chrome/browser/chromeos/policy/enrollment_handler_chromeos.h - Issue 2727713003: Update FWMP in TPM

Side by Side Diff: chrome/browser/chromeos/policy/enrollment_handler_chromeos.h

Issue 2727713003: Update FWMP in TPM (Closed)

Patch Set: Fixed review comments Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.cc ('K') | « chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.cc ('k') | chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc » ('j') | chrome/browser/chromeos/policy/enrollment_handler_chromeos.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_	5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_

6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_	6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_

7	7

8 #include <memory>	8 #include <memory>

9 #include <string>	9 #include <string>

10	10

(...skipping 97 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
108 // explicitly to make it easier to read debug logs.)	108 // explicitly to make it easier to read debug logs.)

109 enum EnrollmentStep {	109 enum EnrollmentStep {

110 STEP_PENDING = 0, // Not started yet.	110 STEP_PENDING = 0, // Not started yet.

111 STEP_STATE_KEYS = 1, // Waiting for state keys to become available.	111 STEP_STATE_KEYS = 1, // Waiting for state keys to become available.

112 STEP_LOADING_STORE = 2, // Waiting for \|store_\| to initialize.	112 STEP_LOADING_STORE = 2, // Waiting for \|store_\| to initialize.

113 STEP_REGISTRATION = 3, // Currently registering the client.	113 STEP_REGISTRATION = 3, // Currently registering the client.

114 STEP_POLICY_FETCH = 4, // Fetching policy.	114 STEP_POLICY_FETCH = 4, // Fetching policy.

115 STEP_VALIDATION = 5, // Policy validation.	115 STEP_VALIDATION = 5, // Policy validation.

116 STEP_ROBOT_AUTH_FETCH = 6, // Fetching device API auth code.	116 STEP_ROBOT_AUTH_FETCH = 6, // Fetching device API auth code.

117 STEP_ROBOT_AUTH_REFRESH = 7, // Fetching device API refresh token.	117 STEP_ROBOT_AUTH_REFRESH = 7, // Fetching device API refresh token.

118 STEP_AD_DOMAIN_JOIN = 8, // Joining Active Directory domain.	118 STEP_SET_FWMP_DATA = 8, // Setting the firmware management parameters.
	Thiemo Nagel 2017/03/23 17:23:52 Why not immediately before LOCK_DEVICE? It would Why not immediately before LOCK_DEVICE? It would seem more logical to have the TMP-related steps next to each other... igorcov 2017/03/24 13:29:15 Done. Show quoted text On 2017/03/23 17:23:52, Thiemo Nagel wrote: > Why not immediately before LOCK_DEVICE? It would seem more logical to have the > TMP-related steps next to each other... Done.
119 STEP_LOCK_DEVICE = 9, // Writing installation-time attributes.	119 STEP_AD_DOMAIN_JOIN = 9, // Joining Active Directory domain.

120 STEP_STORE_TOKEN = 10, // Encrypting and storing DM token.	120 STEP_LOCK_DEVICE = 10, // Writing installation-time attributes.

121 STEP_STORE_ROBOT_AUTH = 11, // Encrypting & writing robot refresh token.	121 STEP_STORE_TOKEN = 11, // Encrypting and storing DM token.

122 STEP_STORE_POLICY = 12, // Storing policy and API refresh token. For	122 STEP_STORE_ROBOT_AUTH = 12, // Encrypting & writing robot refresh token.

	123 STEP_STORE_POLICY = 13, // Storing policy and API refresh token. For

123 // AD, includes policy fetch via authpolicyd.	124 // AD, includes policy fetch via authpolicyd.

124 STEP_FINISHED = 13, // Enrollment process done, no further action.	125 STEP_FINISHED = 14, // Enrollment process done, no further action.

125 };	126 };

126	127

127 // Handles the response to a request for server-backed state keys.	128 // Handles the response to a request for server-backed state keys.

128 void HandleStateKeysResult(const std::vector<std::string>& state_keys);	129 void HandleStateKeysResult(const std::vector<std::string>& state_keys);

129	130

130 // Starts attestation based enrollment flow.	131 // Starts attestation based enrollment flow.

