[coreboot-gerrit] New patch to review for coreboot: vboot: Stop creating backup space in TPM

Patrick Georgi (pgeorgi@google.com) gerrit at coreboot.org
Wed Oct 12 15:15:54 CEST 2016 

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/16997

-gerrit

commit 59d13a0770c15e18d2b9093bc63b6abf3e9a2b93
Author: Daisuke Nojiri <dnojiri at chromium.org>
Date:   Fri Oct 7 13:59:36 2016 -0700

    vboot: Stop creating backup space in TPM
    
    There is no code which uses the backup space in TPM created for vboot
    nvram.
    
    All chromebooks currently supported at the trunk store vboot nvram
    in flash directly or as a backup.
    
    BUG=chrome-os-partner:47915
    BRANCH=none
    TEST=emerge-samus coreboot
    
    Change-Id: I9445dfd822826d668b3bfed8ca50dc9386f2b2b0
    Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
    Original-Commit-Id: 5cee2d54c96ad7952af2a2c1f773ba09c5248f41
    Original-Change-Id: Ied0cec0ed489df3b39f6b9afd3941f804557944f
    Original-Signed-off-by: Daisuke Nojiri <dnojiri at chromium.org>
    Original-Reviewed-on: https://chromium-review.googlesource.com/395507
    Original-Reviewed-by: Randall Spangler <rspangler at chromium.org>
---
 src/include/antirollback.h | 4 ++--
 src/vboot/secdata_tpm.c    | 5 -----
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/src/include/antirollback.h b/src/include/antirollback.h
index f088ee2..889ba9a 100644
--- a/src/include/antirollback.h
+++ b/src/include/antirollback.h
@@ -17,8 +17,8 @@ enum vb2_pcr_digest;
 /* TPM NVRAM location indices. */
 #define FIRMWARE_NV_INDEX               0x1007
 #define KERNEL_NV_INDEX                 0x1008
-/* This is just an opaque space for backup purposes */
-#define BACKUP_NV_INDEX                 0x1009
+/* 0x1009 used to be used as a backup space. Think of conflicts if you
+ * want to use 0x1009 for something else. */
 
 /* Structure definitions for TPM spaces */
 
diff --git a/src/vboot/secdata_tpm.c b/src/vboot/secdata_tpm.c
index 76b90ab..b1f3197 100644
--- a/src/vboot/secdata_tpm.c
+++ b/src/vboot/secdata_tpm.c
@@ -245,11 +245,6 @@ static uint32_t _factory_initialize_tpm(struct vb2_context *ctx)
 	VBDEBUG("TPM: Clearing owner\n");
 	RETURN_ON_FAILURE(tpm_clear_and_reenable());
 
-	/* Define the backup space. No need to initialize it, though. */
-	RETURN_ON_FAILURE(safe_define_space(BACKUP_NV_INDEX,
-					    TPM_NV_PER_PPWRITE,
-					    VB2_NVDATA_SIZE));
-
 	/* Define and initialize the kernel space */
 	RETURN_ON_FAILURE(safe_define_space(KERNEL_NV_INDEX,
 					    TPM_NV_PER_PPWRITE,

More information about the coreboot-gerrit mailing list