practice, have AUTHREAD set with null
password authentication. The only index, for which READ_STCLEAR is
set and TlclReadLock() is called is the one used by mount-encrypted.
It has AUTHREAD with empty password and should be lockable after
platform hierarchy is disabled. So, use null password authorization
instead of platform authorization in TlclReadLock().
TEST=Start with OOBE, corporate enroll, reboot, verify that the system
doesn't go back to OOBE. Check mount-encrypted.log on start: it
should contain "Read-locking NVRAM area succeeded".
Commit-Ready: Andrey Pronin <email@example.com>
Tested-by: Andrey Pronin <firstname.lastname@example.org>
Reviewed-by: Vadim Bendebury <email@example.com>
1 file changed