1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "tpm_manager/server/tpm_nvram_impl.h"
18
19 #include <arpa/inet.h>
20
21 #include <string>
22
23 #include <base/logging.h>
24 #include <base/stl_util.h>
25 #include <trousers/scoped_tss_type.h>
26
27 #include "tpm_manager/common/tpm_manager.pb.h"
28 #include "tpm_manager/server/local_data_store.h"
29 #include "tpm_manager/server/tpm_util.h"
30
31 namespace tpm_manager {
32
33 using trousers::ScopedTssMemory;
34 using trousers::ScopedTssNvStore;
35 using trousers::ScopedTssPcrs;
36
37 namespace {
38
39 // PCR0 at locality 1 is used to differentiate between developed and normal
40 // mode. Restricting nvram to the PCR0 value in locality 1 prevents nvram from
41 // persisting across mode switch.
42 const unsigned int kTpmBootPCR = 0;
43 const unsigned int kTpmPCRLocality = 1;
44
MapAttributesFromTpm(TPM_NV_PER_ATTRIBUTES tpm_flags,std::vector<NvramSpaceAttribute> * attributes)45 void MapAttributesFromTpm(TPM_NV_PER_ATTRIBUTES tpm_flags,
46 std::vector<NvramSpaceAttribute>* attributes) {
47 if (tpm_flags & TPM_NV_PER_WRITEDEFINE)
48 attributes->push_back(NVRAM_PERSISTENT_WRITE_LOCK);
49 if (tpm_flags & TPM_NV_PER_WRITE_STCLEAR)
50 attributes->push_back(NVRAM_BOOT_WRITE_LOCK);
51 if (tpm_flags & TPM_NV_PER_READ_STCLEAR)
52 attributes->push_back(NVRAM_BOOT_READ_LOCK);
53 if (tpm_flags & TPM_NV_PER_AUTHWRITE)
54 attributes->push_back(NVRAM_WRITE_AUTHORIZATION);
55 if (tpm_flags & TPM_NV_PER_AUTHREAD)
56 attributes->push_back(NVRAM_READ_AUTHORIZATION);
57 if (tpm_flags & TPM_NV_PER_GLOBALLOCK)
58 attributes->push_back(NVRAM_GLOBAL_LOCK);
59 if (tpm_flags & TPM_NV_PER_PPWRITE)
60 attributes->push_back(NVRAM_PLATFORM_WRITE);
61 if (tpm_flags & TPM_NV_PER_OWNERWRITE)
62 attributes->push_back(NVRAM_OWNER_WRITE);
63 if (tpm_flags & TPM_NV_PER_OWNERREAD)
64 attributes->push_back(NVRAM_OWNER_READ);
65 }
66
MapAttributesToTpm(const std::vector<NvramSpaceAttribute> & attributes)67 TPM_NV_PER_ATTRIBUTES MapAttributesToTpm(
68 const std::vector<NvramSpaceAttribute>& attributes) {
69 TPM_NV_PER_ATTRIBUTES tpm_flags = 0;
70 for (auto attribute : attributes) {
71 switch (attribute) {
72 case NVRAM_PERSISTENT_WRITE_LOCK:
73 tpm_flags |= TPM_NV_PER_WRITEDEFINE;
74 break;
75 case NVRAM_BOOT_WRITE_LOCK:
76 tpm_flags |= TPM_NV_PER_WRITE_STCLEAR;
77 break;
78 case NVRAM_BOOT_READ_LOCK:
79 tpm_flags |= TPM_NV_PER_READ_STCLEAR;
80 break;
81 case NVRAM_WRITE_AUTHORIZATION:
82 tpm_flags |= TPM_NV_PER_AUTHWRITE;
83 break;
84 case NVRAM_READ_AUTHORIZATION:
85 tpm_flags |= TPM_NV_PER_AUTHREAD;
86 break;
87 case NVRAM_GLOBAL_LOCK:
88 tpm_flags |= TPM_NV_PER_GLOBALLOCK;
89 break;
90 case NVRAM_PLATFORM_WRITE:
91 tpm_flags |= TPM_NV_PER_PPWRITE;
92 break;
