Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / 11dd2f21307daf384c63977c9035e808bd615c29
commit11dd2f21307daf384c63977c9035e808bd615c29[log] [tgz]
authorVadim Bendebury <vbendeb@chromium.org>Fri Nov 11 09:25:20 2016 -0800
committerchrome-bot <chrome-bot@chromium.org>Fri Nov 11 17:20:11 2016 -0800
treec33c910a48352ffa806d87146c9c4cdb3ea62c88
parent6d3cb5d9eac572b878ac8e6c9da902d11af8d7c5 [diff]
tpm2: do not lock kernel space when  locking physical presence

There is no direct concept of physical presence in TPM2, the platform
hierarchy could be used to manage access to various NVRAM spaces
instead. The kernel NVRAM space does not have to be explicitly locked,
disabling platform hierarchy is enough to prevent writes into this
space.

BRANCH=none
BUG=chrome-os-partner:59651
TEST=verified that the system boots fine in both normal and recovery
     modes; using tpmc confirmed that the kernel space is readable in
     both and writeable only in recovery mode.

Change-Id: I3cd8344ad897d061f6b07424f1589a7b547a161f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/410127
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
1 file changed
tree: c33c910a48352ffa806d87146c9c4cdb3ea62c88
  1. bdb/
  2. cgpt/
  3. firmware/
  4. futility/
  5. host/
  6. scripts/
  7. tests/
  8. utility/
  9. .gitignore
  10. Android.mk
  11. emerge_test.sh
  12. inherit-review-settings-ok
  13. LICENSE
  14. Makefile
  15. PRESUBMIT.cfg
  16. README
  17. vboot_host.pc.in
  18. WATCHLISTS