OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 if [ -z "$1" ]; then | 6 if [ -z "$1" ]; then |
7 USERNAME="chronos" | 7 USERNAME="chronos" |
8 else | 8 else |
9 USERNAME="$1" | 9 USERNAME="$1" |
10 fi | 10 fi |
(...skipping 13 matching lines...) Expand all Loading... |
24 logger -t $(basename "$0") "$@" | 24 logger -t $(basename "$0") "$@" |
25 fi | 25 fi |
26 } | 26 } |
27 | 27 |
28 is_token_broken() { | 28 is_token_broken() { |
29 if [ ! -e "/var/lib/.tpm_owned" ]; then | 29 if [ ! -e "/var/lib/.tpm_owned" ]; then |
30 log "TPM is not owned, token for $USERNAME can't be valid." | 30 log "TPM is not owned, token for $USERNAME can't be valid." |
31 return 0 | 31 return 0 |
32 fi | 32 fi |
33 | 33 |
34 if [ "/var/lib/.tpm_owned" -nt "$USER_TOKEN_DIR" ]; then | |
35 log "PKCS#11 token for $USERNAME is from a previous TPM owner." | |
36 return 0 | |
37 fi | |
38 | |
39 if [ ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" -o \ | 34 if [ ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" -o \ |
40 ! -e "$USER_TOKEN_DIR/TOK_OBJ/70000000" ]; then | 35 ! -e "$USER_TOKEN_DIR/TOK_OBJ/70000000" ]; then |
41 log "PKCS#11 token for $USERNAME is missing some files." | 36 log "PKCS#11 token for $USERNAME is missing some files. Possibly not yet" |
| 37 log "initialized? TOK_OBJ contents were $(echo $USER_TOKEN_DIR/TOK_OBJ/*)." |
42 return 0 | 38 return 0 |
43 fi | 39 fi |
44 | 40 |
45 log "PKCS#11 token for $USERNAME looks ok." | 41 log "PKCS#11 token for $USERNAME looks ok." |
46 return 1 | 42 return 1 |
47 } | 43 } |
48 | 44 |
49 if [ ! -e "$USER_TOKEN_DIR/NVTOK.DAT" ]; then | 45 if [ ! -e "$USER_TOKEN_DIR/NVTOK.DAT" ]; then |
50 log "No PKCS#11 token found for $USERNAME." | 46 log "No PKCS#11 token found for $USERNAME." |
51 elif is_token_broken; then | 47 elif is_token_broken; then |
(...skipping 16 matching lines...) Expand all Loading... |
68 | 64 |
69 # Creating this directory because if it's not there, token initialization | 65 # Creating this directory because if it's not there, token initialization |
70 # will neither create it nor populate it. | 66 # will neither create it nor populate it. |
71 mkdir -p "$USER_TOKEN_DIR/TOK_OBJ" | 67 mkdir -p "$USER_TOKEN_DIR/TOK_OBJ" |
72 | 68 |
73 # Configure the tpm as a token | 69 # Configure the tpm as a token |
74 pkcs_slot 0 tpm | 70 pkcs_slot 0 tpm |
75 | 71 |
76 # Make sure the user can access their own data | 72 # Make sure the user can access their own data |
77 chown -R "$USERNAME:$PKCS11_GROUP" "$USER_TOKEN_DIR" | 73 chown -R "$USERNAME:$PKCS11_GROUP" "$USER_TOKEN_DIR" |
OLD | NEW |