93 case NVRAM_OWNER_WRITE:
94 tpm_flags |= TPM_NV_PER_OWNERWRITE;
95 break;
96 case NVRAM_OWNER_READ:
97 tpm_flags |= TPM_NV_PER_OWNERREAD;
98 break;
99 default:
100 break;
101 }
102 }
103 return tpm_flags;
104 }
105
MapTpmError(TSS_RESULT tpm_error)106 NvramResult MapTpmError(TSS_RESULT tpm_error) {
107 switch (TPM_ERROR(tpm_error)) {
108 case TPM_SUCCESS:
109 return NVRAM_RESULT_SUCCESS;
110 case TPM_E_BAD_PARAMETER:
111 case TPM_E_PER_NOWRITE:
112 case TPM_E_AUTH_CONFLICT:
113 return NVRAM_RESULT_INVALID_PARAMETER;
114 case TPM_E_AREA_LOCKED:
115 case TPM_E_READ_ONLY:
116 case TPM_E_WRITE_LOCKED:
117 case TPM_E_DISABLED_CMD:
118 return NVRAM_RESULT_OPERATION_DISABLED;
119 case TPM_E_AUTHFAIL:
120 case TPM_E_NO_NV_PERMISSION:
121 case TPM_E_WRONGPCRVAL:
122 return NVRAM_RESULT_ACCESS_DENIED;
123 case TPM_E_NOSPACE:
124 case TPM_E_RESOURCES:
125 case TPM_E_SIZE:
126 return NVRAM_RESULT_INSUFFICIENT_SPACE;
127 case TPM_E_BADINDEX:
128 case TPM_E_BAD_HANDLE:
129 return NVRAM_RESULT_SPACE_DOES_NOT_EXIST;
130 }
131 return NVRAM_RESULT_DEVICE_ERROR;
132 }
133
134 } // namespace
135
TpmNvramImpl(LocalDataStore * local_data_store)136 TpmNvramImpl::TpmNvramImpl(LocalDataStore* local_data_store)
137 : local_data_store_(local_data_store) {}
138
DefineSpace(uint32_t index,size_t size,const std::vector<NvramSpaceAttribute> & attributes,const std::string & authorization_value,NvramSpacePolicy policy)139 NvramResult TpmNvramImpl::DefineSpace(
140 uint32_t index,
141 size_t size,
142 const std::vector<NvramSpaceAttribute>& attributes,
143 const std::string& authorization_value,
144 NvramSpacePolicy policy) {
145 std::string owner_password;
146 if (!GetOwnerPassword(&owner_password)) {
147 return NVRAM_RESULT_OPERATION_DISABLED;
148 }
149 TpmConnection owner_connection(owner_password);
150 ScopedTssNvStore nv_handle(owner_connection.GetContext());
151 if (!InitializeNvramHandle(index, &nv_handle, &owner_connection)) {
152 return NVRAM_RESULT_DEVICE_ERROR;
153 }
154 TSS_RESULT result;
155 result = Tspi_SetAttribUint32(nv_handle, TSS_TSPATTRIB_NV_DATASIZE, 0, size);
156 if (TPM_ERROR(result)) {
157 TPM_LOG(ERROR, result) << "Could not set size on NVRAM object: " << size;
158 return NVRAM_RESULT_DEVICE_ERROR;
159 }
160 // Set permissions attributes.
161 result = Tspi_SetAttribUint32(nv_handle, TSS_TSPATTRIB_NV_PERMISSIONS, 0,
162 MapAttributesToTpm(attributes));
163 if (TPM_ERROR(result)) {
164 TPM_LOG(ERROR, result) << "Could not set permissions on NVRAM object";
165 return NVRAM_RESULT_DEVICE_ERROR;
166 }
167 // Set authorization.
168 if (!authorization_value.empty() &&
169 !SetUsagePolicy(authorization_value, &nv_handle, &owner_connection)) {
170 return NVRAM_RESULT_DEVICE_ERROR;
171 }
172 // Bind to PCR0.
