Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(240)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: bin/fix_pkcs11_token.sh

Issue 6312172: entd: Fix problem where a future date setting causes TPM token to be cleared often (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/entd.git@master
Patch Set: Better diagnostics for incomplete directly Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 if [ -z "$1" ]; then 6 if [ -z "$1" ]; then
7 USERNAME="chronos" 7 USERNAME="chronos"
8 else 8 else
9 USERNAME="$1" 9 USERNAME="$1"
10 fi 10 fi
(...skipping 13 matching lines...) Expand all
24 logger -t $(basename "$0") "$@" 24 logger -t $(basename "$0") "$@"
25 fi 25 fi
26 } 26 }
27 27
28 is_token_broken() { 28 is_token_broken() {
29 if [ ! -e "/var/lib/.tpm_owned" ]; then 29 if [ ! -e "/var/lib/.tpm_owned" ]; then
30 log "TPM is not owned, token for $USERNAME can't be valid." 30 log "TPM is not owned, token for $USERNAME can't be valid."
31 return 0 31 return 0
32 fi 32 fi
33 33
34 if [ "/var/lib/.tpm_owned" -nt "$USER_TOKEN_DIR" ]; then
35 log "PKCS#11 token for $USERNAME is from a previous TPM owner."
36 return 0
37 fi
38
39 if [ ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" -o \ 34 if [ ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" -o \
40 ! -e "$USER_TOKEN_DIR/TOK_OBJ/70000000" ]; then 35 ! -e "$USER_TOKEN_DIR/TOK_OBJ/70000000" ]; then
41 log "PKCS#11 token for $USERNAME is missing some files." 36 log "PKCS#11 token for $USERNAME is missing some files. Possibly not yet"
37 log "initialized? TOK_OBJ contents were $(echo $USER_TOKEN_DIR/TOK_OBJ/*)."
42 return 0 38 return 0
43 fi 39 fi
44 40
45 log "PKCS#11 token for $USERNAME looks ok." 41 log "PKCS#11 token for $USERNAME looks ok."
46 return 1 42 return 1
47 } 43 }
48 44
49 if [ ! -e "$USER_TOKEN_DIR/NVTOK.DAT" ]; then 45 if [ ! -e "$USER_TOKEN_DIR/NVTOK.DAT" ]; then
50 log "No PKCS#11 token found for $USERNAME." 46 log "No PKCS#11 token found for $USERNAME."
51 elif is_token_broken; then 47 elif is_token_broken; then
(...skipping 16 matching lines...) Expand all
68 64
69 # Creating this directory because if it's not there, token initialization 65 # Creating this directory because if it's not there, token initialization
70 # will neither create it nor populate it. 66 # will neither create it nor populate it.
71 mkdir -p "$USER_TOKEN_DIR/TOK_OBJ" 67 mkdir -p "$USER_TOKEN_DIR/TOK_OBJ"
72 68
73 # Configure the tpm as a token 69 # Configure the tpm as a token
74 pkcs_slot 0 tpm 70 pkcs_slot 0 tpm
75 71
76 # Make sure the user can access their own data 72 # Make sure the user can access their own data
77 chown -R "$USERNAME:$PKCS11_GROUP" "$USER_TOKEN_DIR" 73 chown -R "$USERNAME:$PKCS11_GROUP" "$USER_TOKEN_DIR"
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698