diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2018-05-10 21:41:33 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-16 12:41:38 -0700 |
commit | 607865dca4965720feec5cb0d3a9148e4ab69b29 (patch) | |
tree | 104d44d8b4cd189acc71141ee5e54a5471c7bcbf /include | |
parent | d9354c9cd980ce2d57b8b4ccdad921054579ae99 (diff) | |
download | chrome-ec-607865dca4965720feec5cb0d3a9148e4ab69b29.tar.gz |
cr50: in dev mode allow unverified certificates
When running signed with dev keys and the fallback certificate is not
available, proceed installing unverified root certificate. This at
least allows to keep basic TPM functions like storing objects in NVMEM
to keep going. Added a new return value to indicate this condition.
BRANCH=cr50, cr50-mp
BUG=none
TEST=verified that it is possible to switch chromebook between prod
and dev modes when running with a dev signed Cr50.
Change-Id: I5b16d0bcbcfb25368f65075e1d2d485a69cb729f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1054990
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/tpm_manufacture.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/tpm_manufacture.h b/include/tpm_manufacture.h index df43bcc886..4d62bb0e3b 100644 --- a/include/tpm_manufacture.h +++ b/include/tpm_manufacture.h @@ -28,6 +28,7 @@ enum manufacturing_status { mnf_ecc_proc = 9, mnf_store = 10, mnf_manufactured = 11, + mnf_unverified_cert = 12, }; enum manufacturing_status tpm_endorse(void); |