diff options
author | Randall Spangler <rspangler@chromium.org> | 2018-05-24 14:56:14 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-25 20:31:57 -0700 |
commit | d7705eb311f919ab4c93aeea401ba58771c28dd4 (patch) | |
tree | c233b833fa4fe944f8ccfaa57e9a638de90bcffa /board/cr50 | |
parent | b3218b9533b607dd53fec13671e3d91b50c0122a (diff) | |
download | chrome-ec-d7705eb311f919ab4c93aeea401ba58771c28dd4.tar.gz |
ccd_config: Simplify open and password
Allow setting password from the AP, but not from USB. Remove the old
password control logic, which is no longer needed.
Allow open if:
- Not explicitly blocked
- Not blocked via FWMP
- One of the following is true:
- A password is set
- Battery is removed (also doesn't require physical presence)
- Dev mode is on, and request came from the AP
Reduces cr50 binary by 152 bytes.
BUG=b:79983505
BRANCH=cr50
TEST=manual, with a CR50_DEV=1 build
ccd oops
ccd lock
ccd unlock -> fails
gsctool -U -> fails from host
gsctool -t -U -> fails from AP
ccd oops
ccd password foo -> fails from console
gsctool -P -> fails from host
gsctool -t -P -> works from AP
ccd get -> confirms password set
ccd lock
ccd unlock foo -> works
ccd lock
gsctool -U -> works from host, if correct password supplied
ccd lock
gsctool -t -U -> works from AP, if correct password supplied
ccd open foo -> works
ccd lock
gsctool -O -> works from host, if correct password supplied
ccd lock
gsctool -t -O -> works from AP, if correct password supplied
ccd oops
ccd lock
(remove battery)
ccd open -> works without physical presence
(reattach battery)
ccd lock
gsctool -O -> works from host
ccd lock
gsctool -t -O -> works from AP, if dev mode is enabled
Change-Id: I364b322d03db250e7dd140767d7a22dbb3ac1eef
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1072957
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'board/cr50')
-rw-r--r-- | board/cr50/tpm2/platform.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c index 3068c903e3..a275a82264 100644 --- a/board/cr50/tpm2/platform.c +++ b/board/cr50/tpm2/platform.c @@ -66,5 +66,20 @@ void _plat__GetFwVersion(uint32_t *firmwareV1, uint32_t *firmwareV2) void _plat__ResetCallback(void) { pinweaver_init(); - ccd_tpm_reset_callback(); + + /* + * Eventually, we'll want to allow CCD unlock with no password, so + * enterprise policy can set a password to block CCD instead of locking + * it out via the FWMP. + * + * When we do that, we'll allow unlock without password between a real + * TPM startup (not just a resume) - which is this callback - and + * explicit disabling of that feature via a to-be-created vendor + * command. That vendor command will be called after enterprize policy + * is updated, or the device is determined not to be enrolled. + * + * But for now, we'll just block unlock entirely if no password is set, + * so we don't yet need to tell CCD that a real TPM startup has + * occurred. + */ } |