Can I play a devil's advocate for a moment: it seems to me this requires a massive effort with questional benefit, aren't we moving all designs to Cr50 which has not problem updating without disrupting stateful.

I believe this is to address systems we've already shipped with hardware TPMs, which we'll be supporting for multiple more years.  We may need to update TPM firmware on those devices.

(Yes, this is easier for future devices with Cr50.)

Besides the support for lossless update on TPM 1.2 devices (which we still have several years of support ahead of us), the same series of changes will also provide a foundation for improving the overall mount-encrypted workflow and division of responsibilities and data structures with install attributes - see issue 776771 and issue 758552. Which in turn is also needed for implementing a better post-upgrade cleanup for TPM 1.2: see https://crbug.com/778332#c19.

All that combined provides sufficient justification (imo, as always) for doing this change. Also, most of the additional complexity in Tlcl req'd for that is compiled in only for the host-side version of the library to avoid bloating the firmware code.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/163b41233cbbfdd67da10017aab7c1ce9a6e0873

commit 163b41233cbbfdd67da10017aab7c1ce9a6e0873
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:28 2018

tpm_lite: Implement ReadPubek command.

Add a TlclReadPubek library function to read the public endorsement
key.

BRANCH=None
BUG= chromium:788719 
TEST=New unit tests.

Change-Id: I5f23b76b88198d656f4ba5782d2b4f25aaa082b1
Reviewed-on: https://chromium-review.googlesource.com/790413
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/stub/tpm_lite_stub.c
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/include/tpm1_tss_constants.h
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/lib/tpm_lite/tlcl.c
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/utility/tlcl_generator.c
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/include/tss_constants.h
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/Makefile
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/include/vboot_api.h
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/lib/tpm_lite/include/tlcl_structures.h
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/tests/tlcl_tests.c
[modify] https://crrev.com/163b41233cbbfdd67da10017aab7c1ce9a6e0873/firmware/include/tlcl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7

commit ac2286e8f8337a6ced00f219ec59aab52a2ac6d7
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:31 2018

tpm_lite: Implement TakeOwnership support

Add the ability to take TPM ownership. This requires two new commands:
TPM_OIAP to start an auth session and TPM_TakeOwnership to establish
ownership. TPM_TakeOwnership requires an auth session and proper
command authentication to work, which is also added.

BRANCH=None
BUG= chromium:788719 
TEST=new unit tests

Change-Id: Ib70144eedb0b1c7c43b26c06529d33ccbaa51a0e
Reviewed-on: https://chromium-review.googlesource.com/790414
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/firmware/include/tpm1_tss_constants.h
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/firmware/lib/tpm_lite/include/tlcl_internal.h
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/utility/tlcl_generator.c
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/firmware/lib/tpm_lite/include/tlcl_structures.h
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/Makefile
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/firmware/lib/tpm_lite/tlcl.c
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/tests/tlcl_tests.c
[modify] https://crrev.com/ac2286e8f8337a6ced00f219ec59aab52a2ac6d7/firmware/include/tlcl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/bc5b2db15b93f37820574b8f14a1b2e165012403

commit bc5b2db15b93f37820574b8f14a1b2e165012403
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:32 2018

tpm_lite: Add more general DefineSpaceEx function

Add a TlclDefineSpaceEx function that allows to pass additional
parameters when creating NVRAM spaces, i.e. owner authorization as
well as PCR bindings.

BRANCH=None
BUG= chromium:788719 
TEST=New unit tests.

Change-Id: I73404c05528a89604fea3bcb1f00741fb865ba77
Reviewed-on: https://chromium-review.googlesource.com/814114
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Trybot-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/firmware/include/tpm1_tss_constants.h
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/utility/tlcl_generator.c
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/firmware/lib/tpm_lite/include/tlcl_structures.h
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/firmware/lib/tpm2_lite/tlcl.c
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/utility/include/tpmextras.h
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/firmware/lib/tpm_lite/tlcl.c
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/tests/tlcl_tests.c
[modify] https://crrev.com/bc5b2db15b93f37820574b8f14a1b2e165012403/firmware/include/tlcl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/2e62620ce740bff57b659905f3a4a929898834f6

commit 2e62620ce740bff57b659905f3a4a929898834f6
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:34 2018

tpm_lite: Support delegation family functionality.

