1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #ifndef TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 18 #define TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 19 20 #include "tpm_manager/server/tpm_initializer.h" 21 22 #include <string> 23 #include <memory> 24 25 #include <base/macros.h> 26 #include <trunks/trunks_factory.h> 27 28 #include "tpm_manager/server/local_data_store.h" 29 #include "tpm_manager/server/openssl_crypto_util.h" 30 #include "tpm_manager/server/tpm_status.h" 31 32 namespace tpm_manager { 33 34 // This class initializes a Tpm2.0 chip by taking ownership. Example use of 35 // this class is: 36 // LocalDataStore data_store; 37 // Tpm2StatusImpl status; 38 // Tpm2InitializerImpl initializer(&data_store, &status); 39 // initializer.InitializeTpm(); 40 // If the tpm is unowned, InitializeTpm injects random owner, endorsement and 41 // lockout passwords, intializes the SRK with empty authorization, and persists 42 // the passwords to disk until all the owner dependencies are satisfied. 43 class Tpm2InitializerImpl : public TpmInitializer { 44 public: 45 // Does not take ownership of |local_data_store| or |tpm_status|. 46 Tpm2InitializerImpl(LocalDataStore* local_data_store, 47 TpmStatus* tpm_status); 48 // Does not take ownership of |openssl_util|, |local_data_store| or 49 // |tpm_status|. Takes ownership of |factory|. 50 Tpm2InitializerImpl(trunks::TrunksFactory* factory, 51 OpensslCryptoUtil* openssl_util, 52 LocalDataStore* local_data_store, 53 TpmStatus* tpm_status); 54 ~Tpm2InitializerImpl() override = default; 55 56 // TpmInitializer methods. 57 bool InitializeTpm() override; 58 59 private: 60 // Seeds the onboard Tpm random number generator with random bytes from 61 // Openssl, if the Tpm RNG has not been seeded yet. Returns true on success. 62 bool SeedTpmRng(); 63 64 // Gets random bytes of length |num_bytes| and populates the string at 65 // |random_data|. Returns true on success. 66 bool GetTpmRandomData(size_t num_bytes, std::string* random_data); 67 68 std::unique_ptr<trunks::TrunksFactory> trunks_factory_; 69 OpensslCryptoUtil* openssl_util_; 70 LocalDataStore* local_data_store_; 71 TpmStatus* tpm_status_; 72 73 DISALLOW_COPY_AND_ASSIGN(Tpm2InitializerImpl); 74 }; 75 76 } // namespace tpm_manager 77 78 #endif // TPM_MANAGER_SERVER_TPM2_INITIALIZER_IMPL_H_ 79