173 TSS_HPCRS pcr_handle = 0;
174 ScopedTssPcrs scoped_pcr_handle(owner_connection.GetContext());
175 if (policy == NVRAM_POLICY_PCR0) {
176 if (!SetCompositePcr0(&scoped_pcr_handle, &owner_connection)) {
177 return NVRAM_RESULT_DEVICE_ERROR;
178 }
179 pcr_handle = scoped_pcr_handle;
180 }
181 result = Tspi_NV_DefineSpace(nv_handle, pcr_handle, /*Read*/
182 pcr_handle /*Write*/);
183 if (TPM_ERROR(result)) {
184 TPM_LOG(ERROR, result) << "Could not define NVRAM space: " << index;
185 return MapTpmError(result);
186 }
187 return NVRAM_RESULT_SUCCESS;
188 }
189
DestroySpace(uint32_t index)190 NvramResult TpmNvramImpl::DestroySpace(uint32_t index) {
191 std::string owner_password;
192 if (!GetOwnerPassword(&owner_password)) {
193 return NVRAM_RESULT_OPERATION_DISABLED;
194 }
195 TpmConnection owner_connection(owner_password);
196 ScopedTssNvStore nv_handle(owner_connection.GetContext());
197 if (!InitializeNvramHandle(index, &nv_handle, &owner_connection)) {
198 return NVRAM_RESULT_DEVICE_ERROR;
199 }
200 TSS_RESULT result = Tspi_NV_ReleaseSpace(nv_handle);
201 if (TPM_ERROR(result)) {
202 TPM_LOG(ERROR, result) << "Could not release NVRAM space: " << index;
203 return MapTpmError(result);
204 }
205 return NVRAM_RESULT_SUCCESS;
206 }
207
WriteSpace(uint32_t index,const std::string & data,const std::string & authorization_value)208 NvramResult TpmNvramImpl::WriteSpace(uint32_t index,
209 const std::string& data,
210 const std::string& authorization_value) {
211 std::vector<NvramSpaceAttribute> attributes;
212 NvramResult result =
213 GetSpaceInfo(index, nullptr, nullptr, nullptr, &attributes, nullptr);
214 if (result != NVRAM_RESULT_SUCCESS) {
215 return result;
216 }
217 ScopedTssNvStore nv_handle(tpm_connection_.GetContext());
218 if (!InitializeNvramHandle(index, &nv_handle, &tpm_connection_)) {
219 return NVRAM_RESULT_DEVICE_ERROR;
220 }
221 for (const auto& attribute : attributes) {
222 if (attribute == NVRAM_OWNER_WRITE) {
223 if (!SetOwnerPolicy(&nv_handle)) {
224 return NVRAM_RESULT_OPERATION_DISABLED;
225 }
226 break;
227 }
228 if (attribute == NVRAM_WRITE_AUTHORIZATION) {
229 if (!SetUsagePolicy(authorization_value, &nv_handle, &tpm_connection_)) {
230 return NVRAM_RESULT_DEVICE_ERROR;
231 }
232 break;
233 }
234 }
235 TSS_RESULT tpm_result = Tspi_NV_WriteValue(
236 nv_handle, 0 /* offset */, data.size(),
237 reinterpret_cast<BYTE*>(const_cast<char*>(data.data())));
238 if (TPM_ERROR(tpm_result)) {
239 TPM_LOG(ERROR, tpm_result) << "Could not write to NVRAM space: " << index;
240 return MapTpmError(tpm_result);
241 }
242 return NVRAM_RESULT_SUCCESS;
243 }
244
ReadSpace(uint32_t index,std::string * data,const std::string & authorization_value)245 NvramResult TpmNvramImpl::ReadSpace(uint32_t index,
246 std::string* data,
247 const std::string& authorization_value) {
248 CHECK(data);
249 size_t nvram_size;
250 std::vector<NvramSpaceAttribute> attributes;
251 NvramResult result =
252 GetSpaceInfo(index, &nvram_size, nullptr, nullptr, &attributes, nullptr);
253 if (result != NVRAM_RESULT_SUCCESS) {
254 return result;
255 }
256 ScopedTssNvStore nv_handle(tpm_connection_.GetContext());
257 if (!InitializeNvramHandle(index, &nv_handle, &tpm_connection_)) {
258 return NVRAM_RESULT_DEVICE_ERROR;
259 }
260 for (const auto& attribute : attributes) {
261 if (attribute == NVRAM_OWNER_READ) {
262 if (!SetOwnerPolicy(&nv_handle)) {
263 return NVRAM_RESULT_OPERATION_DISABLED;
264 }
265 break;
266 }
267 if (attribute == NVRAM_READ_AUTHORIZATION) {
268 if (!SetUsagePolicy(authorization_value, &nv_handle, &tpm_connection_)) {
269 return NVRAM_RESULT_DEVICE_ERROR;
270 }
271 break;
272 }
273 }
274 data->resize(nvram_size);
275 // The Tpm1.2 Specification defines the maximum read size of 128 bytes.
276 // Therefore we have to loop through the data returned.