Adds two new functions and their corresponding TPM commands to create
delegation families and list the delegation family table, respectively.
This isn't sufficient to meaningfully manage delegation families, but good
enough for the (ab)use case of storing flags in delegation family labels, which
we are going to do in order to strengthen encrypted stateful to guarantee
recreation of the encrypted file system after TPM clear..

BRANCH=None
BUG= chromium:788719 
TEST=new unit tests

Change-Id: I31beb662784a8fff450b485c7cabc553944d7772
Reviewed-on: https://chromium-review.googlesource.com/817199
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/2e62620ce740bff57b659905f3a4a929898834f6/firmware/include/tpm1_tss_constants.h
[modify] https://crrev.com/2e62620ce740bff57b659905f3a4a929898834f6/utility/tlcl_generator.c
[modify] https://crrev.com/2e62620ce740bff57b659905f3a4a929898834f6/firmware/lib/tpm_lite/include/tlcl_structures.h
[modify] https://crrev.com/2e62620ce740bff57b659905f3a4a929898834f6/firmware/lib/tpm_lite/tlcl.c
[modify] https://crrev.com/2e62620ce740bff57b659905f3a4a929898834f6/tests/tlcl_tests.c
[modify] https://crrev.com/2e62620ce740bff57b659905f3a4a929898834f6/firmware/include/tlcl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/ec9040c4ef51bef43e8c94c1ecd953145861d834

commit ec9040c4ef51bef43e8c94c1ecd953145861d834
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:35 2018

tpm_lite: Add missing NVRAM attribute constants.

Add the remaining constants for NVRAM space attributes. The code
previously only declared the ones required in vboot_reference, but
that led to other code growing its own ad-hoc declarations for missing
constants. Just declare them all to simplify things.

BRANCH=None
BUG= chromium:788719 
TEST=compiles

Change-Id: I749ae5e4dc1b2ba56121fe42fd136b505d8cae80
Reviewed-on: https://chromium-review.googlesource.com/937704
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/ec9040c4ef51bef43e8c94c1ecd953145861d834/firmware/include/tpm1_tss_constants.h
[modify] https://crrev.com/ec9040c4ef51bef43e8c94c1ecd953145861d834/firmware/include/tpm2_tss_constants.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/dc060ace1b461e09a8e0547f180377d707ff347d

commit dc060ace1b461e09a8e0547f180377d707ff347d
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:37 2018

tpm_lite: Add TlclGetSpaceInfo

The new TlclGetSpaceInfo function returns more detailed information
about a defined NVRAM space. The existing TlclGetPermissions function
is now using TlclGetSpaceInfo behind the scenes.

BRANCH=None
BUG= chromium:788719 
TEST=New unit tests.

Change-Id: I6c4f490d575788b696fd742a69e81e2767ec50f1
Reviewed-on: https://chromium-review.googlesource.com/937705
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/dc060ace1b461e09a8e0547f180377d707ff347d/utility/tlcl_generator.c
[modify] https://crrev.com/dc060ace1b461e09a8e0547f180377d707ff347d/firmware/lib/tpm_lite/tlcl.c
[modify] https://crrev.com/dc060ace1b461e09a8e0547f180377d707ff347d/firmware/lib/tpm2_lite/tlcl.c
[modify] https://crrev.com/dc060ace1b461e09a8e0547f180377d707ff347d/firmware/lib/tpm_lite/include/tlcl_structures.h
[modify] https://crrev.com/dc060ace1b461e09a8e0547f180377d707ff347d/tests/tlcl_tests.c
[modify] https://crrev.com/dc060ace1b461e09a8e0547f180377d707ff347d/firmware/include/tlcl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/e4e246f15cd7c553bff62a990b2fa08be32a60f2

commit e4e246f15cd7c553bff62a990b2fa08be32a60f2
Author: Mattias Nissler <mnissler@chromium.org>
Date: Fri Apr 13 10:03:39 2018

tpm_lite: tpmc command to check owner auth

Add a command that checks whether the well-known secret (SHA1 hash of
20 zero bytes) works for owner authentication. This is accomplished by
sending a DefineSpace command for TPM_NV_INDEX_TRIAL, which will
trigger auth checks but not actually allocate an NVRAM space.
Successful command execution thus indicates that authorization was
successful. tpmc exposes the status via its exit status. This will be
used in the tpm-firmware-updater driver script to verify that the TPM
is in upgradable state.

