1//
2// Copyright (C) 2015 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#ifndef TPM_MANAGER_SERVER_TPM_NVRAM_IMPL_H_
18#define TPM_MANAGER_SERVER_TPM_NVRAM_IMPL_H_
19
20#include "tpm_manager/server/tpm_nvram.h"
21
22#include <stdint.h>
23
24#include <string>
25
26#include <base/macros.h>
27#include <trousers/scoped_tss_type.h>
28#include <trousers/tss.h>
29
30#include "tpm_manager/server/tpm_connection.h"
31
32namespace tpm_manager {
33
34class LocalDataStore;
35
36class TpmNvramImpl : public TpmNvram {
37 public:
38  explicit TpmNvramImpl(LocalDataStore* local_data_store);
39  ~TpmNvramImpl() override = default;
40
41  // TpmNvram methods.
42  NvramResult DefineSpace(uint32_t index,
43                          size_t size,
44                          const std::vector<NvramSpaceAttribute>& attributes,
45                          const std::string& authorization_value,
46                          NvramSpacePolicy policy) override;
47  NvramResult DestroySpace(uint32_t index) override;
48  NvramResult WriteSpace(uint32_t index,
49                         const std::string& data,
50                         const std::string& authorization_value) override;
51  NvramResult ReadSpace(uint32_t index,
52                        std::string* data,
53                        const std::string& authorization_value) override;
54  NvramResult LockSpace(uint32_t index,
55                        bool lock_read,
56                        bool lock_write,
57                        const std::string& authorization_value) override;
58  NvramResult ListSpaces(std::vector<uint32_t>* index_list) override;
59  NvramResult GetSpaceInfo(
60      uint32_t index,
61      size_t* size,
62      bool* is_read_locked,
63      bool* is_write_locked,
64      std::vector<NvramSpaceAttribute>* attributes,
65      NvramSpacePolicy* policy) override;
66
67 private:
68  // This method creates and initializes the nvram object associated with
69  // |handle| at |index|. Returns true on success, else false.
70  bool InitializeNvramHandle(uint32_t index,
71                             trousers::ScopedTssNvStore* nv_handle,
72                             TpmConnection* connection);
73
74  // This method injects a tpm policy with the owner password. Returns true
75  // on success.
76  bool SetOwnerPolicy(trousers::ScopedTssNvStore* nv_handle);
77
78  // Set a usage policy for the handle with the given authorization_value.
79  bool SetUsagePolicy(const std::string& authorization_value,
80                      trousers::ScopedTssNvStore* nv_handle,
81                      TpmConnection* connection);
82
83  // This method sets up the composite pcr provided by |pcr_handle| with the
84  // value of PCR0 at locality 1. Returns true on success.
85  bool SetCompositePcr0(trousers::ScopedTssPcrs* pcr_handle,
86                        TpmConnection* connection);
87
88  // This method gets the owner password stored on disk and returns it via the
89  // out argument |owner_password|. Returns true if we were able to read a
90  // non empty owner_password off disk, else false.
91  bool GetOwnerPassword(std::string* owner_password);
92
93  LocalDataStore* local_data_store_;
94  // A default non-owner connection.
95  TpmConnection tpm_connection_;
96
97  DISALLOW_COPY_AND_ASSIGN(TpmNvramImpl);
98};
99
100}  // namespace tpm_manager
101
102#endif  // TPM_MANAGER_SERVER_TPM_NVRAM_IMPL_H_
103