1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef TPM_MANAGER_SERVER_TPM_NVRAM_IMPL_H_
18 #define TPM_MANAGER_SERVER_TPM_NVRAM_IMPL_H_
19 
20 #include "tpm_manager/server/tpm_nvram.h"
21 
22 #include <stdint.h>
23 
24 #include <string>
25 
26 #include <base/macros.h>
27 #include <trousers/scoped_tss_type.h>
28 #include <trousers/tss.h>
29 
30 #include "tpm_manager/server/tpm_connection.h"
31 
32 namespace tpm_manager {
33 
34 class LocalDataStore;
35 
36 class TpmNvramImpl : public TpmNvram {
37  public:
38   explicit TpmNvramImpl(LocalDataStore* local_data_store);
39   ~TpmNvramImpl() override = default;
40 
41   // TpmNvram methods.
42   NvramResult DefineSpace(uint32_t index,
43                           size_t size,
44                           const std::vector<NvramSpaceAttribute>& attributes,
45                           const std::string& authorization_value,
46                           NvramSpacePolicy policy) override;
47   NvramResult DestroySpace(uint32_t index) override;
48   NvramResult WriteSpace(uint32_t index,
49                          const std::string& data,
50                          const std::string& authorization_value) override;
51   NvramResult ReadSpace(uint32_t index,
52                         std::string* data,
53                         const std::string& authorization_value) override;
54   NvramResult LockSpace(uint32_t index,
55                         bool lock_read,
56                         bool lock_write,
57                         const std::string& authorization_value) override;
58   NvramResult ListSpaces(std::vector<uint32_t>* index_list) override;
59   NvramResult GetSpaceInfo(
60       uint32_t index,
61       size_t* size,
62       bool* is_read_locked,
63       bool* is_write_locked,
64       std::vector<NvramSpaceAttribute>* attributes,
65       NvramSpacePolicy* policy) override;
66 
67  private:
68   // This method creates and initializes the nvram object associated with
69   // |handle| at |index|. Returns true on success, else false.
70   bool InitializeNvramHandle(uint32_t index,
71                              trousers::ScopedTssNvStore* nv_handle,
72                              TpmConnection* connection);
73 
74   // This method injects a tpm policy with the owner password. Returns true
75   // on success.
76   bool SetOwnerPolicy(trousers::ScopedTssNvStore* nv_handle);
77 
78   // Set a usage policy for the handle with the given authorization_value.
79   bool SetUsagePolicy(const std::string& authorization_value,
80                       trousers::ScopedTssNvStore* nv_handle,
81                       TpmConnection* connection);
82 
83   // This method sets up the composite pcr provided by |pcr_handle| with the
84   // value of PCR0 at locality 1. Returns true on success.
85   bool SetCompositePcr0(trousers::ScopedTssPcrs* pcr_handle,
86                         TpmConnection* connection);
87 
88   // This method gets the owner password stored on disk and returns it via the
89   // out argument |owner_password|. Returns true if we were able to read a
90   // non empty owner_password off disk, else false.
91   bool GetOwnerPassword(std::string* owner_password);
92 
93   LocalDataStore* local_data_store_;
94   // A default non-owner connection.
95   TpmConnection tpm_connection_;
96 
97   DISALLOW_COPY_AND_ASSIGN(TpmNvramImpl);
98 };
99 
100 }  // namespace tpm_manager
101 
102 #endif  // TPM_MANAGER_SERVER_TPM_NVRAM_IMPL_H_
103