diff options
| author | Tim Wawrzynczak <twawrzynczak@chromium.org> | 2021-12-16 16:34:13 +0000 |
|---|---|---|
| committer | Raul Rangel <rrangel@chromium.org> | 2021-12-16 20:58:30 +0000 |
| commit | 39dea9310b0ba3e85ed5450ea18109dc92230239 (patch) | |
| tree | f59a498d78300431761300ce3c02ebac83e588c6 /src/security | |
| parent | 6fff2497b105478fcc2dcabdec49cf0738884717 (diff) | |
| download | coreboot-39dea9310b0ba3e85ed5450ea18109dc92230239.tar.gz coreboot-39dea9310b0ba3e85ed5450ea18109dc92230239.tar.bz2 coreboot-39dea9310b0ba3e85ed5450ea18109dc92230239.zip | |
Revert "security/vboot: Add NVRAM counter for TPM 2.0"
This reverts commit 7dce19080889955576f8fd197658077aced96a96.
Reason for revert: Unable to boot in factory mode
Change-Id: I1b51010080164c6e28d77a932f77c10006fd4153
Signed-off-by: Tim Wawrzynczak <twawrzynczak@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/60030
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Diffstat (limited to 'src/security')
| -rw-r--r-- | src/security/vboot/antirollback.h | 1 | ||||
| -rw-r--r-- | src/security/vboot/secdata_tpm.c | 28 |
2 files changed, 0 insertions, 29 deletions
diff --git a/src/security/vboot/antirollback.h b/src/security/vboot/antirollback.h index 71605fa1b73d..75bfcdc7c772 100644 --- a/src/security/vboot/antirollback.h +++ b/src/security/vboot/antirollback.h @@ -28,7 +28,6 @@ enum vb2_pcr_digest; /* 0x100d: Hash of MRC_CACHE training data for non-recovery boot */ #define MRC_RW_HASH_NV_INDEX 0x100d #define HASH_NV_SIZE VB2_SHA256_DIGEST_SIZE -#define ENT_ROLLBACK_COUNTER_INDEX 0x100e /* Widevine Secure Counter space */ #define WIDEVINE_COUNTER_NV_INDEX(n) (0x3000 + (n)) #define NUM_WIDEVINE_COUNTERS 4 diff --git a/src/security/vboot/secdata_tpm.c b/src/security/vboot/secdata_tpm.c index 6d8e281955be..847a9597fb20 100644 --- a/src/security/vboot/secdata_tpm.c +++ b/src/security/vboot/secdata_tpm.c @@ -116,17 +116,6 @@ static const TPMA_NV rw_space_attributes = { .TPMA_NV_WRITE_STCLEAR = 1, }; -const static TPMA_NV rw_counter_attributes = { - .TPMA_NV_AUTHWRITE = 1, - .TPMA_NV_AUTHREAD = 1, - .TPMA_NV_PPREAD = 1, - .TPMA_NV_PPWRITE = 1, - .TPMA_NV_PLATFORMCREATE = 1, - .TPMA_NV_COUNTER = 1, - .TPMA_NV_NO_DA = 1, - .TPMA_NV_WRITE_STCLEAR = 1, -}; - static const TPMA_NV fwmp_attr = { .TPMA_NV_PLATFORMCREATE = 1, .TPMA_NV_OWNERWRITE = 1, @@ -353,15 +342,6 @@ static uint32_t setup_zte_spaces(void) return rv; } -static uint32_t enterprise_rollback_create_counter(void) -{ - /* - * No need to increment the counter to initialize, this can be done later. - */ - return tlcl_define_space(ENT_ROLLBACK_COUNTER_INDEX, /*size=*/8, - rw_counter_attributes, NULL, 0); -} - static uint32_t setup_widevine_counter_spaces(void) { uint32_t index, rv; @@ -408,14 +388,6 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx) CONFIG(MAINBOARD_HAS_I2C_TPM_CR50)))) RETURN_ON_FAILURE(setup_zte_spaces()); - /* - * On TPM 2.0, create a counter that survives TPM clear. This allows to - * securely lock data during enterprise rollback by binding to this - * counter's value. - */ - if (CONFIG(CHROMEOS)) - RETURN_ON_FAILURE(enterprise_rollback_create_counter()); - /* Define widevine counter space. No need to increment/write to the secure counters and are expected to be incremented during the first use. */ if (CONFIG(VBOOT_DEFINE_WIDEVINE_COUNTERS)) |