From a15f82296dea0695cb60562f8bc12f0807697c85 Mon Sep 17 00:00:00 2001 From: Andrey Pronin Date: Tue, 19 Jul 2016 13:41:11 -0700 Subject: Read NVRAM with proper authorization for tpm2 In TPM2 case, NVRAM must be read with empty password authorization in tpmc, since platform hierarchy is disabled by firmware or trunksd for rollback prevention. Since all NVRAM indices are now defined with AUTHREAD, switch to empty password authorization from platform authorization for all NVRAM reads in Tlcl. BRANCH=none BUG=chrome-os-partner:55210 BUG=chrome-os-partner:55251 TEST=Run 'initctl stop trunksd; tpmc read 0x1008 0xd" on kevin, verify that it returns the right output. Change-Id: Ifb72ff5080a4ac5f8d63b5c0713e5bb184f176ca Reviewed-on: https://chromium-review.googlesource.com/360944 Commit-Ready: Dan Shi Tested-by: Andrey Pronin Reviewed-by: Vadim Bendebury --- firmware/lib/tpm2_lite/marshaling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firmware/lib/tpm2_lite/marshaling.c b/firmware/lib/tpm2_lite/marshaling.c index 29746cd7..febbc811 100644 --- a/firmware/lib/tpm2_lite/marshaling.c +++ b/firmware/lib/tpm2_lite/marshaling.c @@ -263,7 +263,7 @@ static void marshal_nv_read(void **buffer, { struct tpm2_session_header session_header; - marshal_TPM_HANDLE(buffer, TPM_RH_PLATFORM, buffer_space); + marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); marshal_TPM_HANDLE(buffer, command_body->nvIndex, buffer_space); Memset(&session_header, 0, sizeof(session_header)); session_header.session_handle = TPM_RS_PW; -- cgit v1.2.1