Add clear TPM owner request This adds two new flags to crossystem: clear_tpm_owner_request clear_tpm_owner_done The first one requests that the firmware clear the TPM owner on the next boot. When the firmware does this, it will set clear_tpm_owner_request=0, and set clear_tpm_owner_done=1. The OS can use the done-flag as a hint that trusted things guarded by the TPM are no longer trustable. BUG=chromium-os:31974 TEST=manual crossystem // both flags initially 0 crossystem clear_tpm_owner_request=1 crossystem clear_tpm_owner_done=1 // request=1, done=0; done can be cleared but not set by crossystem reboot tpmc getownership // owned=no crossystem // request=0, done=1 crossystem clear_tpm_owner_done=0 crossystem // both flags 0 again Signed-off-by: Randall Spangler <rspangler@chromium.org> Change-Id: I49f83f3c39c3efc3945116c51a241d255c2e42cd Reviewed-on: https://gerrit.chromium.org/gerrit/25646

commit: 29e8807ea045e119e3adeaec40c5f8421901b6fb [log] [tgz]
author: Randall Spangler <rspangler@chromium.org> Tue Jun 19 10:03:53 2012 -0700
committer: Gerrit <chrome-bot@google.com> Wed Aug 15 14:31:53 2012 -0700
tree: 7cde1c7d68b710a9647e80890d19e02c718976c7
parent: 59576e11e5120513f37658628b2b3bbf9827d471 [diff] [blame]
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c
index e120abc..d89c85c 100644
--- a/host/lib/crossystem.c
+++ b/host/lib/crossystem.c

@@ -403,6 +403,10 @@
     value = VbGetNvStorage(VBNV_DEBUG_RESET_MODE);
   } else if (!strcasecmp(name,"disable_dev_request")) {
     value = VbGetNvStorage(VBNV_DISABLE_DEV_REQUEST);
+  } else if (!strcasecmp(name,"clear_tpm_owner_request")) {
+    value = VbGetNvStorage(VBNV_CLEAR_TPM_OWNER_REQUEST);
+  } else if (!strcasecmp(name,"clear_tpm_owner_done")) {
+    value = VbGetNvStorage(VBNV_CLEAR_TPM_OWNER_DONE);
   } else if (!strcasecmp(name,"fwb_tries")) {
     value = VbGetNvStorage(VBNV_TRY_B_COUNT);
   } else if (!strcasecmp(name,"fwupdate_tries")) {
@@ -493,6 +497,11 @@
     return VbSetNvStorage(VBNV_DEBUG_RESET_MODE, value);
   } else if (!strcasecmp(name,"disable_dev_request")) {
     return VbSetNvStorage(VBNV_DISABLE_DEV_REQUEST, value);
+  } else if (!strcasecmp(name,"clear_tpm_owner_request")) {
+    return VbSetNvStorage(VBNV_CLEAR_TPM_OWNER_REQUEST, value);
+  } else if (!strcasecmp(name,"clear_tpm_owner_done")) {
+    /* Can only clear this flag; it's set by firmware. */
+    return VbSetNvStorage(VBNV_CLEAR_TPM_OWNER_DONE, 0);
   } else if (!strcasecmp(name,"fwb_tries")) {
     return VbSetNvStorage(VBNV_TRY_B_COUNT, value);
   } else if (!strcasecmp(name,"fwupdate_tries")) {
commit	29e8807ea045e119e3adeaec40c5f8421901b6fb	[log] [tgz]
author	Randall Spangler <rspangler@chromium.org>	Tue Jun 19 10:03:53 2012 -0700
committer	Gerrit <chrome-bot@google.com>	Wed Aug 15 14:31:53 2012 -0700
tree	7cde1c7d68b710a9647e80890d19e02c718976c7
parent	59576e11e5120513f37658628b2b3bbf9827d471 [diff] [blame]