[coreboot-gerrit] Patch merged into coreboot/master: vboot: make TPM factory init sequence more robust.
gerrit at coreboot.org
gerrit at coreboot.org
Wed Nov 16 02:16:19 CET 2016
the following patch was just integrated into master:
commit 3883701d5a91f6431d4579734c022f7748249ec1
Author: Vadim Bendebury <vbendeb at chromium.org>
Date: Mon Nov 14 16:36:26 2016 -0800
vboot: make TPM factory init sequence more robust.
Currently the code considers the absence of the NVRAM firmware
rollback space a a trigger for invoking the TPM factory initialization
sequence.
Note that the kernel rollback and MRC cache hash spaces are created
after the firmware rollback space. This opens an ever so narrow window
of opportunity for bricking the device, in case a startup is
interrupted after firmware space has been created, but before kernel
and MRC hash spaces are created.
The suggested solution is to create the firmware space last, and to
allow for kernel and MRC cache spaces to exist during TPM factory
initialization.
BRANCH=none
BUG=chrome-os-partner:59654
TEST=odified the code not to create the firmware space, wiped out the
TPM NVRAM and booted the device. Observed it create kernel and
MRC cache spaces on the first run, and then reporting return code
0x14c for already existing spaces on the following restarts.
Verified that the device boots fine in normal and recovery modes
and TPM NVRAM spaces are writeable in recovery mode.
Change-Id: Id0e772448d6af1340e800ec3b78ec67913aa6289
Signed-off-by: Vadim Bendebury <vbendeb at chromium.org>
Reviewed-on: https://review.coreboot.org/17398
Reviewed-by: Aaron Durbin <adurbin at chromium.org>
Tested-by: build bot (Jenkins)
See https://review.coreboot.org/17398 for details.
-gerrit
More information about the coreboot-gerrit
mailing list