utility/chromeos_tpm_recovery - Issue 4183005: Add NVRAM size limit to nano-emulator and add test to recover from NVRAM hog attack.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: utility/chromeos_tpm_recovery

Issue 4183005: Add NVRAM size limit to nano-emulator and add test to recover from NVRAM hog attack. (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git

Patch Set: Created 10 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: utility/chromeos_tpm_recovery

diff --git a/utility/chromeos_tpm_recovery b/utility/chromeos_tpm_recovery

index 15b765c32ab99586dd1eeab642aa7551ea3e54d1..cbafce4c63468133defe1f851d416bc981a3ecbf 100755

--- a/utility/chromeos_tpm_recovery

+++ b/utility/chromeos_tpm_recovery

@@ -72,9 +72,10 @@ tpm_clear_and_reenable () {

tpm_unowned=1

}

+# We want the TPM owned with the well-known password.

ensure_tpm_is_owned () {

- if [ $tpm_owned_with_well_known_password = 0 -a \

- $tpm_unowned = 0 ]; then

+ if [ $tpm_owned_with_well_known_password = 0 ]; then

tpm_clear_and_reenable

ensure_tcsd_is_running

$tpm_takeownership -y -z || log "takeownership failed with status $?"

@@ -116,16 +117,20 @@ make_room () {

/# NV Index / { print $4 } #unexpected space

EOF

+ local index

+ log "trying to make room by freeing one space"

ensure_tcsd_is_running

ensure_tpm_is_owned

unexpected_spaces=$($nvtool --list | $awk -f $AWK_PROGRAM)

status=1

- if ("$unexpected_spaces" != ""); then

+ if [ "$unexpected_spaces" != "" ]; then

log_tryfix "unexpected spaces: $unexpected_spaces"

for index in $unexpected_spaces; do

- if remove_space $index; then

+ log "trying to remove space $index"

+ if remove_space $(printf "0x%x" $(( $index )) ); then

status=0

break;

@@ -148,10 +153,13 @@ define_space () {

ensure_tpm_is_unowned

while true; do

+ log "checking for NVRAM room for space with size $size"

if $tpmc definespace $test_space $size $perm_ppwrite; then

+ log "there is enough room"

enough_room=1

break

else

+ log "definespace $test_space $size failed with status $?"

if ! make_room; then

enough_room=0

break

@@ -228,7 +236,7 @@ fix_space () {

if [ $# = 1 ]; then

RECOVERY_LOG="$1"

/usr/bin/logger "$0 started, output in $RECOVERY_LOG"

- log "starting"

+ log "starting $0"

else

/usr/bin/logger "$0 usage error"

echo "usage: $0 <log file>"

« no previous file with comments | « no previous file | utility/chromeos_tpm_recovery_test » ('j') | no next file with comments »