Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Side by Side Diff: tpm.cc

Issue 3384032: Only check the well-known password if we know it is not owned. (Closed) Base URL: http://git.chromium.org/git/tpm_init.git
Patch Set: Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Contains the implementation of class Tpm 5 // Contains the implementation of class Tpm
6 6
7 #include "tpm.h" 7 #include "tpm.h"
8 8
9 #include <base/file_util.h> 9 #include <base/file_util.h>
10 #include <base/platform_thread.h> 10 #include <base/platform_thread.h>
(...skipping 550 matching lines...) Expand 10 before | Expand all | Expand 10 after
561 SRK_UUID, &srk_handle))) { 561 SRK_UUID, &srk_handle))) {
562 is_srk_available_ = false; 562 is_srk_available_ = false;
563 } else { 563 } else {
564 Tspi_Context_CloseObject(context_handle_, srk_handle); 564 Tspi_Context_CloseObject(context_handle_, srk_handle);
565 is_srk_available_ = true; 565 is_srk_available_ = true;
566 } 566 }
567 567
568 // If we can open the TPM with the default password, then we still need to 568 // If we can open the TPM with the default password, then we still need to
569 // zero the SRK password and unrestrict it, then change the owner password. 569 // zero the SRK password and unrestrict it, then change the owner password.
570 TSS_HTPM tpm_handle; 570 TSS_HTPM tpm_handle;
571 if (GetTpmWithAuth(context_handle_, default_owner_password, &tpm_handle) && 571 if (!file_util::PathExists(FilePath(kTpmOwnedFile)) &&
572 GetTpmWithAuth(context_handle_, default_owner_password, &tpm_handle) &&
572 TestTpmAuth(tpm_handle)) { 573 TestTpmAuth(tpm_handle)) {
573 if (!ZeroSrkPassword(context_handle_, default_owner_password)) { 574 if (!ZeroSrkPassword(context_handle_, default_owner_password)) {
574 LOG(ERROR) << "Couldn't zero SRK password"; 575 LOG(ERROR) << "Couldn't zero SRK password";
575 is_being_owned_ = false; 576 is_being_owned_ = false;
576 return false; 577 return false;
577 } 578 }
578 579
579 if (!UnrestrictSrk(context_handle_, default_owner_password)) { 580 if (!UnrestrictSrk(context_handle_, default_owner_password)) {
580 LOG(ERROR) << "Couldn't unrestrict the SRK"; 581 LOG(ERROR) << "Couldn't unrestrict the SRK";
581 is_being_owned_ = false; 582 is_being_owned_ = false;
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
627 } 628 }
628 memcpy(random.data(), tpm_data, random.size()); 629 memcpy(random.data(), tpm_data, random.size());
629 Tspi_Context_FreeMemory(context_handle, tpm_data); 630 Tspi_Context_FreeMemory(context_handle, tpm_data);
630 chromeos::SecureMemset(tpm_data, 0, random.size()); 631 chromeos::SecureMemset(tpm_data, 0, random.size());
631 Tspi_Context_Close(context_handle); 632 Tspi_Context_Close(context_handle);
632 data->swap(random); 633 data->swap(random);
633 return true; 634 return true;
634 } 635 }
635 636
636 } // namespace tpm_init 637 } // namespace tpm_init
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698