4 files changed, 13 insertions, 0 deletions

diff --git a/board/cr50/board.c b/board/cr50/board.c
index dff0b7bfac..d099442965 100644
--- a/board/cr50/board.c
+++ b/board/cr50/board.c
@@ -1147,6 +1147,8 @@ static void deferred_tpm_rst_isr(void)
 		 * then.
 		 */
 		if (!reboot_request_posted || other_rw_is_inactive()) {
+			/* Update fwmp policies each boot. */
+			board_fwmp_update_policies();
 			/* Reset TPM, no need to wait for completion. */
 			tpm_reset_request(0, 0);
 			return;
diff --git a/board/cr50/board.h b/board/cr50/board.h
index add2fb9e6a..139a30ee70 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -396,6 +396,7 @@ void power_button_release_enable_interrupt(int enable);
 int board_battery_is_present(void);
 int board_fwmp_allows_boot_policy_update(void);
 int board_fwmp_allows_unlock(void);
+void board_fwmp_update_policies(void);
 int board_vboot_dev_mode_enabled(void);
 void board_reboot_ap(void);
 void board_reboot_ec(void);
diff --git a/board/cr50/tpm2/NVMem.c b/board/cr50/tpm2/NVMem.c
index 54958a3045..9ea2c83926 100644
--- a/board/cr50/tpm2/NVMem.c
+++ b/board/cr50/tpm2/NVMem.c
@@ -17,6 +17,7 @@
 #include "TPM_Types.h"
 #include "TpmError.h"
 #include "assert.h"
+#include "ccd_config.h"
 #include "ec_comm.h"
 #include "nvmem.h"
 #include "tpm_nvmem.h"
@@ -194,6 +195,8 @@ void _plat__ClearNvAvail(void)
 
 void _plat__NvInformIndexDataChanged(unsigned int handle)
 {
+	if (handle == (HR_NV_INDEX + FWMP_NV_INDEX))
+		board_fwmp_update_policies();
 	if (handle == (HR_NV_INDEX + KERNEL_NV_INDEX))
 		ec_efs_refresh();
 }
diff --git a/board/cr50/wp.c b/board/cr50/wp.c
index fe0dc2da29..54dc17318c 100644
--- a/board/cr50/wp.c
+++ b/board/cr50/wp.c
@@ -496,6 +496,13 @@ int board_fwmp_allows_boot_policy_update(void)
 	return fwmp_allows(BOOT_POLICY_UPDATE);
 }
 
+void board_fwmp_update_policies(void)
+{
+#ifdef CR50_DEV
+	CPRINTS("Update fwmp policies.");
+#endif
+}
+
 int board_vboot_dev_mode_enabled(void)
 {
 	struct RollbackSpaceFirmware fw;