summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHoward Yang <hcyang@google.com>2023-03-16 14:10:45 +0800
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>2023-04-06 02:58:52 +0000
commitfaa0d9248bf6e7fbdaf441a6b76723455f707c4f (patch)
treee668f0bb432dc43875840f6ba0877593f38a197f
parent1bc5ed4c9d9bd17141fbc3ea05954061e8b7c211 (diff)
downloadchrome-ec-faa0d9248bf6e7fbdaf441a6b76723455f707c4f.tar.gz
cr50: Clear pairing secret upon TPM clear
The pairing secret (Pk) used for biometrics PinWeaver protocol needs to be cleared during TPM clear. BUG=b:262040869 TEST=(with depended CL) pinweaver_client biometrics_selftest Cq-Depend: chromium:4337481 Change-Id: Ie07869f75aea64a7950d04693722b74c11a913ca Signed-off-by: Howard Yang <hcyang@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4344442 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat
-rw-r--r--board/cr50/tpm2/platform.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c
index 5bbc927f08..e65dd44a1f 100644
--- a/board/cr50/tpm2/platform.c
+++ b/board/cr50/tpm2/platform.c
@@ -8,7 +8,9 @@
#include "ccd_config.h"
#include "console.h"
-#include "pinweaver_cr50.h"
+#include "nvmem_vars.h"
+#include "pinweaver.h"
+#include "pinweaver_eal.h"
#include "tpm_nvmem.h"
#include "tpm_nvmem_ops.h"
#include "dcrypto.h"
@@ -133,8 +135,13 @@ BOOL _plat__ShallSurviveOwnerClear(uint32_t index)
void _plat__OwnerClearCallback(void)
{
+ int result;
enum ec_error_list rv;
+ /* Invalidate existing biometrics pairing secrets. */
+ result = setvar(PW_FP_PK, sizeof(PW_FP_PK) - 1, NULL, 0);
+ if (result)
+ CPRINTF("%s: failed (%d)\n", __func__, result);
/* Invalidate existing u2f registrations. */
rv = u2f_gen_kek_seed();
if (rv != EC_SUCCESS)
View Lorry Controller Status