Add NVRAM size limit to nano-emulator and add test to recover from NVRAM hog attack.

utility/chromeos_tpm_recovery

 #!/bin/sh -u
 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # Run TPM diagnostics in recovery mode, and attempt to fix problems.  This is
 # specific to devices with chromeos firmware.
 #
 # Usage: chromeos_tpm_recovery <log file>
 #
@@ skipping 54 matching lines @@
 
 tpm_clear_and_reenable () {
   ensure_tcsd_is_not_running
   $tpmc clear
   $tpmc enable
   $tpmc activate
   tpm_owned_with_well_known_password=0
   tpm_unowned=1
 }
 
+# We want the TPM owned with the well-known password.
+
 ensure_tpm_is_owned () {
-  if [ $tpm_owned_with_well_known_password = 0 -a \
-       $tpm_unowned = 0 ]; then
+  if [ $tpm_owned_with_well_known_password = 0 ]; then
     tpm_clear_and_reenable
     ensure_tcsd_is_running
     $tpm_takeownership -y -z || log "takeownership failed with status $?"
     tpm_owned_with_well_known_password=1
     tpm_unowned=0
   fi
 }
 
 ensure_tpm_is_unowned () {
   if [ $tpm_unowned = 0 ]; then
@@ skipping 21 matching lines @@
 /# NV Index 0xffffffff/ { next } # NV_INDEX_LOCK
 /# NV Index 0x00000000/ { next } # NV_INDEX0
 /# NV Index 0x00000001/ { next } # NV_INDEX_DIR
 /# NV Index 0x0000f.../ { next } # reserved for TPM use
 /# NV Index 0x0001..../ { next } # reserved for TCG WGs
 /# NV Index 0x00001007/ { next } # firmware space index
 /# NV Index 0x00001008/ { next } # kernel space index
 /# NV Index / { print $4 } #unexpected space
 EOF
 
+  local index
+
+  log "trying to make room by freeing one space"
   ensure_tcsd_is_running
   ensure_tpm_is_owned
   unexpected_spaces=$($nvtool --list | $awk -f $AWK_PROGRAM)
 
   status=1
 
-  if ("$unexpected_spaces" != ""); then
+  if [ "$unexpected_spaces" != "" ]; then
     log_tryfix "unexpected spaces: $unexpected_spaces"
     for index in $unexpected_spaces; do
-      if remove_space $index; then
+      log "trying to remove space $index"
+      if remove_space $(printf "0x%x" $(( $index )) ); then
         status=0
         break;
       fi
     done
   fi
 
   return $status
 }
 
 # define_space <index> <size> <permissions>
 
 define_space () {
   local index=$1
   local size=$2
   local permissions=$3
   # 0xf004 is for testing if there is enough room without side effects.
   local test_space=0xf004
   local perm_ppwrite=0x1
   local enough_room
 
   ensure_tpm_is_unowned
   while true; do
+    log "checking for NVRAM room for space with size $size"
     if $tpmc definespace $test_space $size $perm_ppwrite; then
+      log "there is enough room"
       enough_room=1
       break
     else
+      log "definespace $test_space $size failed with status $?"
       if ! make_room; then
         enough_room=0
         break
       fi
     fi
   done
 
   if [ $enough_room -eq 0 ]; then
     log "not enough room to define space $index"
     return 1
@@ skipping 56 matching lines @@
 
 # ------------
 # MAIN PROGRAM
 # ------------
 
 # Set up logging and announce ourselves.
 
 if [ $# = 1 ]; then
   RECOVERY_LOG="$1"
   /usr/bin/logger "$0 started, output in $RECOVERY_LOG"
-  log "starting"
+  log "starting $0"
 else
   /usr/bin/logger "$0 usage error"
   echo "usage: $0 <log file>"
   exit 1
 fi
 
 # Sanity check: are we executing in a recovery image?
 
 if [ ! -e $dot_recovery ]; then
   quit "not a recovery image"
@@ skipping 73 matching lines @@
   log "could not fix firmware space"
 fix_space 0x1008 0x1 0xd "01    4c 57 52 47    00 00 00 00    00 00 00 00" || \
   log "could not fix kernel space"
 
 # Cleanup: don't leave the tpm owned with the well-known password.
 if [ $tpm_owned_with_well_known_password -eq 1 ]; then
   tpm_clear_and_reenable
 fi
 
 ensure_tcsd_is_not_running