GNUBoot/coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
coreboot-kgpe-d16/src/security/vboot
History
Miriam Polzer 2c38933a0e security/vboot: Add rollback NVRAM space for TPM 2 
Create an NVRAM space in TPM 2.0 that survives owner clear and can be
read and written without authorization. This space allows to seal data
with the TPM that can only be unsealed before the space was cleared.
It will be used during ChromeOS enterprise rollback to securely
carry data across a TPM clear.

Public documentation on the rollback feature:
https://source.chromium.org/chromium/chromiumos/platform2/+/main:oobe_config/README.md

BUG=b/233746744

Signed-off-by: Miriam Polzer <mpolzer@google.com>
Change-Id: I59ca0783b41a6f9ecd5b72f07de6fb403baf2820
Reviewed-on: https://review.coreboot.org/c/coreboot/+/66623
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
2022-09-17 01:42:11 +00:00
..
antirollback.h security/vboot: Add rollback NVRAM space for TPM 2 2022-09-17 01:42:11 +00:00
bootmode.c Reland "vboot_logic: Set VB2_CONTEXT_EC_TRUSTED in verstage_main" 2021-11-15 12:00:12 +00:00
common.c src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)" 2022-09-15 13:02:33 +00:00
ec_sync.c src/security: Use "if (!ptr)" in preference to "if (ptr == NULL)" 2022-09-15 13:02:33 +00:00
Kconfig treewide: Unify Google branding 2022-07-04 14:02:26 +00:00
Makefile.inc soc/intel: Add SI_DESC region to GSCVD ranges 2022-09-03 00:41:33 +00:00
misc.h cbfs/vboot: Adapt to new vb2_digest API 2022-09-02 23:51:29 +00:00
mrc_cache_hash_tpm.c cbfs/vboot: Adapt to new vb2_digest API 2022-09-02 23:51:29 +00:00
mrc_cache_hash_tpm.h security/vboot: Make mrc_cache hash functions generic 2020-10-20 23:25:39 +00:00
secdata_mock.c tpm: Refactor TPM Kconfig dimensions 2022-04-21 23:07:20 +00:00
secdata_tpm.c security/vboot: Add rollback NVRAM space for TPM 2 2022-09-17 01:42:11 +00:00
symbols.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
tpm_common.c cbfs/vboot: Adapt to new vb2_digest API 2022-09-02 23:51:29 +00:00
tpm_common.h Add Kconfig TPM 2021-05-26 12:31:10 +00:00
vbnv.c security/vboot: Deprecate VBOOT_VBNV_EC 2022-06-22 18:08:53 +00:00
vbnv.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv_cmos.c coreboot_table: Move VBOOT_VBNV support 2021-02-04 08:43:39 +00:00
vbnv_flash.c treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vbnv_layout.h treewide: Remove "this file is part of" lines 2020-05-11 17:11:40 +00:00
vboot_common.c console/cbmem_console: Rename cbmem_dump_console 2022-01-13 15:25:43 +00:00
vboot_common.h cbfs: Add metadata cache 2020-11-21 10:43:53 +00:00
vboot_lib.c src: Change BOOL CONFIG_ to CONFIG() in comments & strings 2020-07-26 21:20:30 +00:00
vboot_loader.c commonlib/bsd: Remove cb_err_t 2022-03-09 02:18:21 +00:00
vboot_logic.c tpm: Refactor TPM Kconfig dimensions 2022-04-21 23:07:20 +00:00
verstage.c verstage: Add debug print when returning from verstage 2021-04-06 07:49:43 +00:00