-
igorcov authored
As part of enrollment, the firmware management parameters (FWMP) partition from TPM has to be set including the flags to mark if the devmode is blocked. The update has to be done before the TPM is locked but after the policy is retrieved. It is implemented by including additional step in enrollment process that makes the D-Bus call to cryptohome to set the data in FWMP. Similarly when the device is deprovisioned, the firmware management parameters are removed from TPM when it is established that it is a consumer owned device. BUG=685144 Review-Url: https://codereview.chromium.org/2727713003 Cr-Commit-Position: refs/heads/master@{#462886}
d6dbbe9a