diff options
author | Randall Spangler <rspangler@chromium.org> | 2018-05-24 14:56:14 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-25 20:31:57 -0700 |
commit | d7705eb311f919ab4c93aeea401ba58771c28dd4 (patch) | |
tree | c233b833fa4fe944f8ccfaa57e9a638de90bcffa /include/tpm_vendor_cmds.h | |
parent | b3218b9533b607dd53fec13671e3d91b50c0122a (diff) | |
download | chrome-ec-d7705eb311f919ab4c93aeea401ba58771c28dd4.tar.gz |
ccd_config: Simplify open and password
Allow setting password from the AP, but not from USB. Remove the old
password control logic, which is no longer needed.
Allow open if:
- Not explicitly blocked
- Not blocked via FWMP
- One of the following is true:
- A password is set
- Battery is removed (also doesn't require physical presence)
- Dev mode is on, and request came from the AP
Reduces cr50 binary by 152 bytes.
BUG=b:79983505
BRANCH=cr50
TEST=manual, with a CR50_DEV=1 build
ccd oops
ccd lock
ccd unlock -> fails
gsctool -U -> fails from host
gsctool -t -U -> fails from AP
ccd oops
ccd password foo -> fails from console
gsctool -P -> fails from host
gsctool -t -P -> works from AP
ccd get -> confirms password set
ccd lock
ccd unlock foo -> works
ccd lock
gsctool -U -> works from host, if correct password supplied
ccd lock
gsctool -t -U -> works from AP, if correct password supplied
ccd open foo -> works
ccd lock
gsctool -O -> works from host, if correct password supplied
ccd lock
gsctool -t -O -> works from AP, if correct password supplied
ccd oops
ccd lock
(remove battery)
ccd open -> works without physical presence
(reattach battery)
ccd lock
gsctool -O -> works from host
ccd lock
gsctool -t -O -> works from AP, if dev mode is enabled
Change-Id: I364b322d03db250e7dd140767d7a22dbb3ac1eef
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1072957
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'include/tpm_vendor_cmds.h')
-rw-r--r-- | include/tpm_vendor_cmds.h | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/include/tpm_vendor_cmds.h b/include/tpm_vendor_cmds.h index 2d460badfa..72dc670b7d 100644 --- a/include/tpm_vendor_cmds.h +++ b/include/tpm_vendor_cmds.h @@ -35,9 +35,7 @@ enum vendor_cmd_cc { VENDOR_CC_IMMEDIATE_RESET = 19, VENDOR_CC_INVALIDATE_INACTIVE_RW = 20, VENDOR_CC_COMMIT_NVMEM = 21, - - /* A gap left for the deep sleep control command. */ - + /* DEPRECATED(22): deep sleep control command. */ VENDOR_CC_REPORT_TPM_STATE = 23, VENDOR_CC_TURN_UPDATE_ON = 24, VENDOR_CC_GET_BOARD_ID = 25, @@ -46,11 +44,9 @@ enum vendor_cmd_cc { VENDOR_CC_POP_LOG_ENTRY = 28, VENDOR_CC_GET_REC_BTN = 29, VENDOR_CC_RMA_CHALLENGE_RESPONSE = 30, - - /* A gap left for the no longer supported CCD password command. */ - + /* DEPRECATED(31): CCD password command (now part of VENDOR_CC_CCD) */ VENDOR_CC_DISABLE_RMA = 32, - VENDOR_CC_MANAGE_CCD_PWD = 33, + /* DEPRECATED(33): Manage CCD password phase */ VENDOR_CC_CCD = 34, VENDOR_CC_GET_ALERTS_DATA = 35, VENDOR_CC_SPI_HASH = 36, |