Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(120)

Unified Diff: tpm_helpers/chromeos_tpm_init

Issue 3152039: Remove obsolete file chromeos_tpm_init (Closed) Base URL: ssh://git@chromiumos-git/entd.git
Patch Set: moved to new build flow Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: tpm_helpers/chromeos_tpm_init
diff --git a/tpm_helpers/chromeos_tpm_init b/tpm_helpers/chromeos_tpm_init
deleted file mode 100755
index a4e4da9b8c0ade02fffea3efaeabf6d03412f8dd..0000000000000000000000000000000000000000
--- a/tpm_helpers/chromeos_tpm_init
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/bin/sh
-# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-#
-# Stop-gap tpm initialization code until it is integrate to the
-# setup process.
-#
-# Note: this will run and fail if the TPM is configured.
-#
-# Must be run in a terminal-less environment.
-
-# Command wrapper since there are occasionally transient bus
-# errors with TPM calls -- especially long-lived calls like
-# TPM_TakeOwnership.
-try () {
- local cmd="$1"
- shift
- local args="$@"
-
- local max_attempts=3
- local attempt=0
- local ret=1
- while [ $attempt -lt $max_attempts ]; do
- echo -n "[*] $(date +%s): running $cmd . . ."
- $cmd $args
- ret=$?
- if [ $ret -ne 0 ]; then
- echo "fail"
- else
- echo "ok"
- return 0
- fi
- attempt=$((attempt + 1))
- done
- return $ret
-}
-
-# Simple bail. We don't use set -e because not all commands are terminal.
-err () {
- echo -n "Something is wrong with the TPM. " 1>&2
- echo "Try clearing it from the BIOS." 1>&2
- exit 1
-}
-
-# 8 is the magic tpm password length.
-OWNER_PW=$(openssl rand -base64 8 | head -c 8)
-
-# temporary password so that we can reset it to nothing afterwards
-SRK_PW=1234567890
-
-# For debugging.
-# echo "owner: $OWNER_PW"
-# echo "srk: $SRK_PW"
-
-OWNED_FILE="/var/lib/.tpm_owned"
-
-take_ownership () {
- (echo ${OWNER_PW}; echo ${OWNER_PW}; echo ${SRK_PW}; echo ${SRK_PW}) |
- tpm_takeownership "$@"
-}
-
-change_srk_pw () {
- (echo ${OWNER_PW}; echo; echo) | tpm_changeownerauth -s "$@"
-}
-
-unrestrict_srk () {
- echo ${OWNER_PW} | tpm_restrictsrk -a "$@"
-}
-
-check_ek () {
- # We don't want to log this.
- tpm_getpubek "$@" &> /dev/null
-}
-
-# Log to /tmp (tmpfs) since this may leak TPM identifiable information.
-LOG_DIR=$(mktemp -d /tmp/chromeos_tpm_init.XXXXXX)
-exec 1>${LOG_DIR}/stdout
-exec 2>${LOG_DIR}/stderr
-
-# Drop a line in the system logs just so it's easy to check out
-logger "TPM initialization log directory: ${LOG_DIR}"
-
-if [ "0" = $(cat /sys/class/misc/tpm0/device/enabled) ]; then
- logger "TPM is not enabled!"
- exit 1
-fi
-
-if [ "1" = $(cat /sys/class/misc/tpm0/device/owned) ]; then
- logger "TPM is already owned!"
- exit 0
-else
- # Clean up existing opencryptoki state, flag for tpm ownership.
- rm -rf /var/lib/opencryptoki "$OWNED_FILE"
-fi
-
-echo "[-] Creating the endorsement key if needed."
-try tpm_createek
-
-echo "[-] Verifying the ek is available."
-try check_ek || err
-
-echo "[-] Setting up an owner."
-try take_ownership || err
-
-echo "[-] Ensuring the SRK has an empty password."
-try change_srk_pw || err
-
-echo "[-] Unrestricting the SRK for PKCS#11 use."
-try unrestrict_srk || err
-
-echo "[-] TPM has been configured for general use."
-touch "$OWNED_FILE"
-exit 0
-
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698