1// 2// Copyright (C) 2015 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#ifndef TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 18#define TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 19 20#include "tpm_manager/server/tpm_initializer.h" 21 22#include <string> 23#include <memory> 24 25#include <base/macros.h> 26#include <trunks/trunks_factory.h> 27 28#include "tpm_manager/server/local_data_store.h" 29#include "tpm_manager/server/openssl_crypto_util.h" 30#include "tpm_manager/server/tpm_status.h" 31 32namespace tpm_manager { 33 34// This class initializes a Tpm2.0 chip by taking ownership. Example use of 35// this class is: 36// LocalDataStore data_store; 37// Tpm2StatusImpl status; 38// Tpm2InitializerImpl initializer(&data_store, &status); 39// initializer.InitializeTpm(); 40// If the tpm is unowned, InitializeTpm injects random owner, endorsement and 41// lockout passwords, intializes the SRK with empty authorization, and persists 42// the passwords to disk until all the owner dependencies are satisfied. 43class Tpm2InitializerImpl : public TpmInitializer { 44 public: 45 // Does not take ownership of arguments. 46 Tpm2InitializerImpl(const trunks::TrunksFactory& factory, 47 LocalDataStore* local_data_store, 48 TpmStatus* tpm_status); 49 // Does not take ownership of arguments. 50 Tpm2InitializerImpl(const trunks::TrunksFactory& factory, 51 OpensslCryptoUtil* openssl_util, 52 LocalDataStore* local_data_store, 53 TpmStatus* tpm_status); 54 ~Tpm2InitializerImpl() override = default; 55 56 // TpmInitializer methods. 57 bool InitializeTpm() override; 58 void VerifiedBootHelper() override; 59 bool ResetDictionaryAttackLock() override; 60 61 private: 62 // Seeds the onboard Tpm random number generator with random bytes from 63 // Openssl, if the Tpm RNG has not been seeded yet. Returns true on success. 64 bool SeedTpmRng(); 65 66 // Gets random bytes of length |num_bytes| and populates the string at 67 // |random_data|. Returns true on success. 68 bool GetTpmRandomData(size_t num_bytes, std::string* random_data); 69 70 const trunks::TrunksFactory& trunks_factory_; 71 OpensslCryptoUtil* openssl_util_; 72 LocalDataStore* local_data_store_; 73 TpmStatus* tpm_status_; 74 75 DISALLOW_COPY_AND_ASSIGN(Tpm2InitializerImpl); 76}; 77 78} // namespace tpm_manager 79 80#endif // TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 81