Attention is currently required from: Andrey Pronin, Raul Rangel, Paul Menzel, Julius Werner, Yu-Ping Wu. Hello build bot (Jenkins), Andrey Pronin, Raul Rangel, Julius Werner, Yu-Ping Wu,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/59476
to look at the new patch set (#6).
Change subject: src/security/vboot: Set up secure counter space in TPM NVRAM ......................................................................
src/security/vboot: Set up secure counter space in TPM NVRAM
High Definition (HD) protected content playback requires secure counters that are updated at regular interval while the protected content is playing. To support similar use-cases, define space for secure counters in TPM NVRAM and initialize them. These counters are defined once during the factory initialization stage. Also add VBOOT_DEFINE_WIDEVINE_COUNTERS config item to enable these secure counters only on the mainboard where they are required/used.
BUG=b:205261728 TEST=Build and boot to OS in guybrush. Ensure that the secure counters are defined successfully in TPM NVRAM space. tlcl_define_space: response is 0 tlcl_define_space: response is 0 tlcl_define_space: response is 0 tlcl_define_space: response is 0
On reboot if forced to redefine the space, it is identified as already defined. tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists tlcl_define_space: response is 14c define_space():219: define_space: Secure Counter space already exists
Change-Id: I915fbdada60e242d911b748ad5dc28028de9b657 Signed-off-by: Karthikeyan Ramasubramanian kramasub@google.com --- M src/security/vboot/Kconfig M src/security/vboot/antirollback.h M src/security/vboot/secdata_tpm.c 3 files changed, 42 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/76/59476/6