Home | History | Annotate | Download | only in server 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #ifndef TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_
     18 #define TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_
     19 
     20 #include "tpm_manager/server/tpm_initializer.h"
     21 
     22 #include <string>
     23 #include <memory>
     24 
     25 #include <base/macros.h>
     26 #include <trunks/trunks_factory.h>
     27 
     28 #include "tpm_manager/server/local_data_store.h"
     29 #include "tpm_manager/server/openssl_crypto_util.h"
     30 #include "tpm_manager/server/tpm_status.h"
     31 
     32 namespace tpm_manager {
     33 
     34 // This class initializes a Tpm2.0 chip by taking ownership. Example use of
     35 // this class is:
     36 // LocalDataStore data_store;
     37 // Tpm2StatusImpl status;
     38 // Tpm2InitializerImpl initializer(&data_store, &status);
     39 // initializer.InitializeTpm();
     40 // If the tpm is unowned, InitializeTpm injects random owner, endorsement and
     41 // lockout passwords, intializes the SRK with empty authorization, and persists
     42 // the passwords to disk until all the owner dependencies are satisfied.
     43 class Tpm2InitializerImpl : public TpmInitializer {
     44  public:
     45   // Does not take ownership of arguments.
     46   Tpm2InitializerImpl(const trunks::TrunksFactory& factory,
     47                       LocalDataStore* local_data_store,
     48                       TpmStatus* tpm_status);
     49   // Does not take ownership of arguments.
     50   Tpm2InitializerImpl(const trunks::TrunksFactory& factory,
     51                       OpensslCryptoUtil* openssl_util,
     52                       LocalDataStore* local_data_store,
     53                       TpmStatus* tpm_status);
     54   ~Tpm2InitializerImpl() override = default;
     55 
     56   // TpmInitializer methods.
     57   bool InitializeTpm() override;
     58   void VerifiedBootHelper() override;
     59   bool ResetDictionaryAttackLock() override;
     60 
     61  private:
     62   // Seeds the onboard Tpm random number generator with random bytes from
     63   // Openssl, if the Tpm RNG has not been seeded yet. Returns true on success.
     64   bool SeedTpmRng();
     65 
     66   // Gets random bytes of length |num_bytes| and populates the string at
     67   // |random_data|. Returns true on success.
     68   bool GetTpmRandomData(size_t num_bytes, std::string* random_data);
     69 
     70   const trunks::TrunksFactory& trunks_factory_;
     71   OpensslCryptoUtil* openssl_util_;
     72   LocalDataStore* local_data_store_;
     73   TpmStatus* tpm_status_;
     74 
     75   DISALLOW_COPY_AND_ASSIGN(Tpm2InitializerImpl);
     76 };
     77 
     78 }  // namespace tpm_manager
     79 
     80 #endif  // TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_
     81