Keep special indexes when performing TPM2_Clear
Some special NV indexes (FWMP) shall not be deleted when
performing TPM2_Clear, even if they were defined without
PLATFORMCREATE attribute set.
Add support for retaining such indexes over owner clear.
CQ-DEPEND=CL:1159854
BRANCH=cr50
BUG=b:112099050
TEST=1) Create FWMP.
cryptohome --action=tpm_take_ownership [and wait]
cryptohome --action=set_firmware_management_parameters \
--flags=0xbb00
2) Clear the owner.
crossystem clear_tpm_owner_request=1
reboot
3) Verify that FWMP still exists, but cannot be overwritten.
cryptohome --action=get_firmware_management_parameters
(but the following fails:)
cryptohome --action=set_firmware_management_parameters \
--flags=0xcc00
cryptohome --action=remove_firmware_management_parameters
4) Verify that it can be written/removed after taking ownership.
cryptohome --action=tpm_take_ownership [and wait]
cryptohome --action=set_firmware_management_parameters \
--flags=0xdd00
cryptohome --action=remove_firmware_management_parameters
Change-Id: I7f16e1cf12cb179ac9711b9de98f9e8779c968e8
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1159855
Reviewed-by: Randall Spangler <rspangler@chromium.org>
2 files changed