cr50: handle unwritten spaces in read_tpm_nvmem

This CL checks if the space was defined but not written, and if so,
returns TPM_READ_NOT_FOUND from read_tpm_nvmem().

BUG=b:276384456
TEST=with crrev.com/c/2494503, verify that calling chkfwmp
     prints "read_tpm_nvmem: object at 0x100a not written"
     and then the following when the space is not written:
     ```
     FWMP read result: 1
       ccd unlock allowed: 1
       policy update allowed: 1
     ```
     To create an unwritten space, run
       tpm_manager_client define_space --index=0x100a --size=40

Change-Id: I8eff2be8da1e28204216d4dbbd54e57e8a8127b3
Signed-off-by: Andrey Pronin <apronin@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4483017
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Auto-Submit: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>

1 files changed, 10 insertions, 0 deletions

diff --git a/board/cr50/tpm_nvmem_ops.c b/board/cr50/tpm_nvmem_ops.c
index 92e8721b0a..634a540239 100644
--- a/board/cr50/tpm_nvmem_ops.c
+++ b/board/cr50/tpm_nvmem_ops.c
@@ -38,6 +38,16 @@ enum tpm_read_rv read_tpm_nvmem(uint16_t obj_index,
 	NvReadIndexInfo(object_handle, handle_addr, &nvIndex);
 
 	/*
+	 * Check that the index was written to. Otherwise, behave as if the
+	 * index doesn't exist.
+	 */
+	if (nvIndex.publicArea.attributes.TPMA_NV_WRITTEN == 0) {
+		CPRINTF("%s: object at 0x%x not written\n",
+				__func__, obj_index);
+		return TPM_READ_NOT_FOUND;
+	}
+
+	/*
 	 * We presume it is readable and are not checking the access
 	 * limitations.
 	 */