refs/heads/stabilize-9199.B - chromiumos/third_party/tpm2

commit	21756127fdebc0b0825aba875c7d0cc75057d3d8	[log] [tgz]
author	Vadim Bendebury <vbendeb@chromium.org>	Thu Dec 29 19:14:03 2016
committer	chrome-bot <chrome-bot@chromium.org>	Thu Jan 05 03:42:20 2017
tree	e8c14f3634be389b148314425c3ea23000ddfcab
parent	569c3c58dc69d5c8628f3c329937c136be38df3f [diff]

serialize objects in NVMEM

Reference implementation stores OBJECT structures in NVRAM
unmarshaled, even though this structure layout is such that most of
its 1540 bytes remain unused by the object stored in the structure.

Marshaling the structure before storing it in NVMEM allows to save a
lot of room there.

To make sure that marshaling is not processing junk data, clear the
entire structure before allocating a new OBJECT.

This change is meant to be backwards compatible. When data is read
from NVMEM, in case its size is equal the size of OBJECT structure,
data is considered stored unmarshaled and is copied to the output
directly. If the stored size is smaller - unmarshaling function is
invoked.

BUG=chrome-os-partner:60502
TEST=tcg test suite passes (not that it exercises this a lot, just
     five instances of storing/retrieving objects for the entire
     suite). Will test on real tpm to verify NVMEM storage format
     backwards compatibility.

     Also tried taking a chrome os device through enterprise
     enrollment. With the old code after enrollment there is room for
     just two eviction objects left:

   # command to retrieve number of objects in nvmem(is in the last
   #  byte of the response)
   localhost ~ #  trunks_send --raw 80 01 00 00 00 16 00 00 01 7a 00\
        00 00 06 00 00 02 08 00 00 00 01
   80010000001B000000000100000006000000010000020800000003

   # command to retrieve how many objects the tpm estimates it is
   #  still possible to store in nvram (is in the last byte of the
   #  response)
   localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a \
      00 00 00 06 00 00 02 09 00 00 00 01
   80010000001B000000000100000006000000010000020900000002

     with the new code after enrollment the responses the above commands
     are:

   80010000001B000000000100000006000000010000020800000003
   80010000001B000000000100000006000000010000020900000004

     That is with three objects stored there is room for 4 more
     objects.

    Also verified that the device enrolled with the old version of the
    cr50 firmware remains enrolled after firmware update, which
    demonstrates backward compatibility.

Change-Id: Ic2d5f902220b451523b740b57edb7867441d1faa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424171
Reviewed-by: Andrey Pronin <apronin@chromium.org>

3 files changed

tree: e8c14f3634be389b148314425c3ea23000ddfcab