summaryrefslogtreecommitdiff
path: root/src/mainboard/intel/minnowmax
diff options
context:
space:
mode:
authorVadim Bendebury <vbendeb@chromium.org>2016-11-11 09:36:50 -0800
committerVadim Bendebury <vbendeb@chromium.org>2016-11-14 19:11:55 +0100
commit289ee8f0e9d8e40ace5e95a858d4e0d09bcb357c (patch)
treed6975ef2aa3e695a8645f91022790d5d6e1fd02b /src/mainboard/intel/minnowmax
parentc446704e71865cef40e48c32bede1217ee90695b (diff)
lib/tpm2: do not create all NVRAM spaces with the same set of attributes
The TPM spaces created by the RO need to have different attributes depending on the space's use. The firmware rollback counter and MRC hash spaces are created by the RO code and need to be protected at the highest level: it should be impossible to delete or modify the space once the RO exits, and it is how it is done before this patch. The rest of the spaces should be possible to modify or recreate even after the RO exits. Let's use different set of NVRAM space attributes to achieve that, and set the 'pcr0 unchanged' policy only for the firmware counter and MRC cache spaces. The definitions of the attributes can be found in "Trusted Platform Module Library Part 2: Structures", Revision 01.16, section "13.2 TPMA_NV (NV Index Attributes)." CQ-DEPEND=CL:410127 BRANCH=none BUG=chrome-os-partner:59651 TEST=verified that the reef system boots fine in both normal and recovery modes; using tpmc confirmed that firmware, kernel and MRC cache NVRAM spaces are readable in both and writeable only in recovery mode. Change-Id: I1a1d2459f56ec929c9a92b39175888b8d1bcda55 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://review.coreboot.org/17388 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'src/mainboard/intel/minnowmax')
0 files changed, 0 insertions, 0 deletions