BRANCH=None
BUG= chromium:788719 
TEST=compiles

Change-Id: I630831127e0e01186650412a92643c2153fbe2ee
Reviewed-on: https://chromium-review.googlesource.com/978171
Trybot-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/e4e246f15cd7c553bff62a990b2fa08be32a60f2/firmware/include/tpm1_tss_constants.h
[modify] https://crrev.com/e4e246f15cd7c553bff62a990b2fa08be32a60f2/utility/tpmc.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/0e2f8d032ce23b0bad12515b186568820c815b93

commit 0e2f8d032ce23b0bad12515b186568820c815b93
Author: Mattias Nissler <mnissler@chromium.org>
Date: Mon Apr 16 16:20:41 2018

infineon-firmware-updater: Add owner auth update type.

This adds a new update type to infineon-firmware-updater that use the
well-known secret (all zeros) as the owner password. The type is
selected via -update tpm12-ownerauth.

Use this new mode in tpm-firmware-updater when running in normal mode,
the TPM is already owned, and an auth check passes.

BUG= chromium:788719 
TEST=unit tests

Change-Id: Ic5554d5caa528943a5175260e57c1d625f583260
Reviewed-on: https://chromium-review.googlesource.com/978172
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[rename] https://crrev.com/0e2f8d032ce23b0bad12515b186568820c815b93/chromeos-base/infineon-firmware-updater/infineon-firmware-updater-1.1.2459.0-r24.ebuild
[modify] https://crrev.com/0e2f8d032ce23b0bad12515b186568820c815b93/chromeos-base/infineon-firmware-updater/files/tpm-firmware-updater-test
[add] https://crrev.com/0e2f8d032ce23b0bad12515b186568820c815b93/chromeos-base/infineon-firmware-updater/files/update-type-ownerauth.patch
[modify] https://crrev.com/0e2f8d032ce23b0bad12515b186568820c815b93/chromeos-base/infineon-firmware-updater/files/tpm-firmware-updater
[modify] https://crrev.com/0e2f8d032ce23b0bad12515b186568820c815b93/chromeos-base/infineon-firmware-updater/infineon-firmware-updater-1.1.2459.0.ebuild

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/30fc3359ca472699dcb233f67b40e82d36c342e6

commit 30fc3359ca472699dcb233f67b40e82d36c342e6
Author: Mattias Nissler <mnissler@chromium.org>
Date: Thu Apr 19 13:40:21 2018

Add policy flag to allow state preserving TPM firmware update.

This adds another flag to the existing TPMFirmwareUpdateSettings
policy which admins can set to allow users to invoke the device state
preserving update flow. This change just adds the flag declaration to
allow implementation of the required checks on the platform side. The
adjustments to allow the user to invoke the new update mode are left
for a subsequent code change.

BUG= chromium:788719 
TEST=Compiles and passes tests.

Change-Id: Iaed87151c8faa396620f12a207cee92eec24f122
Reviewed-on: https://chromium-review.googlesource.com/1016917
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Cr-Commit-Position: refs/heads/master@{#552000}
[modify] https://crrev.com/30fc3359ca472699dcb233f67b40e82d36c342e6/components/policy/proto/chrome_device_policy.proto
[modify] https://crrev.com/30fc3359ca472699dcb233f67b40e82d36c342e6/components/policy/resources/policy_templates.json

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/391697d0082d8a66b51cdc4ac23d5a9c6954eaea

commit 391697d0082d8a66b51cdc4ac23d5a9c6954eaea
Author: Mattias Nissler <mnissler@chromium.org>
Date: Mon May 14 22:32:33 2018

cryptohome: Unravel mount-encrypted system key loading.

Introduce dedicate functions for the different key loading variants.
Get rid of the mode enum and just call the appropriate key loading
function from the main program instead.

BUG= chromium:788719 
TEST=compiles and new tests pass.

Change-Id: I528f27f8e9af7a2b683d22500558492831cad08f
Reviewed-on: https://chromium-review.googlesource.com/1030650
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/391697d0082d8a66b51cdc4ac23d5a9c6954eaea/cryptohome/mount_encrypted/encryption_key.cc
[modify] https://crrev.com/391697d0082d8a66b51cdc4ac23d5a9c6954eaea/cryptohome/mount_encrypted.cc
[modify] https://crrev.com/391697d0082d8a66b51cdc4ac23d5a9c6954eaea/cryptohome/mount_encrypted/encryption_key.h
[modify] https://crrev.com/391697d0082d8a66b51cdc4ac23d5a9c6954eaea/cryptohome/mount_encrypted/encryption_key_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b

commit ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b
Author: Mattias Nissler <mnissler@chromium.org>
Date: Mon May 14 22:32:32 2018

cryptohome: Add mount-encrypted key handling tests.

