1259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// 2259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// Copyright (C) 2015 The Android Open Source Project 3259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// 4259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// Licensed under the Apache License, Version 2.0 (the "License"); 5259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// you may not use this file except in compliance with the License. 6259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// You may obtain a copy of the License at 7259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// 8259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// http://www.apache.org/licenses/LICENSE-2.0 9259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// 10259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// Unless required by applicable law or agreed to in writing, software 11259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// distributed under the License is distributed on an "AS IS" BASIS, 12259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// See the License for the specific language governing permissions and 14259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// limitations under the License. 15259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// 1650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 1750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#ifndef TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 1850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#define TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 1950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 2050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/tpm_initializer.h" 2150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 2250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <string> 2350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <memory> 2450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 2550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <base/macros.h> 2650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <trunks/trunks_factory.h> 2750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 2850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/local_data_store.h" 2950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/openssl_crypto_util.h" 3050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/tpm_status.h" 3150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 3250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghinamespace tpm_manager { 3350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 3450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// This class initializes a Tpm2.0 chip by taking ownership. Example use of 3550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// this class is: 3650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// LocalDataStore data_store; 3750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// Tpm2StatusImpl status; 3850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// Tpm2InitializerImpl initializer(&data_store, &status); 3950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// initializer.InitializeTpm(); 4050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// If the tpm is unowned, InitializeTpm injects random owner, endorsement and 4150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// lockout passwords, intializes the SRK with empty authorization, and persists 4250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// the passwords to disk until all the owner dependencies are satisfied. 4350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghiclass Tpm2InitializerImpl : public TpmInitializer { 4450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi public: 45a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn // Does not take ownership of arguments. 46a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn Tpm2InitializerImpl(const trunks::TrunksFactory& factory, 47a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn LocalDataStore* local_data_store, 48a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn TpmStatus* tpm_status); 49a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn // Does not take ownership of arguments. 50a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn Tpm2InitializerImpl(const trunks::TrunksFactory& factory, 5150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi OpensslCryptoUtil* openssl_util, 5250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi LocalDataStore* local_data_store, 5350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi TpmStatus* tpm_status); 5450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi ~Tpm2InitializerImpl() override = default; 5550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 5650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi // TpmInitializer methods. 5750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi bool InitializeTpm() override; 58a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn void VerifiedBootHelper() override; 59a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn bool ResetDictionaryAttackLock() override; 6050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 6150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi private: 6250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi // Seeds the onboard Tpm random number generator with random bytes from 6350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi // Openssl, if the Tpm RNG has not been seeded yet. Returns true on success. 6450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi bool SeedTpmRng(); 6550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 6650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi // Gets random bytes of length |num_bytes| and populates the string at 6750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi // |random_data|. Returns true on success. 6850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi bool GetTpmRandomData(size_t num_bytes, std::string* random_data); 6950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 70a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn const trunks::TrunksFactory& trunks_factory_; 7150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi OpensslCryptoUtil* openssl_util_; 7250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi LocalDataStore* local_data_store_; 7350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi TpmStatus* tpm_status_; 7450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 7550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi DISALLOW_COPY_AND_ASSIGN(Tpm2InitializerImpl); 7650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi}; 7750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 7850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi} // namespace tpm_manager 7950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi 8050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#endif // TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 81