1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #ifndef TPM_MANAGER_SERVER_TPM2_NVRAM_IMPL_H_ 18 #define TPM_MANAGER_SERVER_TPM2_NVRAM_IMPL_H_ 19 20 #include "tpm_manager/server/tpm_nvram.h" 21 22 #include <memory> 23 #include <string> 24 25 #include <base/macros.h> 26 #include <trunks/trunks_factory.h> 27 28 #include "tpm_manager/common/tpm_manager.pb.h" 29 #include "tpm_manager/server/local_data_store.h" 30 31 namespace tpm_manager { 32 33 // A TpmNvram implementation backed by a TPM 2.0 device. All index values are 34 // the 'index' portion of an NV handle and must fit in 24 bits. 35 class Tpm2NvramImpl : public TpmNvram { 36 public: 37 // Does not take ownership of arguments. 38 Tpm2NvramImpl(const trunks::TrunksFactory& factory, 39 LocalDataStore* local_data_store); 40 ~Tpm2NvramImpl() override = default; 41 42 // TpmNvram methods. 43 NvramResult DefineSpace(uint32_t index, 44 size_t size, 45 const std::vector<NvramSpaceAttribute>& attributes, 46 const std::string& authorization_value, 47 NvramSpacePolicy policy) override; 48 NvramResult DestroySpace(uint32_t index) override; 49 NvramResult WriteSpace(uint32_t index, 50 const std::string& data, 51 const std::string& authorization_value) override; 52 NvramResult ReadSpace(uint32_t index, 53 std::string* data, 54 const std::string& authorization_value) override; 55 NvramResult LockSpace(uint32_t index, 56 bool lock_read, 57 bool lock_write, 58 const std::string& authorization_value) override; 59 NvramResult ListSpaces(std::vector<uint32_t>* index_list) override; 60 NvramResult GetSpaceInfo( 61 uint32_t index, 62 size_t* size, 63 bool* is_read_locked, 64 bool* is_write_locked, 65 std::vector<NvramSpaceAttribute>* attributes, 66 NvramSpacePolicy* policy) override; 67 68 private: 69 // Must be called before using any data members. This may be called multiple 70 // times and will be very fast if already initialized. 71 bool Initialize(); 72 73 // Gets the TPM owner password. Returns an empty string if not available. 74 std::string GetOwnerPassword(); 75 76 // Configures |trunks_session_| with owner authorization. Returns true on 77 // success. 78 bool SetupOwnerSession(); 79 80 // Configures a new policy |session| for a given |policy_record|, 81 // |authorization_value|, and |command_code|. Returns true on success. 82 bool SetupPolicySession(const NvramPolicyRecord& policy_record, 83 const std::string& authorization_value, 84 trunks::TPM_CC command_code, 85 trunks::PolicySession* session); 86 87 // A helper to add policies to a |session| for a particular |command_code| and 88 // |policy_record|. Returns true on success. 89 bool AddPoliciesForCommand(const NvramPolicyRecord& policy_record, 90 trunks::TPM_CC command_code, 91 trunks::PolicySession* session); 92 93 // A helper to add an OR policy to |session| based on |policy_record|. Returns 94 // true on success. 95 bool AddPolicyOR(const NvramPolicyRecord& policy_record, 96 trunks::PolicySession* session); 97 98 // Computes the policy |digest| for a given |policy_record| and fills the 99 // policy_digests field in the |policy_record|. 100 bool ComputePolicyDigest(NvramPolicyRecord* policy_record, 101 std::string* digest); 102 103 // Gets the policy |record| for the given |index|. Returns true on success. 104 bool GetPolicyRecord(uint32_t index, NvramPolicyRecord* record); 105 106 // Saves a policy |record| in the local_data_store_. 107 bool SavePolicyRecord(const NvramPolicyRecord& record); 108 109 // Best effort delete of the policy |record| for |index|. 110 void DeletePolicyRecord(uint32_t index); 111 112 const trunks::TrunksFactory& trunks_factory_; 113 LocalDataStore* local_data_store_; 114 bool initialized_; 115 std::unique_ptr<trunks::HmacSession> trunks_session_; 116 std::unique_ptr<trunks::TpmUtility> trunks_utility_; 117 118 friend class Tpm2NvramTest; 119 DISALLOW_COPY_AND_ASSIGN(Tpm2NvramImpl); 120 }; 121 122 } // namespace tpm_manager 123 124 #endif // TPM_MANAGER_SERVER_TPM2_NVRAM_IMPL_H_ 125