Clear TPM if software firmware WP is disabled
Change-Id: I98d111d70e777b616cb2d09ec7e2b5d982f3a91e
R=bleung@chromium.org
BUG=chrome-os-partner:3317
TEST=manual
Install R12 release with kernel version 0x00020001.
Run `crossystem tpm_kernver` to verify kernel version.
Run `flashrom --p internal:bus=spi --wp-status` to verify software WP disabled
Run R11 factory install shim
After install finishes, boot to root shell
Run `crossystem tpm_kernver` to verify kernel version is now 0x00010001
Review URL: http://codereview.chromium.org/6840031
diff --git a/factory_install.sh b/factory_install.sh
index fef4779..dc0cb43 100644
--- a/factory_install.sh
+++ b/factory_install.sh
@@ -1,6 +1,6 @@
#!/bin/sh -ex
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
@@ -89,9 +89,14 @@
# Check for physical firmware write protect. We'll only
# clear this stuff if the case is open.
if [ "$(crossystem wpsw_cur)" = "0" ]; then
- # Ensure that flash chips are in a known good state.
+ # Clear software firmware write protect.
clear_fwwp
+ fi
+ # Check for software firmware write protect. We only clear the TPM if
+ # software write protect is disabled.
+ if flashrom -p internal:bus=spi --wp-status 2>/dev/null |
+ grep -q "write protect is disabled"; then
# Ensure that we can wipe TPM if necessary.
clear_tpm
fi