OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 * | 4 * |
5 * Functions for querying, manipulating and locking rollback indices | 5 * Functions for querying, manipulating and locking rollback indices |
6 * stored in the TPM NVRAM. | 6 * stored in the TPM NVRAM. |
7 */ | 7 */ |
8 | 8 |
9 #include "rollback_index.h" | 9 #include "rollback_index.h" |
10 | 10 |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
207 | 207 |
208 /* Checks for transitions between protected mode to developer mode. When going | 208 /* Checks for transitions between protected mode to developer mode. When going |
209 * into developer mode, clear the TPM. | 209 * into developer mode, clear the TPM. |
210 */ | 210 */ |
211 static uint32_t CheckDeveloperModeTransition(uint32_t current_developer) { | 211 static uint32_t CheckDeveloperModeTransition(uint32_t current_developer) { |
212 uint32_t past_developer; | 212 uint32_t past_developer; |
213 int must_clear; | 213 int must_clear; |
214 RETURN_ON_FAILURE(TlclRead(DEVELOPER_MODE_NV_INDEX, | 214 RETURN_ON_FAILURE(TlclRead(DEVELOPER_MODE_NV_INDEX, |
215 (uint8_t*) &past_developer, | 215 (uint8_t*) &past_developer, |
216 sizeof(past_developer))); | 216 sizeof(past_developer))); |
217 must_clear = current_developer && !past_developer; | 217 must_clear = current_developer != past_developer; |
218 if (must_clear) { | 218 if (must_clear) { |
219 RETURN_ON_FAILURE(TlclForceClear()); | 219 RETURN_ON_FAILURE(TlclForceClear()); |
220 } | 220 } |
221 if (past_developer != current_developer) { | 221 if (past_developer != current_developer) { |
222 /* (Unauthorized) writes to the TPM succeed even when the TPM is disabled | 222 /* (Unauthorized) writes to the TPM succeed even when the TPM is disabled |
223 * and deactivated. | 223 * and deactivated. |
224 */ | 224 */ |
225 RETURN_ON_FAILURE(TlclWrite(DEVELOPER_MODE_NV_INDEX, | 225 RETURN_ON_FAILURE(TlclWrite(DEVELOPER_MODE_NV_INDEX, |
226 (uint8_t*) ¤t_developer, | 226 (uint8_t*) ¤t_developer, |
227 sizeof(current_developer))); | 227 sizeof(current_developer))); |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
355 return TPM_SUCCESS; | 355 return TPM_SUCCESS; |
356 } | 356 } |
357 | 357 |
358 uint32_t LockFirmwareVersions() { | 358 uint32_t LockFirmwareVersions() { |
359 return TlclSetGlobalLock(); | 359 return TlclSetGlobalLock(); |
360 } | 360 } |
361 | 361 |
362 uint32_t LockKernelVersionsByLockingPP() { | 362 uint32_t LockKernelVersionsByLockingPP() { |
363 return TlclLockPhysicalPresence(); | 363 return TlclLockPhysicalPresence(); |
364 } | 364 } |
OLD | NEW |