diff options
author | Luigi Semenzato <semenzato@chromium.org> | 2015-03-19 16:45:52 -0700 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-03-21 01:47:57 +0000 |
commit | f80ceeb432b880ad8af8bcd1f4fa07f03ee4a8e6 (patch) | |
tree | cda7ab001b9481f53833663b3b3ee0d604df3e82 /utility/crossystem.c | |
parent | 4dc1575ba187c650ae486ce6572c6d535879ff9d (diff) | |
download | vboot-f80ceeb432b880ad8af8bcd1f4fa07f03ee4a8e6.tar.gz |
vboot_reference: crossystem: add the "tpm_attack" command
This commands reads/sets a bit in the kernel-reserved area
of the vboot context nvram. The bit can also be set by the
driver during execution of a TPM command, to check if the
command is interrupted by a panic or power loss. Under
some circumstances, this correlates with the TPM assuming
it is under attack.
BUG=chromium:431360
TEST=try "crossystem tpm_attack" and variations
BRANCH=none
Change-Id: I87215d5a0becfb5c01e0b69867a339bfe6fd0b68
Reviewed-on: https://chromium-review.googlesource.com/261339
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Luigi Semenzato <semenzato@chromium.org>
Tested-by: Luigi Semenzato <semenzato@chromium.org>
Diffstat (limited to 'utility/crossystem.c')
-rw-r--r-- | utility/crossystem.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/utility/crossystem.c b/utility/crossystem.c index adc828d7..3eaeaae0 100644 --- a/utility/crossystem.c +++ b/utility/crossystem.c @@ -85,6 +85,7 @@ const Param sys_param_list[] = { {"savedmem_size", 0, "RAM debug data area size in bytes"}, {"sw_wpsw_boot", 0, "Firmware write protect software setting enabled at boot"}, + {"tpm_attack", CAN_WRITE, "TPM was interrupted since this flag was cleared"}, {"tpm_fwver", 0, "Firmware version stored in TPM", "0x%08x"}, {"tpm_kernver", 0, "Kernel version stored in TPM", "0x%08x"}, {"tried_fwb", 0, "Tried firmware B before A this boot"}, @@ -291,9 +292,12 @@ int main(int argc, char* argv[]) { if (i > 1) printf(" "); /* Output params space-delimited */ - if (has_set) + if (has_set) { retval = SetParam(p, value); - else if (has_expect) + if (retval) { + fprintf(stderr, "Parameter %s is read-only\n", name); + } + } else if (has_expect) retval = CheckParam(p, value); else retval = PrintParam(p); |