277 const size_t kMaxDataSize = 128;
278 uint32_t offset = 0;
279 while (offset < nvram_size) {
280 uint32_t chunk_size = std::min(nvram_size - offset, kMaxDataSize);
281 ScopedTssMemory space_data(tpm_connection_.GetContext());
282 TSS_RESULT tpm_result =
283 Tspi_NV_ReadValue(nv_handle, offset, &chunk_size, space_data.ptr());
284 if (TPM_ERROR(tpm_result)) {
285 TPM_LOG(ERROR, tpm_result) << "Could not read from NVRAM space: "
286 << index;
287 data->clear();
288 return MapTpmError(tpm_result);
289 }
290 if (!space_data.value()) {
291 LOG(ERROR) << "No data read from NVRAM space: " << index;
292 data->clear();
293 return NVRAM_RESULT_DEVICE_ERROR;
294 }
295 CHECK_LE((offset + chunk_size), data->size());
296 data->replace(offset, chunk_size,
297 reinterpret_cast<char*>(space_data.value()), chunk_size);
298 offset += chunk_size;
299 }
300 return NVRAM_RESULT_SUCCESS;
301 }
302
LockSpace(uint32_t index,bool lock_read,bool lock_write,const std::string & authorization_value)303 NvramResult TpmNvramImpl::LockSpace(uint32_t index,
304 bool lock_read,
305 bool lock_write,
306 const std::string& authorization_value) {
307 std::vector<NvramSpaceAttribute> attributes;
308 NvramResult result =
309 GetSpaceInfo(index, nullptr, nullptr, nullptr, &attributes, nullptr);
310 if (result != NVRAM_RESULT_SUCCESS) {
311 return result;
312 }
313 if (lock_read) {
314 ScopedTssNvStore nv_handle(tpm_connection_.GetContext());
315 if (!InitializeNvramHandle(index, &nv_handle, &tpm_connection_)) {
316 return NVRAM_RESULT_DEVICE_ERROR;
317 }
318 for (const auto& attribute : attributes) {
319 if (attribute == NVRAM_OWNER_READ) {
320 if (!SetOwnerPolicy(&nv_handle)) {
321 return NVRAM_RESULT_OPERATION_DISABLED;
322 }
323 break;
324 }
325 if (attribute == NVRAM_READ_AUTHORIZATION) {
326 if (!SetUsagePolicy(authorization_value, &nv_handle,
327 &tpm_connection_)) {
328 return NVRAM_RESULT_DEVICE_ERROR;
329 }
330 break;
331 }
332 }
333 uint32_t size = 0;
334 ScopedTssMemory space_data(tpm_connection_.GetContext());
335 TSS_RESULT tpm_result =
336 Tspi_NV_ReadValue(nv_handle, 0, &size, space_data.ptr());
337 if (TPM_ERROR(tpm_result)) {
338 TPM_LOG(ERROR, tpm_result) << "Could not lock read for NVRAM space: "
339 << index;
340 return MapTpmError(tpm_result);
341 }
342 }
343 if (lock_write) {
344 ScopedTssNvStore nv_handle(tpm_connection_.GetContext());
345 if (!InitializeNvramHandle(index, &nv_handle, &tpm_connection_)) {
346 return NVRAM_RESULT_DEVICE_ERROR;
347 }
348 for (const auto& attribute : attributes) {
349 if (attribute == NVRAM_OWNER_WRITE) {
350 if (!SetOwnerPolicy(&nv_handle)) {
351 return NVRAM_RESULT_OPERATION_DISABLED;
352 }
353 break;
354 }
355 if (attribute == NVRAM_WRITE_AUTHORIZATION) {
356 if (!SetUsagePolicy(authorization_value, &nv_handle,
357 &tpm_connection_)) {
358 return NVRAM_RESULT_DEVICE_ERROR;
359 }
360 break;
361 }
362 }
363 BYTE not_used;
364 TSS_RESULT tpm_result = Tspi_NV_WriteValue(nv_handle, 0, 0, ¬_used);
365 if (TPM_ERROR(tpm_result)) {
366 TPM_LOG(ERROR, tpm_result) << "Could not lock write for NVRAM space: "
367 << index;
368 return MapTpmError(tpm_result);
369 }
370 }
371 return NVRAM_RESULT_SUCCESS;
372 }
373
ListSpaces(std::vector<uint32_t> * index_list)374 NvramResult TpmNvramImpl::ListSpaces(std::vector<uint32_t>* index_list) {
375 uint32_t nv_list_data_length = 0;
376 ScopedTssMemory nv_list_data(tpm_connection_.GetContext());
377 TSS_RESULT result =
378 Tspi_TPM_GetCapability(tpm_connection_.GetTpm(), TSS_TPMCAP_NV_LIST, 0,
379 nullptr, &nv_list_data_length, nv_list_data.ptr());
380 if (TPM_ERROR(result)) {
381 TPM_LOG(ERROR, result) << "Error calling Tspi_TPM_GetCapability";
382 return MapTpmError(result);
383 }
384 // Walk the list and check if the index exists.
