diff options
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | host/lib/crossystem.c | 24 |
2 files changed, 26 insertions, 7 deletions
@@ -213,6 +213,15 @@ else CFLAGS += -DTPM2_SIMULATOR=0 endif +# VTPM_PROXY indicates whether the TPM driver simulator feature +# is enable or not. +# This flag only takes effect when TPM2_SIMULATOR is enabled. +ifneq ($(filter-out 0,${VTPM_PROXY}),) +CFLAGS += -DVTPM_PROXY=1 +else +CFLAGS += -DVTPM_PROXY=0 +endif + # DETACHABLE indicates whether the device is a detachable or not. ifneq ($(filter-out 0,${DETACHABLE}),) CFLAGS += -DDETACHABLE=1 diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index bb10c399..67149e59 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -25,8 +25,14 @@ #define KERNEL_CMDLINE_PATH "/proc/cmdline" /* Filename for the mount-encrypted key */ +/* TODO(b/174807059): Remove this after we land driver-level TPM simulator on + * all VM boards */ #define MOUNT_ENCRYPTED_KEY_PATH "/mnt/stateful_partition/encrypted.key" +/* Filename for the TPM simulator NV data */ +#define TPM_SIMULATOR_NVCHIP_PATH \ + "/mnt/stateful_partition/unencrypted/tpm2-simulator/NVChip" + /* Fields that GetVdatString() can get */ typedef enum VdatStringField { VDAT_STRING_DEPRECATED_TIMERS = 0, /* Timer values */ @@ -374,7 +380,10 @@ int VbGetSystemPropertyInt(const char *name) } else if (!strcasecmp(name,"disable_dev_request")) { value = vb2_get_nv_storage(VB2_NV_DISABLE_DEV_REQUEST); } else if (!strcasecmp(name,"clear_tpm_owner_request")) { - if (TPM2_SIMULATOR) + if (TPM2_SIMULATOR && VTPM_PROXY) + /* Check TPM simulator NVChip status */ + value = access(TPM_SIMULATOR_NVCHIP_PATH, F_OK) != 0; + else if (TPM2_SIMULATOR) /* Check mount-encrypted key status */ value = access(MOUNT_ENCRYPTED_KEY_PATH, F_OK) != 0; else @@ -556,12 +565,13 @@ int VbSetSystemPropertyInt(const char *name, int value) * on simulator */ if (value == 0) return -1; - /* Check mount-encrypted key status */ - if (!access(MOUNT_ENCRYPTED_KEY_PATH, F_OK)) { - /* Remove the mount_encrypted key, and it would - * also clear the TPM2.0 simulator NV space on - * it. */ - return remove(MOUNT_ENCRYPTED_KEY_PATH); + const char *tpm_path = + VTPM_PROXY ? TPM_SIMULATOR_NVCHIP_PATH + : MOUNT_ENCRYPTED_KEY_PATH; + /* Check TPM simulator data status */ + if (!access(tpm_path, F_OK)) { + /* Remove the TPM2.0 simulator data */ + return remove(tpm_path); } else { /* Return success when the file is already * removed */ |