131 void StartAttestationBasedEnrollmentFlow();	132 void StartAttestationBasedEnrollmentFlow();

132	133

133 // Handles the response to a request for a registration certificate.	134 // Handles the response to a request for a registration certificate.

134 void HandleRegistrationCertificateResult(	135 void HandleRegistrationCertificateResult(

135 bool success,	136 bool success,

136 const std::string& pem_certificate_chain);	137 const std::string& pem_certificate_chain);

137	138

138 // Starts registration if the store is initialized.	139 // Starts registration if the store is initialized.

139 void StartRegistration();	140 void StartRegistration();

140	141

141 // Handles the policy validation result, proceeding with device lock if	142 // Handles the policy validation result, proceeding with device lock if

142 // successful.	143 // successful.

143 void HandlePolicyValidationResult(DeviceCloudPolicyValidator* validator);	144 void HandlePolicyValidationResult(DeviceCloudPolicyValidator* validator);

144	145

	146 // Updates the firmware management partition from TPM, setting the data

	147 // according to devmode.
	Thiemo Nagel 2017/03/23 17:23:52 "according to devmode" seems unclear to me. Pleas "according to devmode" seems unclear to me. Please clarify. igorcov 2017/03/24 13:29:15 Done. Show quoted text On 2017/03/23 17:23:52, Thiemo Nagel wrote: > "according to devmode" seems unclear to me. Please clarify. Done.
	148 void SetFirmwareManagementParametersData();

	149

	150 // Invoked after the firmware management partition in TPM is updated.

	151 void OnFirmwareManagementParametersDataSet(

	152 chromeos::DBusMethodCallStatus call_status,

	153 bool result,

	154 const cryptohome::BaseReply& reply);

	155

	156 // Returns whether block_devmode is set. Can be invoked after the policy is
	Thiemo Nagel 2017/03/23 17:23:52 s/Can be/Must only be/ s/is retrieved/has been ret s/Can be/Must only be/ s/is retrieved/has been retrieved/ igorcov 2017/03/24 13:29:15 Done. Show quoted text On 2017/03/23 17:23:52, Thiemo Nagel wrote: > s/Can be/Must only be/ > s/is retrieved/has been retrieved/ Done.
	157 // retrieved.

	158 bool GetBlockDevmode();
	Thiemo Nagel 2017/03/23 17:23:52 Nit: I'd suggest to make clearer that this is base Nit: I'd suggest to make clearer that this is based on the policy. Either by renaming to something like GetBlockDevmodeFromPolicy() or maybe even better by making it a free function (anonymous namespace) and passing in the PolicyFetchResponse as a parameter. igorcov 2017/03/24 13:29:15 Done. Show quoted text On 2017/03/23 17:23:52, Thiemo Nagel wrote: > Nit: I'd suggest to make clearer that this is based on the policy. Either by > renaming to something like GetBlockDevmodeFromPolicy() or maybe even better by > making it a free function (anonymous namespace) and passing in the > PolicyFetchResponse as a parameter. Done.
	159

145 // Start joining the Active Directory domain in case the device is enrolling	160 // Start joining the Active Directory domain in case the device is enrolling

146 // into Active Directory management mode.	161 // into Active Directory management mode.

147 void StartJoinAdDomain();	162 void StartJoinAdDomain();

148	163

149 // Handles successful Active Directory domain join.	164 // Handles successful Active Directory domain join.

150 void OnAdDomainJoined(const std::string& realm);	165 void OnAdDomainJoined(const std::string& realm);

151	166

152 // Calls InstallAttributes::LockDevice() for enterprise enrollment and	167 // Calls InstallAttributes::LockDevice() for enterprise enrollment and

153 // DeviceSettingsService::SetManagementSettings() for consumer	168 // DeviceSettingsService::SetManagementSettings() for consumer

154 // enrollment.	169 // enrollment.

(...skipping 69 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
224 int lockbox_init_duration_ = 0;	239 int lockbox_init_duration_ = 0;

225	240

226 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_;	241 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_;

227	242

228 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS);	243 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS);

229 };	244 };

230	245

231 } // namespace policy	246 } // namespace policy

232	247

233 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_	248 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_

OLD	NEW