This adds testing infrastructure and test cases for the file system
encryption key handling logic in mount-encrypted.

BUG= chromium:788719 
TEST=compiles and new tests pass.

Change-Id: Iddd60ecedb41888fef530eb7cdb6f32bdf0942f4
Reviewed-on: https://chromium-review.googlesource.com/937706
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org>

[add] https://crrev.com/ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b/cryptohome/mount_encrypted/tlcl_stub.h
[add] https://crrev.com/ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b/cryptohome/mount_encrypted/encryption_key_unittest.cc
[modify] https://crrev.com/ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b/cryptohome/mount_encrypted/encryption_key.h
[modify] https://crrev.com/ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b/cryptohome/cryptohome.gyp
[add] https://crrev.com/ddaf7ec3d1ad918169ec622ccca622f5b9a0ae6b/cryptohome/mount_encrypted/tlcl_stub.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/771c5d4bedd006731e549f91396d4e970ad128f8

commit 771c5d4bedd006731e549f91396d4e970ad128f8
Author: Mattias Nissler <mnissler@chromium.org>
Date: Mon May 14 22:32:36 2018

cryptohome: Move TPM-compatibile OAEP encryption to cryptolib

Move the OAEP encryption code that implements the RSA encryption
mechanism expected by the TPM to CryptoLib so it can be used also for
non-attestation related code.

BUG= chromium:788719 
TEST=compiles and passes tests

Change-Id: If453686a143bd5cfb6e2a65cedeb059010c3b4b9
Reviewed-on: https://chromium-review.googlesource.com/937707
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>

[modify] https://crrev.com/771c5d4bedd006731e549f91396d4e970ad128f8/cryptohome/cryptolib.cc
[modify] https://crrev.com/771c5d4bedd006731e549f91396d4e970ad128f8/cryptohome/cryptolib.h
[modify] https://crrev.com/771c5d4bedd006731e549f91396d4e970ad128f8/cryptohome/attestation.cc
[modify] https://crrev.com/771c5d4bedd006731e549f91396d4e970ad128f8/cryptohome/attestation.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/2802d15bdf14f1cfc98fbb25326263c27b0c6379

commit 2802d15bdf14f1cfc98fbb25326263c27b0c6379
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed May 16 00:46:35 2018

infineon-firmware-updater: Request stateful preservation after update

Request another stateful preservation after the TPM clear that happens
after the TPM firmware update.

BUG= chromium:788719 
TEST=Manual

Change-Id: I655eb3632b106f913c22f0c224d8695ad56f1194
Reviewed-on: https://chromium-review.googlesource.com/1012030
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/2802d15bdf14f1cfc98fbb25326263c27b0c6379/chromeos-base/infineon-firmware-updater/files/tpm-firmware-update.sh
[rename] https://crrev.com/2802d15bdf14f1cfc98fbb25326263c27b0c6379/chromeos-base/infineon-firmware-updater/infineon-firmware-updater-1.1.2459.0-r25.ebuild

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/ae044606c19d94daa7c7bfdefad7e08d0cafe926

commit ae044606c19d94daa7c7bfdefad7e08d0cafe926
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed May 16 00:46:36 2018

cryptohome: Run mount_encrypted_unittests

BUG= chromium:788719 ,  chromium:808303 
TEST=FEATURES=test emerge-$BOARD -v1 cryptohome

Change-Id: If9025f20e337abdfc7e5d6d02f6b2c3fc9d7e4d0
Reviewed-on: https://chromium-review.googlesource.com/1012031
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/ae044606c19d94daa7c7bfdefad7e08d0cafe926/chromeos-base/cryptohome/cryptohome-9999.ebuild

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/6d15cc342f067267e969958af51341ebdb6e1772

commit 6d15cc342f067267e969958af51341ebdb6e1772
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed May 23 08:25:49 2018

login: Support TPM firmware updates preserving stateful.

This add support for a new update mode to the StartTPMFirmwareUpdate
DBus call. It will set up the device to request a TPM firmware update,
request encrypted stateful to be preserved, trigger a TPM clear on
next reboot, and finally kick off the reboot.