385 uint32_t* nv_list = reinterpret_cast<uint32_t*>(nv_list_data.value());
386 uint32_t nv_list_length = nv_list_data_length / sizeof(uint32_t);
387 for (uint32_t i = 0; i < nv_list_length; ++i) {
388 // TPM data is network byte order.
389 index_list->push_back(ntohl(nv_list[i]));
390 }
391 return NVRAM_RESULT_SUCCESS;
392 }
393
GetSpaceInfo(uint32_t index,size_t * size,bool * is_read_locked,bool * is_write_locked,std::vector<NvramSpaceAttribute> * attributes,NvramSpacePolicy * policy)394 NvramResult TpmNvramImpl::GetSpaceInfo(
395 uint32_t index,
396 size_t* size,
397 bool* is_read_locked,
398 bool* is_write_locked,
399 std::vector<NvramSpaceAttribute>* attributes,
400 NvramSpacePolicy* policy) {
401 UINT32 nv_index_data_length = 0;
402 ScopedTssMemory nv_index_data(tpm_connection_.GetContext());
403 TSS_RESULT result =
404 Tspi_TPM_GetCapability(tpm_connection_.GetTpm(), TSS_TPMCAP_NV_INDEX,
405 sizeof(index), reinterpret_cast<BYTE*>(&index),
406 &nv_index_data_length, nv_index_data.ptr());
407 if (TPM_ERROR(result)) {
408 TPM_LOG(ERROR, result) << "Error calling Tspi_TPM_GetCapability";
409 return MapTpmError(result);
410 }
411 UINT64 offset = 0;
412 Trspi_UnloadBlob_NV_DATA_PUBLIC(&offset, nv_index_data.value(), nullptr);
413 if (nv_index_data_length < offset) {
414 LOG(ERROR) << "Not enough data from Tspi_TPM_GetCapability.";
415 return NVRAM_RESULT_DEVICE_ERROR;
416 }
417 TPM_NV_DATA_PUBLIC info;
418 offset = 0;
419 result =
420 Trspi_UnloadBlob_NV_DATA_PUBLIC(&offset, nv_index_data.value(), &info);
421 if (TPM_ERROR(result)) {
422 TPM_LOG(ERROR, result) << "Error calling Trspi_UnloadBlob_NV_DATA_PUBLIC";
423 return NVRAM_RESULT_DEVICE_ERROR;
424 }
425 if (size) {
426 *size = info.dataSize;
427 }
428 if (is_read_locked) {
429 *is_read_locked = info.bReadSTClear;
430 }
431 if (is_write_locked) {
432 *is_write_locked = info.bWriteSTClear || info.bWriteDefine;
433 }
434 if (attributes) {
435 MapAttributesFromTpm(info.permission.attributes, attributes);
436 }
437 if (policy) {
438 if (info.pcrInfoWrite.pcrSelection.sizeOfSelect > 0 &&
439 (info.pcrInfoWrite.pcrSelection.pcrSelect[0] & 1) != 0) {
440 *policy = NVRAM_POLICY_PCR0;
441 } else {
442 *policy = NVRAM_POLICY_NONE;
443 }
444 }
445 return NVRAM_RESULT_SUCCESS;
446 }
447
InitializeNvramHandle(uint32_t index,ScopedTssNvStore * nv_handle,TpmConnection * connection)448 bool TpmNvramImpl::InitializeNvramHandle(uint32_t index,
449 ScopedTssNvStore* nv_handle,
450 TpmConnection* connection) {
451 TSS_RESULT result = Tspi_Context_CreateObject(
452 connection->GetContext(), TSS_OBJECT_TYPE_NV, 0, nv_handle->ptr());
453 if (TPM_ERROR(result)) {
454 TPM_LOG(ERROR, result) << "Could not acquire an NVRAM object handle";
455 return false;
456 }
457 result = Tspi_SetAttribUint32(nv_handle->value(), TSS_TSPATTRIB_NV_INDEX, 0,
458 index);
459 if (TPM_ERROR(result)) {
460 TPM_LOG(ERROR, result) << "Could not set index on NVRAM object: " << index;
461 return false;
462 }
463 return true;
464 }
465
SetOwnerPolicy(ScopedTssNvStore * nv_handle)466 bool TpmNvramImpl::SetOwnerPolicy(ScopedTssNvStore* nv_handle) {
