Test the tpm recovery script with a real TPM.

utility/chromeos_tpm_recovery

 #!/bin/sh -u
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # Run TPM diagnostics in recovery mode, and attempt to fix problems.  This is
 # specific to devices with chromeos firmware.
 #
 # Usage: chromeos_tpm_recovery <log file>
 #
 # Most of the diagnostics examine the TPM state and try to fix it.  This may
 # require clearing TPM ownership.
 
 tpmc=${USR_BIN:=/usr/bin}/tpmc
-nvtool=$USR_BIN/tpm-nvtool
-tpm_takeownership=${USR_SBIN:=/usr/sbin}/tpm_takeownership
-tcsd=$USR_SBIN/tcsd
+nvtool=${USR_LOCAL_BIN:=/usr/local/bin}/tpm-nvtool
+tpm_takeownership=${USR_LOCAL_SBIN:=/usr/local/sbin}/tpm_takeownership
+tcsd=${USR_SBIN:=/usr/sbin}/tcsd
 dot_recovery=${DOT_RECOVERY:=/mnt/stateful_partition/.recovery}
 acpi=${ACPI_DIR:=/sys/devices/platform/chromeos_acpi}
 awk=/usr/bin/awk
 
 # At the time this script starts, we assume the following holds:
 #
 # - TPM may be owned, but not with the well-known password
 # - tcsd has not been started
 
 tpm_owned_with_well_known_password=0
@@ skipping 17 matching lines @@
 # bit <n> <i> outputs bit i of number n, with bit 0 being the lsb.
 
 bit () {
   echo $(( ( $1 >> $2 ) & 1 ))
 }
 
 ensure_tcsd_is_running () {
   if [ $tcsd_pid = 0 ]; then
     $tcsd -f &
     tcsd_pid=$!
+    sleep 2    # give tcsd time to initialize
   fi
 }
 
 ensure_tcsd_is_not_running () {
   if [ $tcsd_pid != 0 ]; then
     kill $tcsd_pid
+    sleep 0.5
+    kill $tcsd_pid > /dev/null 2>&1
+    sleep 0.5
     wait $tcsd_pid > /dev/null 2>&1  # we trust that tcsd will agree to die
     tcsd_pid=0
   fi
 }
 
 tpm_clear_and_reenable () {
   ensure_tcsd_is_not_running
   $tpmc clear
   $tpmc enable
   $tpmc activate
@@ skipping 174 matching lines @@
 
 # Sanity check: are we executing in a recovery image?
 
 if [ ! -e $dot_recovery ]; then
   quit "not a recovery image"
 fi
 
 # Mnemonic: "B, I, N, F, O, and BINFO was his name-o."
 # Except it's a zero (0), not an O.
 BINF0=$acpi/BINF.0
-CRSW=$acpi/CRSW
+CHSW=$acpi/CHSW
 
 # There is no point running unless this a ChromeOS device.
 
 if [ ! -e $BINF0 ]; then
   log "not a chromeos device, exiting"
   exit 0
 fi
 
 BOOT_REASON=$(cat $BINF0)
 log "boot reason is $BOOT_REASON"
@@ skipping 28 matching lines @@
 if $tpmc getvf | grep -q "physicalPresence 0"; then
   log_tryfix "physical presence is OFF, expected ON"
   # attempt to turn on physical presence
   if $tpmc ppon; then
     log "physical presence is now on"
   else
     quit "could not turn physical presence on"
   fi
 fi
 
-DEV_MODE_NOW=$(bit $(cat $CRSW) 4)
-DEV_MODE_AT_BOOT=$(bit $(cat $CRSW) 5)
+DEV_MODE_NOW=$(bit $(cat $CHSW) 4)
+DEV_MODE_AT_BOOT=$(bit $(cat $CHSW) 5)
 
 # Check that bGlobalLock is unset
 
 if [ $DEV_MODE_NOW != $DEV_MODE_AT_BOOT ]; then
   # this is either too weird or malicious, so we give up
   quit "dev mode is $DEV_MODE_NOW, but was $DEV_MODE_AT_BOOT at boot"
 fi
 
 BGLOBALLOCK=$($tpmc getvf | $awk '/bGlobalLock/ {print $2;}')
 
 if [ 0 -ne $BGLOBALLOCK ]; then
   # this indicates either TPM malfunction or firmware malfunction.
   log "bGlobalLock is $BGLOBALLOCK (dev mode is $DEV_MODE_NOW)."
 fi
 
 # Check firmware and kernel spaces
 fix_space 0x1007 0x8001 0xa "01 00    00 00 00 00    00 00 00 00" || \
   log "could not fix firmware space"
 fix_space 0x1008 0x1 0xd "01    4c 57 52 47    00 00 00 00    00 00 00 00" || \
   log "could not fix kernel space"
 
 # Cleanup: don't leave the tpm owned with the well-known password.
 if [ $tpm_owned_with_well_known_password -eq 1 ]; then
   tpm_clear_and_reenable
 fi
 
 ensure_tcsd_is_not_running
+log "tpm recovery has completed"