1259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi//
2259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// Copyright (C) 2015 The Android Open Source Project
3259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi//
4259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// Licensed under the Apache License, Version 2.0 (the "License");
5259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// you may not use this file except in compliance with the License.
6259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// You may obtain a copy of the License at
7259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi//
8259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi//      http://www.apache.org/licenses/LICENSE-2.0
9259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi//
10259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// Unless required by applicable law or agreed to in writing, software
11259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// distributed under the License is distributed on an "AS IS" BASIS,
12259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// See the License for the specific language governing permissions and
14259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi// limitations under the License.
15259fa1be39c0a35ec374fe127ba49d1c5ed5eb18Utkarsh Sanghi//
1650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
1750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#ifndef TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_
1850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#define TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_
1950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
2050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/tpm_initializer.h"
2150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
2250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <string>
2350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <memory>
2450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
2550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <base/macros.h>
2650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include <trunks/trunks_factory.h>
2750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
2850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/local_data_store.h"
2950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/openssl_crypto_util.h"
3050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#include "tpm_manager/server/tpm_status.h"
3150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
3250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghinamespace tpm_manager {
3350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
3450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// This class initializes a Tpm2.0 chip by taking ownership. Example use of
3550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// this class is:
3650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// LocalDataStore data_store;
3750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// Tpm2StatusImpl status;
3850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// Tpm2InitializerImpl initializer(&data_store, &status);
3950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// initializer.InitializeTpm();
4050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// If the tpm is unowned, InitializeTpm injects random owner, endorsement and
4150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// lockout passwords, intializes the SRK with empty authorization, and persists
4250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi// the passwords to disk until all the owner dependencies are satisfied.
4350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghiclass Tpm2InitializerImpl : public TpmInitializer {
4450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi public:
45a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  // Does not take ownership of arguments.
46a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  Tpm2InitializerImpl(const trunks::TrunksFactory& factory,
47a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn                      LocalDataStore* local_data_store,
48a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn                      TpmStatus* tpm_status);
49a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  // Does not take ownership of arguments.
50a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  Tpm2InitializerImpl(const trunks::TrunksFactory& factory,
5150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi                      OpensslCryptoUtil* openssl_util,
5250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi                      LocalDataStore* local_data_store,
5350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi                      TpmStatus* tpm_status);
5450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  ~Tpm2InitializerImpl() override = default;
5550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
5650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  // TpmInitializer methods.
5750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  bool InitializeTpm() override;
58a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  void VerifiedBootHelper() override;
59a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  bool ResetDictionaryAttackLock() override;
6050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
6150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi private:
6250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  // Seeds the onboard Tpm random number generator with random bytes from
6350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  // Openssl, if the Tpm RNG has not been seeded yet. Returns true on success.
6450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  bool SeedTpmRng();
6550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
6650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  // Gets random bytes of length |num_bytes| and populates the string at
6750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  // |random_data|. Returns true on success.
6850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  bool GetTpmRandomData(size_t num_bytes, std::string* random_data);
6950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
70a94133441da308b30c6fe18cc4e2b866498ee401Darren Krahn  const trunks::TrunksFactory& trunks_factory_;
7150e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  OpensslCryptoUtil* openssl_util_;
7250e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  LocalDataStore* local_data_store_;
7350e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  TpmStatus* tpm_status_;
7450e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
7550e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi  DISALLOW_COPY_AND_ASSIGN(Tpm2InitializerImpl);
7650e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi};
7750e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
7850e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi}  // namespace tpm_manager
7950e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi
8050e52ff6bcc478118a1cdec27903a5af5061d77bUtkarsh Sanghi#endif  // TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_
81