diff options
Diffstat (limited to 'src/security/vboot')
| -rw-r--r-- | src/security/vboot/secdata_mock.c | 2 | ||||
| -rw-r--r-- | src/security/vboot/secdata_tpm.c | 7 | ||||
| -rw-r--r-- | src/security/vboot/vboot_logic.c | 2 |
3 files changed, 5 insertions, 6 deletions
diff --git a/src/security/vboot/secdata_mock.c b/src/security/vboot/secdata_mock.c index 5792b41633..57aed61a71 100644 --- a/src/security/vboot/secdata_mock.c +++ b/src/security/vboot/secdata_mock.c @@ -31,7 +31,7 @@ vb2_error_t antirollback_read_space_kernel(struct vb2_context *ctx) /* * The new kernel secdata v1 stores the last read EC hash, and reboots the * device during EC software sync when that hash didn't match the currently - * active hash on the EC (this is used with TPM_CR50 to support EC-EFS2 and + * active hash on the EC (this is used with TPM_GOOGLE to support EC-EFS2 and * pretty much a no-op for other devices). Generally, of course the whole * point of secdata is always that it persists across reboots, but with * MOCK_SECDATA we can't do that. Previously we always happened to somewhat diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 847a9597fb..450c681c06 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -384,8 +384,7 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) * Define and write zero-touch enrollment (ZTE) spaces. For Cr50 devices, * these are set up elsewhere via TPM vendor commands. */ - if (CONFIG(CHROMEOS) && (!(CONFIG(MAINBOARD_HAS_SPI_TPM_CR50) || - CONFIG(MAINBOARD_HAS_I2C_TPM_CR50)))) + if (CONFIG(CHROMEOS) && !(CONFIG(TPM_GOOGLE))) RETURN_ON_FAILURE(setup_zte_spaces()); /* Define widevine counter space. No need to increment/write to the secure counters @@ -613,7 +612,7 @@ uint32_t antirollback_read_space_firmware(struct vb2_context *ctx) uint32_t antirollback_write_space_firmware(struct vb2_context *ctx) { - if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA)) + if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA)) tlcl_cr50_enable_nvcommits(); return safe_write(FIRMWARE_NV_INDEX, ctx->secdata_firmware, VB2_SECDATA_FIRMWARE_SIZE); @@ -632,7 +631,7 @@ uint32_t antirollback_write_space_kernel(struct vb2_context *ctx) * recovery, software sync, or other special boot flows. When the AP * wants to write, it is imporant to actually commit changes. */ - if (CONFIG(CR50_IMMEDIATELY_COMMIT_FW_SECDATA)) + if (CONFIG(TPM_GOOGLE_IMMEDIATELY_COMMIT_FW_SECDATA)) tlcl_cr50_enable_nvcommits(); return safe_write(KERNEL_NV_INDEX, ctx->secdata_kernel, size); diff --git a/src/security/vboot/vboot_logic.c b/src/security/vboot/vboot_logic.c index 509169fc95..2230b5ab57 100644 --- a/src/security/vboot/vboot_logic.c +++ b/src/security/vboot/vboot_logic.c @@ -303,7 +303,7 @@ void verstage_main(void) * If there is an communication error, a recovery reason will be set and * vb2api_fw_phase1 will route us to recovery mode. */ - if (CONFIG(TPM_CR50)) + if (CONFIG(TPM_GOOGLE)) check_boot_mode(ctx); if (get_ec_is_trusted()) |