| Index: tpm_helpers/chromeos_tpm_init
|
| diff --git a/tpm_helpers/chromeos_tpm_init b/tpm_helpers/chromeos_tpm_init
|
| deleted file mode 100755
|
| index a4e4da9b8c0ade02fffea3efaeabf6d03412f8dd..0000000000000000000000000000000000000000
|
| --- a/tpm_helpers/chromeos_tpm_init
|
| +++ /dev/null
|
| @@ -1,115 +0,0 @@
|
| -#!/bin/sh
|
| -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
|
| -# Use of this source code is governed by a BSD-style license that can be
|
| -# found in the LICENSE file.
|
| -#
|
| -# Stop-gap tpm initialization code until it is integrate to the
|
| -# setup process.
|
| -#
|
| -# Note: this will run and fail if the TPM is configured.
|
| -#
|
| -# Must be run in a terminal-less environment.
|
| -
|
| -# Command wrapper since there are occasionally transient bus
|
| -# errors with TPM calls -- especially long-lived calls like
|
| -# TPM_TakeOwnership.
|
| -try () {
|
| - local cmd="$1"
|
| - shift
|
| - local args="$@"
|
| -
|
| - local max_attempts=3
|
| - local attempt=0
|
| - local ret=1
|
| - while [ $attempt -lt $max_attempts ]; do
|
| - echo -n "[*] $(date +%s): running $cmd . . ."
|
| - $cmd $args
|
| - ret=$?
|
| - if [ $ret -ne 0 ]; then
|
| - echo "fail"
|
| - else
|
| - echo "ok"
|
| - return 0
|
| - fi
|
| - attempt=$((attempt + 1))
|
| - done
|
| - return $ret
|
| -}
|
| -
|
| -# Simple bail. We don't use set -e because not all commands are terminal.
|
| -err () {
|
| - echo -n "Something is wrong with the TPM. " 1>&2
|
| - echo "Try clearing it from the BIOS." 1>&2
|
| - exit 1
|
| -}
|
| -
|
| -# 8 is the magic tpm password length.
|
| -OWNER_PW=$(openssl rand -base64 8 | head -c 8)
|
| -
|
| -# temporary password so that we can reset it to nothing afterwards
|
| -SRK_PW=1234567890
|
| -
|
| -# For debugging.
|
| -# echo "owner: $OWNER_PW"
|
| -# echo "srk: $SRK_PW"
|
| -
|
| -OWNED_FILE="/var/lib/.tpm_owned"
|
| -
|
| -take_ownership () {
|
| - (echo ${OWNER_PW}; echo ${OWNER_PW}; echo ${SRK_PW}; echo ${SRK_PW}) |
|
| - tpm_takeownership "$@"
|
| -}
|
| -
|
| -change_srk_pw () {
|
| - (echo ${OWNER_PW}; echo; echo) | tpm_changeownerauth -s "$@"
|
| -}
|
| -
|
| -unrestrict_srk () {
|
| - echo ${OWNER_PW} | tpm_restrictsrk -a "$@"
|
| -}
|
| -
|
| -check_ek () {
|
| - # We don't want to log this.
|
| - tpm_getpubek "$@" &> /dev/null
|
| -}
|
| -
|
| -# Log to /tmp (tmpfs) since this may leak TPM identifiable information.
|
| -LOG_DIR=$(mktemp -d /tmp/chromeos_tpm_init.XXXXXX)
|
| -exec 1>${LOG_DIR}/stdout
|
| -exec 2>${LOG_DIR}/stderr
|
| -
|
| -# Drop a line in the system logs just so it's easy to check out
|
| -logger "TPM initialization log directory: ${LOG_DIR}"
|
| -
|
| -if [ "0" = $(cat /sys/class/misc/tpm0/device/enabled) ]; then
|
| - logger "TPM is not enabled!"
|
| - exit 1
|
| -fi
|
| -
|
| -if [ "1" = $(cat /sys/class/misc/tpm0/device/owned) ]; then
|
| - logger "TPM is already owned!"
|
| - exit 0
|
| -else
|
| - # Clean up existing opencryptoki state, flag for tpm ownership.
|
| - rm -rf /var/lib/opencryptoki "$OWNED_FILE"
|
| -fi
|
| -
|
| -echo "[-] Creating the endorsement key if needed."
|
| -try tpm_createek
|
| -
|
| -echo "[-] Verifying the ek is available."
|
| -try check_ek || err
|
| -
|
| -echo "[-] Setting up an owner."
|
| -try take_ownership || err
|
| -
|
| -echo "[-] Ensuring the SRK has an empty password."
|
| -try change_srk_pw || err
|
| -
|
| -echo "[-] Unrestricting the SRK for PKCS#11 use."
|
| -try unrestrict_srk || err
|
| -
|
| -echo "[-] TPM has been configured for general use."
|
| -touch "$OWNED_FILE"
|
| -exit 0
|
| -
|
|
|
Chromium Code Reviews
Issue 3152039:
Remove obsolete file chromeos_tpm_init (Closed)
Base URL: ssh://git@chromiumos-git/entd.git