[coreboot-gerrit] Patch merged into coreboot/master: vboot2: tpm2 factory initialization.

gerrit at coreboot.org gerrit at coreboot.org
Tue Jul 12 00:27:33 CEST 2016 

the following patch was just integrated into master:
commit 10ea104476798641eff411d6ba61239c7c60a238
Author: Vadim Bendebury <vbendeb at chromium.org>
Date:   Mon Jun 6 12:12:34 2016 -0700

    vboot2: tpm2 factory initialization.
    
    This patch adds a TPM2 specific path in the vboot2 initialization
    sequence when the device is turned on in the factory for the first
    time, namely two secure NVRAM spaces are created, with different
    access privileges.
    
    The higher privilege space can be modified only be the RO firmware,
    and the lower privilege space can be modified by both RO and RW
    firmware.
    
    The API is being modified to hide the TPM implementation details from
    the caller.
    
    Some functions previously exported as global are in fact not used
    anywhere else, they are being defined static.
    
    BRANCH=none
    BUG=chrome-os-partner:50645
    TEST=when this code is enabled the two secure spaces are successfully
         created during factory initialization.
    
    Original-Commit-Id: 5f082d6a9b095c3efc283b7a49eac9b4f2bcb6ec
    Original-Change-Id: I917b2f74dfdbd214d7f651ce3d4b80f4a18def20
    Original-Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/353916
    Original-Reviewed-by: Bill Richardson <wfrichar at chromium.org>
    Original-Reviewed-by: Darren Krahn <dkrahn at chromium.org>
    
    squashed:
    
    mock tpm: drop unused functions
    
    safe_write() and safe_define_space() functions are defined in
    secdata_mock.c, but not used in mocked TPM mode.
    
    The actual functions have been redefined as static recently and their
    declarations were removed from src/include/antirollback.h, which now
    causes compilation problems when CONFIG_VBOOT2_MOCK_SECDATA is
    defined.
    
    Dropping the functions from secdata_mock.c solves the problem.
    
    BRANCH=none
    BUG=none
    TEST=compilation in mock secdata mode does not fail any more.
    
    Original-Commit-Id: c6d7824f52534ecd3b02172cb9078f03e318cb2b
    Original-Change-Id: Ia781ce99630d759469d2bded40952ed21830e611
    Original-Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/356291
    Original-Tested-by: Caesar Wang <wxt at rock-chips.com>
    Original-Reviewed-by: Aaron Durbin <adurbin at chromium.org>
    Original-Reviewed-by: Randall Spangler <rspangler at chromium.org>
    
    Change-Id: Icb686c5f9129067eb4bb3ea10bbb85a075b29955
    Signed-off-by: Martin Roth <martinroth at chromium.org>
    Reviewed-on: https://review.coreboot.org/15571
    Tested-by: build bot (Jenkins)
    Reviewed-by: Philipp Deppenwiese <zaolin.daisuki at googlemail.com>
    Reviewed-by: Furquan Shaikh <furquan at google.com>


See https://review.coreboot.org/15571 for details.

-gerrit

More information about the coreboot-gerrit mailing list