From e4e246f15cd7c553bff62a990b2fa08be32a60f2 Mon Sep 17 00:00:00 2001
From: Mattias Nissler <mnissler@chromium.org>
Date: Thu, 22 Mar 2018 12:56:15 +0100
Subject: tpm_lite: tpmc command to check owner auth

Add a command that checks whether the well-known secret (SHA1 hash of
20 zero bytes) works for owner authentication. This is accomplished by
sending a DefineSpace command for TPM_NV_INDEX_TRIAL, which will
trigger auth checks but not actually allocate an NVRAM space.
Successful command execution thus indicates that authorization was
successful. tpmc exposes the status via its exit status. This will be
used in the tpm-firmware-updater driver script to verify that the TPM
is in upgradable state.

BRANCH=None
BUG=chromium:788719
TEST=compiles

Change-Id: I630831127e0e01186650412a92643c2153fbe2ee
Reviewed-on: https://chromium-review.googlesource.com/978171
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
---
 firmware/include/tpm1_tss_constants.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'firmware')

diff --git a/firmware/include/tpm1_tss_constants.h b/firmware/include/tpm1_tss_constants.h
index d839791d..3deef34e 100644
--- a/firmware/include/tpm1_tss_constants.h
+++ b/firmware/include/tpm1_tss_constants.h
@@ -18,6 +18,7 @@
 
 #define TPM_NV_INDEX0            ((uint32_t) 0x00000000)
 #define TPM_NV_INDEX_LOCK        ((uint32_t) 0xffffffff)
+#define TPM_NV_INDEX_TRIAL       ((uint32_t) 0x0000f004)
 
 #define TPM_NV_PER_READ_STCLEAR        (((uint32_t)1) << 31)
 #define TPM_NV_PER_AUTHREAD            (((uint32_t)1) << 18)
-- 
cgit v1.2.1