summaryrefslogtreecommitdiff
path: root/src/security/vboot/secdata_tpm.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/vboot/secdata_tpm.c')
-rw-r--r--src/security/vboot/secdata_tpm.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c
index 96fac29fcf..0ae956276c 100644
--- a/src/security/vboot/secdata_tpm.c
+++ b/src/security/vboot/secdata_tpm.c
@@ -91,7 +91,7 @@ static uint32_t write_secdata(uint32_t index,
const uint8_t *secdata,
uint32_t len)
{
- uint8_t sd[32];
+ uint8_t sd[MAX(VB2_SECDATA_KERNEL_SIZE, VB2_SECDATA_FIRMWARE_SIZE)];
uint32_t rv;
int attempts = 3;
@@ -214,6 +214,8 @@ static uint32_t set_rec_hash_space(const uint8_t *data)
static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
{
+ vb2api_secdata_kernel_create(ctx);
+
RETURN_ON_FAILURE(tlcl_force_clear());
/*
@@ -296,6 +298,8 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
TPM_PERMANENT_FLAGS pflags;
uint32_t result;
+ vb2api_secdata_kernel_create_v0(ctx);
+
result = tlcl_get_permanent_flags(&pflags);
if (result != TPM_SUCCESS)
return result;
@@ -329,10 +333,10 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
/* Define and write secdata_kernel space. */
RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX,
TPM_NV_PER_PPWRITE,
- VB2_SECDATA_KERNEL_SIZE));
+ VB2_SECDATA_KERNEL_SIZE_V02));
RETURN_ON_FAILURE(write_secdata(KERNEL_NV_INDEX,
ctx->secdata_kernel,
- VB2_SECDATA_KERNEL_SIZE));
+ VB2_SECDATA_KERNEL_SIZE_V02));
/* Define and write secdata_firmware space. */
RETURN_ON_FAILURE(safe_define_space(FIRMWARE_NV_INDEX,
@@ -376,9 +380,11 @@ static uint32_t factory_initialize_tpm(struct vb2_context *ctx)
{
uint32_t result;
- /* Set initial values of secdata_firmware and secdata_kernel spaces. */
+ /*
+ * Set initial values of secdata_firmware space.
+ * kernel space is created in _factory_initialize_tpm().
+ */
vb2api_secdata_firmware_create(ctx);
- vb2api_secdata_kernel_create(ctx);
VBDEBUG("TPM: factory initialization\n");