1// 2// Copyright (C) 2015 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#ifndef TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_ 18#define TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_ 19 20#include <string> 21 22#include <base/macros.h> 23#include <trousers/tss.h> 24#include <trousers/trousers.h> // NOLINT(build/include_alpha) 25 26#include "tpm_manager/server/openssl_crypto_util_impl.h" 27#include "tpm_manager/server/tpm_connection.h" 28#include "tpm_manager/server/tpm_initializer.h" 29 30namespace tpm_manager { 31 32class LocalDataStore; 33class TpmStatus; 34 35// This class initializes a Tpm1.2 chip by taking ownership. Example use of 36// this class is: 37// LocalDataStore data_store; 38// TpmStatusImpl status; 39// TpmInitializerImpl initializer(&data_store, &status); 40// initializer.InitializeTpm(); 41// If the tpm is unowned, InitializeTpm injects a random owner password, 42// initializes and unrestricts the SRK, and persists the owner password to disk 43// until all the owner dependencies are satisfied. 44class TpmInitializerImpl : public TpmInitializer { 45 public: 46 // Does not take ownership of |local_data_store| or |tpm_status|. 47 TpmInitializerImpl(LocalDataStore* local_data_store, TpmStatus* tpm_status); 48 ~TpmInitializerImpl() override = default; 49 50 // TpmInitializer methods. 51 bool InitializeTpm() override; 52 void VerifiedBootHelper() override; 53 bool ResetDictionaryAttackLock() override; 54 55 private: 56 // This method checks if an EndorsementKey exists on the Tpm and creates it 57 // if not. Returns true on success, else false. The |connection| already has 58 // the owner password injected. 59 bool InitializeEndorsementKey(TpmConnection* connection); 60 61 // This method takes ownership of the Tpm with the default TSS password. 62 // Returns true on success, else false. The |connection| already has the 63 // default owner password injected. 64 bool TakeOwnership(TpmConnection* connection); 65 66 // This method initializes the SRK if it does not exist, zero's the SRK 67 // password and unrestricts its usage. Returns true on success, else false. 68 // The |connection| already has the current owner password injected. 69 bool InitializeSrk(TpmConnection* connection); 70 71 // This method changes the Tpm owner password from the default TSS password 72 // to the password provided in the |owner_password| argument. 73 // Returns true on success, else false. The |connection| already has the old 74 // owner password injected. 75 bool ChangeOwnerPassword(TpmConnection* connection, 76 const std::string& owner_password); 77 78 // This method return true iff the provided |owner_password| is the current 79 // owner password in the Tpm. This method can also return false if there was 80 // an error communicating with the Tpm. 81 bool TestTpmAuth(const std::string& owner_password); 82 83 OpensslCryptoUtilImpl openssl_util_; 84 LocalDataStore* local_data_store_; 85 TpmStatus* tpm_status_; 86 87 DISALLOW_COPY_AND_ASSIGN(TpmInitializerImpl); 88}; 89 90} // namespace tpm_manager 91 92#endif // TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_ 93