diff options
| author | Meng-Huan Yu <menghuan@google.com> | 2018-10-25 11:19:56 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-11-01 02:17:43 -0700 |
| commit | e05cdbc1d3f10df0301fe0b4ec7a7ff7bc502097 (patch) | |
| tree | 7a4a080c9c506a1d26e686d87c3c96a3b22b58ee | |
| parent | 737e34e377dfb547e64c278470a224bfcde3b97c (diff) | |
| download | vboot-e05cdbc1d3f10df0301fe0b4ec7a7ff7bc502097.tar.gz | |
tpmc: Add 'undef' command support to undefine NV space
For TPM 1.2, the undef command only works when NvLocked is not set
which is usually set before boot, even for recovery mode.
For TPM 2.0, it will automaticly choose the correct authorization
according to the TPMA_NV_PLATFORMCREATE attribute of that index.
BUG=chromium:895549
BRANCH=None
TEST=No test for TPM 1.2
Manually test for TPM 2.0:
1. Boot with platform hierarchy is disabled, then
# perm: TPMA_NV_AUTHREAD | TPMA_NV_AUTHWRITE
tpmc def 0x1020 0x10 0x40004
tpmc getp 0x1020 # check the space exists, expect success
tpmc undef 0x1020
2. Boot with platform hierarchy is enabled, then run
# perm: TPMA_NV_AUTHREAD | TPMA_NV_AUTHWRITE |
# TPMA_NV_PLATFORMCREATE
tpmc def 0x1020 0x1 0x40040004
tpmc getp 0x1020 # check the space exists, expect success
tpmc undef 0x1020
Change-Id: I1d814287fda3e7c11933eca7334fdc3ab1ebf895
Reviewed-on: https://chromium-review.googlesource.com/1298097
Commit-Ready: Meng-Huan Yu <menghuan@chromium.org>
Tested-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rw-r--r-- | utility/tpmc.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/utility/tpmc.c b/utility/tpmc.c index 68e374ba..587e99ff 100644 --- a/utility/tpmc.c +++ b/utility/tpmc.c @@ -181,6 +181,20 @@ static uint32_t HandlerDefineSpace(void) { return TlclDefineSpace(index, perm, size); } +static uint32_t HandlerUndefineSpace(void) { + uint32_t index; + if (nargs != 3) { + fprintf(stderr, "usage: tpmc undef <index>\n"); + exit(OTHER_ERROR); + } + if (HexStringToUint32(args[2], &index) != 0) { + fprintf(stderr, "<index> must be " + "32-bit hex (0x[0-9a-f]+)\n"); + exit(OTHER_ERROR); + } + return TlclUndefineSpace(index); +} + static uint32_t HandlerWrite(void) { uint32_t index, size; uint8_t value[TPM_MAX_COMMAND_SIZE]; @@ -575,6 +589,10 @@ command_record command_table[] = { TlclSetGlobalLock }, { "definespace", "def", "define a space (def <index> <size> <perm>)", HandlerDefineSpace }, + { "undefinespace", "undef", + "undefine a space (undef <index>)" + TPM_MODE_SELECT(" only succeeds when NvLocked is not set", ""), + HandlerUndefineSpace }, { "write", "write", "write to a space (write <index> [<byte0> <byte1> ...])", HandlerWrite }, { "read", "read", "read from a space (read <index> <size>)", |