| Index: src/platform/vboot_reference/vboot_firmware/lib/firmware_image_fw.c
|
| diff --git a/src/platform/vboot_reference/vboot_firmware/lib/firmware_image_fw.c b/src/platform/vboot_reference/vboot_firmware/lib/firmware_image_fw.c
|
| index 85b4d352c508c12d39ec0805b688567dc507933f..a8cb646a963280474d12c96d0930ad59209405ff 100644
|
| --- a/src/platform/vboot_reference/vboot_firmware/lib/firmware_image_fw.c
|
| +++ b/src/platform/vboot_reference/vboot_firmware/lib/firmware_image_fw.c
|
| @@ -289,14 +289,11 @@ int VerifyFirmwareDriver_f(uint8_t* root_key_blob,
|
| }
|
| }
|
| }
|
| - /* Lock Firmware TPM rollback indices from further writes. */
|
| - /* TODO(gauravsh): Figure out if these can be combined into one
|
| - * 32-bit location since we seem to always use them together. This can help
|
| - * us minimize the number of NVRAM writes/locks (which are limited over flash
|
| - * memory lifetimes.
|
| + /* Lock Firmware TPM rollback indices from further writes. In this design,
|
| + * this is done by setting the globalLock bit, which is cleared only by
|
| + * TPM_Init at reboot.
|
| */
|
| - LockStoredVersion(FIRMWARE_KEY_VERSION);
|
| - LockStoredVersion(FIRMWARE_VERSION);
|
| + LockFirmwareVersions();
|
|
|
| /* Determine which firmware (if any) to jump to.
|
| *
|
|
|
Chromium Code Reviews
Issue 2225005:
New anti-rollback strategy (no TPM NVRAM write cycles for locking). (Closed)
Base URL: ssh://git@chromiumos-git/chromeos