467 std::string owner_password;
468 if (!GetOwnerPassword(&owner_password)) {
469 return false;
470 }
471 return SetUsagePolicy(owner_password, nv_handle, &tpm_connection_);
472 }
473
SetUsagePolicy(const std::string & authorization_value,trousers::ScopedTssNvStore * nv_handle,TpmConnection * connection)474 bool TpmNvramImpl::SetUsagePolicy(const std::string& authorization_value,
475 trousers::ScopedTssNvStore* nv_handle,
476 TpmConnection* connection) {
477 trousers::ScopedTssPolicy policy_handle(connection->GetContext());
478 TSS_RESULT result;
479 result = Tspi_Context_CreateObject(connection->GetContext(),
480 TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
481 policy_handle.ptr());
482 if (TPM_ERROR(result)) {
483 TPM_LOG(ERROR, result) << "Error calling Tspi_Context_CreateObject";
484 return false;
485 }
486 result = Tspi_Policy_SetSecret(
487 policy_handle, TSS_SECRET_MODE_PLAIN, authorization_value.size(),
488 reinterpret_cast<BYTE*>(const_cast<char*>(authorization_value.data())));
489 if (TPM_ERROR(result)) {
490 TPM_LOG(ERROR, result) << "Error calling Tspi_Policy_SetSecret";
491 return false;
492 }
493 result =
494 Tspi_Policy_AssignToObject(policy_handle.value(), nv_handle->value());
495 if (TPM_ERROR(result)) {
496 TPM_LOG(ERROR, result) << "Could not set NVRAM object policy.";
497 return false;
498 }
499 return true;
500 }
501
SetCompositePcr0(ScopedTssPcrs * pcr_handle,TpmConnection * connection)502 bool TpmNvramImpl::SetCompositePcr0(ScopedTssPcrs* pcr_handle,
503 TpmConnection* connection) {
504 TSS_RESULT result = Tspi_Context_CreateObject(
505 connection->GetContext(), TSS_OBJECT_TYPE_PCRS,
506 TSS_PCRS_STRUCT_INFO_SHORT, pcr_handle->ptr());
507 if (TPM_ERROR(result)) {
508 TPM_LOG(ERROR, result) << "Could not acquire PCR object handle";
509 return false;
510 }
511 uint32_t pcr_len;
512 ScopedTssMemory pcr_value(connection->GetContext());
513 result = Tspi_TPM_PcrRead(connection->GetTpm(), kTpmBootPCR, &pcr_len,
514 pcr_value.ptr());
515 if (TPM_ERROR(result)) {
516 TPM_LOG(ERROR, result) << "Could not read PCR0 value";
517 return false;
518 }
519 result = Tspi_PcrComposite_SetPcrValue(pcr_handle->value(), kTpmBootPCR,
520 pcr_len, pcr_value.value());
521 if (TPM_ERROR(result)) {
522 TPM_LOG(ERROR, result) << "Could not set value for PCR0 in PCR handle";
523 return false;
524 }
525 result =
526 Tspi_PcrComposite_SetPcrLocality(pcr_handle->value(), kTpmPCRLocality);
527 if (TPM_ERROR(result)) {
528 TPM_LOG(ERROR, result) << "Could not set locality for PCR0 in PCR handle";
529 return false;
530 }
531 return true;
532 }
533
GetOwnerPassword(std::string * owner_password)534 bool TpmNvramImpl::GetOwnerPassword(std::string* owner_password) {
535 LocalData local_data;
536 if (!local_data_store_->Read(&local_data)) {
537 LOG(ERROR) << "Error reading local data for owner password.";
538 return false;
539 }
540 if (local_data.owner_password().empty()) {
541 LOG(ERROR) << "No owner password present in tpm local_data.";
542 return false;
543 }
544 owner_password->assign(local_data.owner_password());
545 return true;
546 }
547
548 } // namespace tpm_manager
549