Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / tpm2 / refs/heads/stabilize-13983.B^! / .
commit37335af9c5488ed349271a8ba9ff209c940a5e2c[log] [tgz]
authorLeo Lai <cylai@google.com>Sat May 15 23:56:37 2021 +0800
committerCommit Bot <commit-bot@chromium.org>Wed May 19 11:35:55 2021 +0000
tree679fa8b14bd105ad9959a0f82eaa928d5b18890d
parent6003a4d22289f86814155b867319e3611a8ebcbc [diff]
Configure EK cert indices by TPM variants.

For generic TPM2.0 we have different EK cert indices.

BUG=b:183477139
TEST=`tpm_manager_client list_spaces` and check if the indices are
C00002 and C0000A

Cq-Depend: chromium:2900003
Change-Id: Iac8c03e0f60067fae9de2de7dc2614beeb99f79b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/tpm2/+/2896433
Reviewed-by: Yi Chou <yich@google.com>
Tested-by: Leo Lai <cylai@google.com>
Commit-Queue: Leo Lai <cylai@google.com>

diff --git a/Makefile b/Makefile
index 2b80299..422c33d 100644
--- a/Makefile
+++ b/Makefile

@@ -304,6 +304,9 @@
 ifneq ($(TPM2_SIMULATOR_MANUFACTURER),)
 CFLAGS += -DTPM2_SIMULATOR_MANUFACTURER
 endif
+ifneq ($(TCG_EK_CERT_INDICES),)
+CFLAGS += -DTCG_EK_CERT_INDICES
+endif
 ifeq ($(EMBEDDED_MODE),)
 SOURCES += $(HOST_SOURCES)
 CFLAGS += -Wall -Werror -fPIC

diff --git a/endorsement.c b/endorsement.c
index 15e3423..c8ed941 100644
--- a/endorsement.c
+++ b/endorsement.c

@@ -12,7 +12,13 @@
 
 #include <string.h>
 
-#define EK_CERT_NV_START_INDEX 0x01C00000
+#ifdef TCG_EK_CERT_INDICES
+#define RSA_EK_CERT_NV_INDEX 0x01C00002
+#define ECC_EK_CERT_NV_INDEX 0x01C0000a
+#else
+#define RSA_EK_CERT_NV_INDEX 0x01C00000
+#define ECC_EK_CERT_NV_INDEX 0x01C00001
+#endif
 
 enum cros_perso_component_type {
   CROS_PERSO_COMPONENT_TYPE_EPS = 128,
@@ -185,8 +191,6 @@
 
 static int store_cert(enum cros_perso_component_type component_type,
                       const uint8_t *cert, size_t cert_len) {
-  const uint32_t rsa_ek_nv_index = EK_CERT_NV_START_INDEX;
-  const uint32_t ecc_ek_nv_index = EK_CERT_NV_START_INDEX + 1;
   uint32_t nv_index;
   NV_DefineSpace_In define_space;
   TPMA_NV space_attributes;
@@ -203,9 +207,9 @@
   HierarchyStartup(SU_RESET);
 
   if (component_type == CROS_PERSO_COMPONENT_TYPE_RSA_CERT)
-    nv_index = rsa_ek_nv_index;
+    nv_index = RSA_EK_CERT_NV_INDEX;
   else /* P256 certificate. */
-    nv_index = ecc_ek_nv_index;
+    nv_index = ECC_EK_CERT_NV_INDEX;
 
   /* EK Credential attributes specified in the "TCG PC Client
    * Platform, TPM Profile (PTP) Specification" document.
@@ -273,4 +277,4 @@
   return 1;
 }
 
-LIB_EXPORT int tpm_endorse(void) { return install_fixed_certs(); }
\ No newline at end of file
+LIB_EXPORT int tpm_endorse(void) { return install_fixed_certs(); }