Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / 4ad42032f45c1a0e069e403adee62f6cc9abd309
commit4ad42032f45c1a0e069e403adee62f6cc9abd309[log] [tgz]
authorAndrey Pronin <apronin@chromium.org>Fri Nov 11 18:00:23 2016 -0800
committerchrome-bot <chrome-bot@chromium.org>Tue Nov 15 17:42:26 2016 -0800
treeeadb9fffdea849c8ca8547e8dfc344287dca563e
parenteedd4293582b86a43eab6400d0a967bccf14f1fe [diff]
tpm2_lite: use null password authorization for ReadLock

Most of the indexes used in practice, have AUTHREAD set with null
password authentication. The only index, for which READ_STCLEAR is
set and TlclReadLock() is called is the one used by mount-encrypted.
It has AUTHREAD with empty password and should be lockable after
platform hierarchy is disabled. So, use null password authorization
instead of platform authorization in TlclReadLock().

BUG=chrome-os-partner:54708
BRANCH=none
TEST=Start with OOBE, corporate enroll, reboot, verify that the system
     doesn't go back to OOBE. Check mount-encrypted.log on start: it
     should contain "Read-locking NVRAM area succeeded".

Change-Id: Iaac78ba4dd048edac992adfab6fb94b69b2e989a
Reviewed-on: https://chromium-review.googlesource.com/410780
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
1 file changed
tree: eadb9fffdea849c8ca8547e8dfc344287dca563e
  1. bdb/
  2. cgpt/
  3. firmware/
  4. futility/
  5. host/
  6. scripts/
  7. tests/
  8. utility/
  9. .gitignore
  10. Android.mk
  11. emerge_test.sh
  12. inherit-review-settings-ok
  13. LICENSE
  14. Makefile
  15. PRESUBMIT.cfg
  16. README
  17. vboot_host.pc.in
  18. WATCHLISTS