1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #ifndef TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_ 18 #define TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_ 19 20 #include <string> 21 22 #include <base/macros.h> 23 #include <trousers/tss.h> 24 #include <trousers/trousers.h> // NOLINT(build/include_alpha) 25 26 #include "tpm_manager/server/openssl_crypto_util_impl.h" 27 #include "tpm_manager/server/tpm_connection.h" 28 #include "tpm_manager/server/tpm_initializer.h" 29 30 namespace tpm_manager { 31 32 class LocalDataStore; 33 class TpmStatus; 34 35 // This class initializes a Tpm1.2 chip by taking ownership. Example use of 36 // this class is: 37 // LocalDataStore data_store; 38 // TpmStatusImpl status; 39 // TpmInitializerImpl initializer(&data_store, &status); 40 // initializer.InitializeTpm(); 41 // If the tpm is unowned, InitializeTpm injects a random owner password, 42 // initializes and unrestricts the SRK, and persists the owner password to disk 43 // until all the owner dependencies are satisfied. 44 class TpmInitializerImpl : public TpmInitializer { 45 public: 46 // Does not take ownership of |local_data_store| or |tpm_status|. 47 TpmInitializerImpl(LocalDataStore* local_data_store, TpmStatus* tpm_status); 48 ~TpmInitializerImpl() override = default; 49 50 // TpmInitializer methods. 51 bool InitializeTpm() override; 52 void VerifiedBootHelper() override; 53 bool ResetDictionaryAttackLock() override; 54 55 private: 56 // This method checks if an EndorsementKey exists on the Tpm and creates it 57 // if not. Returns true on success, else false. The |connection| already has 58 // the owner password injected. 59 bool InitializeEndorsementKey(TpmConnection* connection); 60 61 // This method takes ownership of the Tpm with the default TSS password. 62 // Returns true on success, else false. The |connection| already has the 63 // default owner password injected. 64 bool TakeOwnership(TpmConnection* connection); 65 66 // This method initializes the SRK if it does not exist, zero's the SRK 67 // password and unrestricts its usage. Returns true on success, else false. 68 // The |connection| already has the current owner password injected. 69 bool InitializeSrk(TpmConnection* connection); 70 71 // This method changes the Tpm owner password from the default TSS password 72 // to the password provided in the |owner_password| argument. 73 // Returns true on success, else false. The |connection| already has the old 74 // owner password injected. 75 bool ChangeOwnerPassword(TpmConnection* connection, 76 const std::string& owner_password); 77 78 // This method return true iff the provided |owner_password| is the current 79 // owner password in the Tpm. This method can also return false if there was 80 // an error communicating with the Tpm. 81 bool TestTpmAuth(const std::string& owner_password); 82 83 OpensslCryptoUtilImpl openssl_util_; 84 LocalDataStore* local_data_store_; 85 TpmStatus* tpm_status_; 86 87 DISALLOW_COPY_AND_ASSIGN(TpmInitializerImpl); 88 }; 89 90 } // namespace tpm_manager 91 92 #endif // TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_ 93