[chromiumos] Start TPM token initialization re-tries on login

crypto/nss_util.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <plarena.h>
 #include <prerror.h>
@@ skipping 216 matching lines @@
       // provider, which are still read-only (because we initialized
       // NSS before we had a cryptohome mounted).
       software_slot_ = OpenUserDB(GetDefaultConfigDirectory(),
                                   kNSSDatabaseName);
     }
   }
 
   void EnableTPMTokenForNSS(TPMTokenInfoDelegate* info_delegate) {
     CHECK(info_delegate);
     tpm_token_info_delegate_.reset(info_delegate);
-    // Try to load once to avoid jank later.  Ignore the return value,
-    // because if it fails we will try again later.
-    EnsureTPMTokenReady();

[stevenjb, 2011/10/10 17:18:13]

Why remove this? If the new logic gets changed, or isn't called (guest mode?
developer testing?) we might still want to initialize the TPM here, and it
shouldn't cost anything if it's already been initialized?

[gauravsh, 2011/10/10 20:55:49]

Is it used anywhere else? I couldn't find it.

The only place EnableTPMTokenForNSS I saw was in user_manager.cc in
NotifyOnLogin(). A call to RequestCertificates() already makes an initial
attempt to call EnsureTPMTokenReady() before posting a delayed task. So this is
redundant. We want to route all calls to this initialization code through
CertLibrary::RequestCertificates() since that handles the re-try part
(EnsureTPMTokenReady() asynchronously checks if the TPM token has been
initialized, it doesn't actually trigger the initialization).

   }
 
   // This is called whenever we want to make sure opencryptoki is
   // properly loaded, because it can fail shortly after the initial
   // login while the PINs are being initialized, and we want to retry
   // if this happens.
   bool EnsureTPMTokenReady() {
     // If EnableTPMTokenForNSS hasn't been called, return false.
     if (tpm_token_info_delegate_.get() == NULL)
       return false;
@@ skipping 525 matching lines @@
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto