From faa0d9248bf6e7fbdaf441a6b76723455f707c4f Mon Sep 17 00:00:00 2001 From: Howard Yang Date: Thu, 16 Mar 2023 14:10:45 +0800 Subject: cr50: Clear pairing secret upon TPM clear The pairing secret (Pk) used for biometrics PinWeaver protocol needs to be cleared during TPM clear. BUG=b:262040869 TEST=(with depended CL) pinweaver_client biometrics_selftest Cq-Depend: chromium:4337481 Change-Id: Ie07869f75aea64a7950d04693722b74c11a913ca Signed-off-by: Howard Yang Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4344442 Reviewed-by: Vadim Sukhomlinov --- board/cr50/tpm2/platform.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c index 5bbc927f08..e65dd44a1f 100644 --- a/board/cr50/tpm2/platform.c +++ b/board/cr50/tpm2/platform.c @@ -8,7 +8,9 @@ #include "ccd_config.h" #include "console.h" -#include "pinweaver_cr50.h" +#include "nvmem_vars.h" +#include "pinweaver.h" +#include "pinweaver_eal.h" #include "tpm_nvmem.h" #include "tpm_nvmem_ops.h" #include "dcrypto.h" @@ -133,8 +135,13 @@ BOOL _plat__ShallSurviveOwnerClear(uint32_t index) void _plat__OwnerClearCallback(void) { + int result; enum ec_error_list rv; + /* Invalidate existing biometrics pairing secrets. */ + result = setvar(PW_FP_PK, sizeof(PW_FP_PK) - 1, NULL, 0); + if (result) + CPRINTF("%s: failed (%d)\n", __func__, result); /* Invalidate existing u2f registrations. */ rv = u2f_gen_kek_seed(); if (rv != EC_SUCCESS) -- cgit v1.2.1