diff options
| -rw-r--r-- | board/cr50/build.mk | 1 | ||||
| -rw-r--r-- | board/cr50/tpm2/nvmem_ops.c | 18 | ||||
| -rw-r--r-- | board/cr50/tpm2/tpm_mode.c | 1 | ||||
| -rw-r--r-- | common/nvmem.c | 13 | ||||
| -rw-r--r-- | include/nvmem.h | 2 | ||||
| -rw-r--r-- | test/nvmem.c | 4 |
6 files changed, 34 insertions, 5 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index 73049cab90..b65bdda1c6 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -49,6 +49,7 @@ board-y += tpm2/hash.o board-y += tpm2/hash_data.o board-y += tpm2/hkdf.o board-y += tpm2/manufacture.o +board-y += tpm2/nvmem_ops.o board-y += tpm2/platform.o board-y += tpm2/rsa.o board-y += tpm2/stubs.o diff --git a/board/cr50/tpm2/nvmem_ops.c b/board/cr50/tpm2/nvmem_ops.c new file mode 100644 index 0000000000..0f2e977967 --- /dev/null +++ b/board/cr50/tpm2/nvmem_ops.c @@ -0,0 +1,18 @@ +/* Copyright 2018 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "Global.h" +#include "NV_fp.h" + +void nvmem_wipe_cache(void) +{ + /* + * Inclusive list of NV indices not to be wiped out when invalidating + * the cache. + */ + const uint16_t whitelist_range[] = { 0x1007, 0x100b }; + + NvSelectivelyInvalidateCache(whitelist_range); +} diff --git a/board/cr50/tpm2/tpm_mode.c b/board/cr50/tpm2/tpm_mode.c index 1ff48cc06a..404000d60a 100644 --- a/board/cr50/tpm2/tpm_mode.c +++ b/board/cr50/tpm2/tpm_mode.c @@ -20,6 +20,7 @@ static void disable_tpm(void) { + nvmem_enable_commits(); tpm_stop(); DCRYPTO_ladder_revoke(); nvmem_clear_cache(); diff --git a/common/nvmem.c b/common/nvmem.c index 1c911ccddf..de6fba47b5 100644 --- a/common/nvmem.c +++ b/common/nvmem.c @@ -611,10 +611,13 @@ int nvmem_commit(void) void nvmem_clear_cache(void) { + /* This will work only if key ladder is disabled. */ + if (DCRYPTO_ladder_is_enabled()) + return; + nvmem_lock_cache(); - /* - * TODO(b/119221935): Clear areas that should be protected within - * nvmem_cache. - */ - nvmem_release_cache(); + + nvmem_wipe_cache(); + + nvmem_save(); } diff --git a/include/nvmem.h b/include/nvmem.h index c705bc4b1c..87eb0fa7c5 100644 --- a/include/nvmem.h +++ b/include/nvmem.h @@ -214,4 +214,6 @@ void nvmem_clear_cache(void); } #endif +void nvmem_wipe_cache(void); + #endif /* __CROS_EC_NVMEM_UTILS_H */ diff --git a/test/nvmem.c b/test/nvmem.c index 8ce978d750..99b2d554e9 100644 --- a/test/nvmem.c +++ b/test/nvmem.c @@ -696,6 +696,10 @@ static void run_test_setup(void) test_reset(); } +void nvmem_wipe_cache(void) +{ +} + int DCRYPTO_ladder_is_enabled(void) { return 1; |