commit | b9f81dd4fd067bcbda3dfec1716126c5d095df14 | [log] [tgz] |
---|---|---|
author | Evan Green <evgreen@chromium.org> | Fri Jan 07 11:03:02 2022 -0800 |
committer | Commit Bot <commit-bot@chromium.org> | Sat Jan 08 00:25:49 2022 +0000 |
tree | 5eee531dcabf0f42bd4dfbfbee3727d5b2ab8c5f | |
parent | 0ffbd235fea6c7224798f00811246f9efc21afc8 [diff] |
Enable PCR_Reset In order to support a kernel hardened version of hibernation, we'll want to use PCR23 (or some other TBD volatile resettable PCR) as part of the policy in sealing the hibernate key. This gives the kernel a mechanism to create TPM signatures that a rogue usermode cannot duplicate. To make this all work, we need the PCR to be resettable. Enable the PCR_Reset capability, which allows (PC standard) resetting of PCRs 16, 23, and 24 (see s_initAttributes). This feature consumes 364 bytes of RW flash space, and no RAM, at present leaving 7972 bytes of RW flash available. BUG=b:213601712 TEST=make Change-Id: If7f10c771c65ebebef8de76d605e6b6ccfb294b4 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tpm2/+/3373466 Tested-by: Evan Green <evgreen@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Evan Green <evgreen@chromium.org>