diff options
| -rw-r--r-- | src/security/vboot/antirollback.h | 1 | ||||
| -rw-r--r-- | src/security/vboot/secdata_tpm.c | 28 |
2 files changed, 0 insertions, 29 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h index 71605fa1b7..75bfcdc7c7 100644 --- a/src/security/vboot/antirollback.h +++ b/src/security/vboot/antirollback.h @@ -28,7 +28,6 @@ enum vb2_pcr_digest; /* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */ #define MRC_RW_HASH_NV_INDEX 0x100d #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE -#define ENT_ROLLBACK_COUNTER_INDEX 0x100e /* Widevine Secure Counter space */ #define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n)) #define NUM_WIDEVINE_COUNTERS 4 diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 6d8e281955..847a9597fb 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -116,17 +116,6 @@ static const TPMA_NV rw_space_attributes = { .TPMA_NV_WRITE_STCLEAR = 1, }; -const static TPMA_NV rw_counter_attributes = { - .TPMA_NV_AUTHWRITE = 1, - .TPMA_NV_AUTHREAD = 1, - .TPMA_NV_PPREAD = 1, - .TPMA_NV_PPWRITE = 1, - .TPMA_NV_PLATFORMCREATE = 1, - .TPMA_NV_COUNTER = 1, - .TPMA_NV_NO_DA = 1, - .TPMA_NV_WRITE_STCLEAR = 1, -}; - static const TPMA_NV fwmp_attr = { .TPMA_NV_PLATFORMCREATE = 1, .TPMA_NV_OWNERWRITE = 1, @@ -353,15 +342,6 @@ static uint32_t setup_zte_spaces(void) return rv; } -static uint32_t enterprise_rollback_create_counter(void) -{ - /* - * No need to increment the counter to initialize, this can be done later. - */ - return tlcl_define_space(ENT_ROLLBACK_COUNTER_INDEX, /*size=*/8, - rw_counter_attributes, NULL, 0); -} - static uint32_t setup_widevine_counter_spaces(void) { uint32_t index, rv; @@ -408,14 +388,6 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) CONFIG(MAINBOARD_HAS_I2C_TPM_CR50)))) RETURN_ON_FAILURE(setup_zte_spaces()); - /* - * On TPM 2.0, create a counter that survives TPM clear. This allows to - * securely lock data during enterprise rollback by binding to this - * counter's value. - */ - if (CONFIG(CHROMEOS)) - RETURN_ON_FAILURE(enterprise_rollback_create_counter()); - /* Define widevine counter space. No need to increment/write to the secure counters and are expected to be incremented during the first use. */ if (CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS)) |