BUG= chromium:788719 
TEST=New unit test.

Change-Id: I24bf87fa135b8530d3a3ca171695390adfcb39cc
Reviewed-on: https://chromium-review.googlesource.com/1016764
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/6d15cc342f067267e969958af51341ebdb6e1772/login_manager/crossystem.h
[modify] https://crrev.com/6d15cc342f067267e969958af51341ebdb6e1772/login_manager/session_manager_impl.cc
[modify] https://crrev.com/6d15cc342f067267e969958af51341ebdb6e1772/login_manager/session_manager_impl_unittest.cc
[modify] https://crrev.com/6d15cc342f067267e969958af51341ebdb6e1772/login_manager/crossystem.cc
[modify] https://crrev.com/6d15cc342f067267e969958af51341ebdb6e1772/login_manager/session_manager_impl.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/153f8c3801ea58f4dbc1fa645e388523d0774e79

commit 153f8c3801ea58f4dbc1fa645e388523d0774e79
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed May 23 08:25:40 2018

cryptohome: Key preservation support in mount-encrypted

Allow mount-encrypted to preserve the encryption key used before the
TPM was cleared and hence retain the encrypted file system across TPM
reset. This is triggered by a flag file. If the file is present when
the TPM is clear and missing a valid system key, we try to load the
previous system key, use it to decrypt the previous encryption key,
then generate a fresh system key to rewrap the encryption key. The
intended use of this is TPM firmware updates, which require a TPM
clear to install. We'd like to allow carrying over the stateful file
system across TPM firmware update installation.

BUG= chromium:788719 
TEST=New unit tests.

Change-Id: I675f87818bb1a41ce806a602b734681e613e116c
Reviewed-on: https://chromium-review.googlesource.com/944062
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/encryption_key_unittest.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/tpm2.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/tpm1.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/tlcl_stub.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/encryption_key.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/tpm.cc
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/tlcl_stub.h
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/tpm.h
[modify] https://crrev.com/153f8c3801ea58f4dbc1fa645e388523d0774e79/cryptohome/mount_encrypted/encryption_key.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3b52d699c956225bbac39656d65ee142c28bd321

commit 3b52d699c956225bbac39656d65ee142c28bd321
Author: Mattias Nissler <mnissler@chromium.org>
Date: Thu May 24 09:50:37 2018

Support device state preserving TPM firmware updates.

Extend the TPM firmware update code to be able to deal with different
TPM firmware update flows, represented by a newly introduced Mode
enum. In addition to the previously-existing powerwash update flow,
add a mode constant for the state preserving update flow. Change the
chrome://chrome UI to request state-preserving TPM updates if allowed.

BUG= chromium:788719 
TEST=New unit tests, manual integration testing against platform functionality.

Change-Id: I7b2340b0a470d9f4bb393cde0ca01d91db3d442e
Reviewed-on: https://chromium-review.googlesource.com/1016918
Commit-Queue: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561443}
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/chromeos/login/screens/reset_screen.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/chromeos/login/screens/reset_screen.h
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/chromeos/tpm_firmware_update.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/chromeos/tpm_firmware_update.h
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/chromeos/tpm_firmware_update_unittest.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/ui/webui/chromeos/login/core_oobe_handler.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/ui/webui/settings/about_handler.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/ui/webui/settings/about_handler.h
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/browser/ui/webui/settings/browser_lifetime_handler.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/common/pref_names.cc
[modify] https://crrev.com/3b52d699c956225bbac39656d65ee142c28bd321/chrome/common/pref_names.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/6e2d8375ad9cdbf04a02b4f12e3a930682cb0b83

commit 6e2d8375ad9cdbf04a02b4f12e3a930682cb0b83
Author: Mike Frysinger <vapier@chromium.org>
Date: Wed Jul 18 04:53:31 2018

cryptohome: add cryptohome-proto dep to new mount_encrypted_lib target

These files include cryptolib.h which requires attestation.pb.h,
so add that dep to this target to avoid build errors.

BUG= chromium:788719 
TEST=precq passes

Change-Id: I102d25ed8edef82c7f13089db7aec42b7d5e42d3
Reviewed-on: https://chromium-review.googlesource.com/1139888
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Sarthak Kukreti <sarthakkukreti@chromium.org>

[modify] https://crrev.com/6e2d8375ad9cdbf04a02b4f12e3a930682cb0b83/cryptohome/cryptohome.gyp