| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 109 enum EnrollmentStep { | 109 enum EnrollmentStep { |
| 110 STEP_PENDING = 0, // Not started yet. | 110 STEP_PENDING = 0, // Not started yet. |
| 111 STEP_STATE_KEYS = 1, // Waiting for state keys to become available. | 111 STEP_STATE_KEYS = 1, // Waiting for state keys to become available. |
| 112 STEP_LOADING_STORE = 2, // Waiting for |store_| to initialize. | 112 STEP_LOADING_STORE = 2, // Waiting for |store_| to initialize. |
| 113 STEP_REGISTRATION = 3, // Currently registering the client. | 113 STEP_REGISTRATION = 3, // Currently registering the client. |
| 114 STEP_POLICY_FETCH = 4, // Fetching policy. | 114 STEP_POLICY_FETCH = 4, // Fetching policy. |
| 115 STEP_VALIDATION = 5, // Policy validation. | 115 STEP_VALIDATION = 5, // Policy validation. |
| 116 STEP_ROBOT_AUTH_FETCH = 6, // Fetching device API auth code. | 116 STEP_ROBOT_AUTH_FETCH = 6, // Fetching device API auth code. |
| 117 STEP_ROBOT_AUTH_REFRESH = 7, // Fetching device API refresh token. | 117 STEP_ROBOT_AUTH_REFRESH = 7, // Fetching device API refresh token. |
| 118 STEP_AD_DOMAIN_JOIN = 8, // Joining Active Directory domain. | 118 STEP_AD_DOMAIN_JOIN = 8, // Joining Active Directory domain. |
| 119 STEP_LOCK_DEVICE = 9, // Writing installation-time attributes. | 119 STEP_SET_FWMP_DATA = 9, // Setting the firmware management parameters. |
| 120 STEP_STORE_TOKEN = 10, // Encrypting and storing DM token. | 120 STEP_LOCK_DEVICE = 10, // Writing installation-time attributes. |
| 121 STEP_STORE_ROBOT_AUTH = 11, // Encrypting & writing robot refresh token. | 121 STEP_STORE_TOKEN = 11, // Encrypting and storing DM token. |
| 122 STEP_STORE_POLICY = 12, // Storing policy and API refresh token. For | 122 STEP_STORE_ROBOT_AUTH = 12, // Encrypting & writing robot refresh token. |
| 123 STEP_STORE_POLICY = 13, // Storing policy and API refresh token. For |
| 123 // AD, includes policy fetch via authpolicyd. | 124 // AD, includes policy fetch via authpolicyd. |
| 124 STEP_FINISHED = 13, // Enrollment process done, no further action. | 125 STEP_FINISHED = 14, // Enrollment process done, no further action. |
| 125 }; | 126 }; |
| 126 | 127 |
| 127 // Handles the response to a request for server-backed state keys. | 128 // Handles the response to a request for server-backed state keys. |
| 128 void HandleStateKeysResult(const std::vector<std::string>& state_keys); | 129 void HandleStateKeysResult(const std::vector<std::string>& state_keys); |
| 129 | 130 |
| 130 // Starts attestation based enrollment flow. | 131 // Starts attestation based enrollment flow. |
| 131 void StartAttestationBasedEnrollmentFlow(); | 132 void StartAttestationBasedEnrollmentFlow(); |
| 132 | 133 |
| 133 // Handles the response to a request for a registration certificate. | 134 // Handles the response to a request for a registration certificate. |
| 134 void HandleRegistrationCertificateResult( | 135 void HandleRegistrationCertificateResult( |
| 135 bool success, | 136 bool success, |
| 136 const std::string& pem_certificate_chain); | 137 const std::string& pem_certificate_chain); |
| 137 | 138 |
| 138 // Starts registration if the store is initialized. | 139 // Starts registration if the store is initialized. |
| 139 void StartRegistration(); | 140 void StartRegistration(); |
| 140 | 141 |
| 141 // Handles the policy validation result, proceeding with device lock if | 142 // Handles the policy validation result, proceeding with device lock if |
| 142 // successful. | 143 // successful. |
| 143 void HandlePolicyValidationResult(DeviceCloudPolicyValidator* validator); | 144 void HandlePolicyValidationResult(DeviceCloudPolicyValidator* validator); |
| 144 | 145 |
| 145 // Start joining the Active Directory domain in case the device is enrolling | 146 // Start joining the Active Directory domain in case the device is enrolling |
| 146 // into Active Directory management mode. | 147 // into Active Directory management mode. |
| 147 void StartJoinAdDomain(); | 148 void StartJoinAdDomain(); |
| 148 | 149 |
| 149 // Handles successful Active Directory domain join. | 150 // Handles successful Active Directory domain join. |
| 150 void OnAdDomainJoined(const std::string& realm); | 151 void OnAdDomainJoined(const std::string& realm); |
| 151 | 152 |
| 153 // Updates the firmware management partition from TPM, setting the flags |
| 154 // according to enum FirmwareManagementParametersFlags from rpc.proto if |
| 155 // devmode is blocked. |
| 156 void SetFirmwareManagementParametersData(); |
| 157 |
| 158 // Invoked after the firmware management partition in TPM is updated. |
| 159 void OnFirmwareManagementParametersDataSet( |
| 160 chromeos::DBusMethodCallStatus call_status, |
| 161 bool result, |
| 162 const cryptohome::BaseReply& reply); |
| 163 |
| 152 // Calls InstallAttributes::LockDevice() for enterprise enrollment and | 164 // Calls InstallAttributes::LockDevice() for enterprise enrollment and |
| 153 // DeviceSettingsService::SetManagementSettings() for consumer | 165 // DeviceSettingsService::SetManagementSettings() for consumer |
| 154 // enrollment. | 166 // enrollment. |
| 155 void StartLockDevice(); | 167 void StartLockDevice(); |
| 156 | 168 |
| 157 // Handle callback from InstallAttributes::LockDevice() and retry on failure. | 169 // Handle callback from InstallAttributes::LockDevice() and retry on failure. |
| 158 void HandleLockDeviceResult( | 170 void HandleLockDeviceResult( |
| 159 chromeos::InstallAttributes::LockResult lock_result); | 171 chromeos::InstallAttributes::LockResult lock_result); |
| 160 | 172 |
| 161 // Initiates storing DM token. For Active Directory devices only. | 173 // Initiates storing DM token. For Active Directory devices only. |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 int lockbox_init_duration_ = 0; | 236 int lockbox_init_duration_ = 0; |
| 225 | 237 |
| 226 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_; | 238 base::WeakPtrFactory<EnrollmentHandlerChromeOS> weak_ptr_factory_; |
| 227 | 239 |
| 228 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); | 240 DISALLOW_COPY_AND_ASSIGN(EnrollmentHandlerChromeOS); |
| 229 }; | 241 }; |
| 230 | 242 |
| 231 } // namespace policy | 243 } // namespace policy |
| 232 | 244 |
| 233 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ | 245 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_HANDLER_CHROMEOS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2727713003:
Update FWMP in TPM (Closed)
