diff options
| author | Miriam Polzer <mpolzer@google.com> | 2022-08-11 06:38:46 +0000 |
|---|---|---|
| committer | Julius Werner <jwerner@chromium.org> | 2022-09-17 01:42:11 +0000 |
| commit | 2c38933a0e461855c8eab997fc66baffa449f674 (patch) | |
| tree | aca3bc075aff0737b5bafcad0d4dc94cf3b4d018 /src/security/vboot/antirollback.h | |
| parent | f634aed758e2c4822ea1512a9d828572bdf4e459 (diff) | |
security/vboot: Add rollback NVRAM space for TPM 2
Create an NVRAM space in TPM 2.0 that survives owner clear and can be
read and written without authorization. This space allows to seal data
with the TPM that can only be unsealed before the space was cleared.
It will be used during ChromeOS enterprise rollback to securely
carry data across a TPM clear.
Public documentation on the rollback feature:
https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md
BUG=b/233746744
Signed-off-by: Miriam Polzer <mpolzer@google.com>
Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Diffstat (limited to 'src/security/vboot/antirollback.h')
| -rw-r--r-- | src/security/vboot/antirollback.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h index 75bfcdc7c7..10a9e21e37 100644 --- a/src/security/vboot/antirollback.h +++ b/src/security/vboot/antirollback.h @@ -28,6 +28,7 @@ enum vb2_pcr_digest; /* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */ #define MRC_RW_HASH_NV_INDEX 0x100d #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE +#define ENT_ROLLBACK_SPACE_INDEX 0x100e /* Widevine Secure Counter space */ #define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n)) #define NUM_WIDEVINE_COUNTERS 4 |