Support 'tpmc setbgloballock' for tpm2 case
authorAndrey Pronin <apronin@google.com>
Mon, 18 Jul 2016 18:23:12 +0000 (11:23 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Thu, 21 Jul 2016 10:15:44 +0000 (03:15 -0700)
Some scripts call 'tpmc setbgloballock' or 'tpmc block'. For tpm2
it should be equivalent to pplock, i.e. perform rollback protection
actions: writelock for NVRAM firmware index and disable platform
hierarchy.

BRANCH=none
BUG=chrome-os-partner:55210
TEST=run 'tpmc block' on kevin, check that it attempts pplock

Change-Id: I51fae6bd111cf3ff3c1dfbed7441868abad8fc15
Reviewed-on: https://chromium-review.googlesource.com/361381
Commit-Ready: Dan Shi <dshi@google.com>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
utility/tpmc.c

index f69bcd0..76a63e0 100644 (file)
@@ -450,7 +450,10 @@ command_record command_table[] = {
 #endif
   { "lockphysicalpresence", "pplock", "lock (turn off) PP until reboot",
     TlclLockPhysicalPresence },
-#ifndef TPM2_MODE
+#ifdef TPM2_MODE
+  { "setbgloballock", "block", "set rollback protection lock until reboot",
+    TlclLockPhysicalPresence },
+#else
   { "setbgloballock", "block", "set the bGlobalLock until reboot",
     TlclSetGlobalLock },
 #endif