commit | 1cc954264001955121efa2cff0d2d05da9e1c4aa | [log] [tgz] |
---|---|---|
author | Leo Lai <cylai@google.com> | Thu Aug 06 00:54:43 2020 +0800 |
committer | Leo Lai <cylai@google.com> | Mon Aug 10 01:25:46 2020 +0000 |
tree | 17c8dad5fe0ae5ff7b96b30c7ca56497c4b2812c | |
parent | 81cb611aca7806203285587ff574b0bcb3b7d145 [diff] |
tpm_manager: avoid unnecessary default auth test Previously the default auth test is performed w/o any aid of the local data in persistent storage. Thus it causes DA to increase every time tpm_manager starts. For those device that is incapable of resetting DA, the consequence is that DA gets locked out and users cannot log in. If the device has the flag to tell accomplished tpm initialization, the default auth test would just skip so the DA counter doesn't increase. It should help withe cases of missing delegate or delegate w/o DA reset permission. Note that in case of DA lockout in effect, this CL does very little because checking the TPM ownership itself also fails in that situation. To test the CL, on a real device a delegate is created w/o permission of resetting DA. This setup is verified by observing failed DA reset after clearing owner password. Then, in sequence -- 1. Clear the ownership, no DA increment, just to be sure. 2. Manually touch the flag file of interest, restart tpm manager, and observe the flag is wiped. 3. Take ownership, and obseve the flag shows up. 4. Manurally remove the flag file of interest, restart tpm manger, and observe that DA increment by 1 and the flag file of interest shows up. 5. restart tpm manager, no further DA increment. In case of default password, it is verified tpm maanger doesn't set the flag file, and of course it doesn't increase the DA counter. BUG=chromium:1110741 TEST=See above. Change-Id: I7f6fd0855442db7b47c8726c647c52fab661de08 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2340830 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Leo Lai <cylai@google.com>
This repo holds (most) of the custom code that makes up the Chromium OS platform. That largely covers daemons, programs, and libraries that were written specifically for Chromium OS.
We moved from multiple separate repos in platform/ to a single repo in platform2/ for a number of reasons:
While most projects were merged, not all of them were. Some projects were standalone already (such as vboot), or never got around to being folded in (such as imageloader). Some day those extra projects might get merged in.
Similarly, some projects that were merged in, were then merged back out. This was due to the evolution of the Brillo project and collaboration with Android. That means the AOSP repos are the upstream and Chromium OS carries copies.
Project | Description |
---|---|
arc | Tools/deamons/init-scripts to run ARC |
attestation | Daemon and client for managing remote attestation |
authpolicy | Daemon for integrating with Microsoft Active Directory (AD) domains |
avtest_label_detect | Test tool for OCRing device labels |
biod | Biometrics daemon |
bluetooth | Bluetooth Service and tools |
bootstat | Tools for tracking points in the overall boot process (for metrics) |
buffet | Daemon for reacting to cloud messages |
camera | Chrome OS Camera daemon |
cfm-dfu-notification | CFM specific library for DFU notifications |
chaps | PKCS #11 implementation for TPM 1 devices |
chromeos-common-script | Shared scripts for partitions and basic disk information |
chromeos-config | CrOS unified build runtime config manager |
chromeos-dbus-bindings | Simplifies the implementation of D-Bus daemons and proxies |
chromeos-nvt-tcon-updater | Library for integrating the Novatek TCON firmware updater into a CrOS device |
codelab | Codelab exercise |
common-mk | Common build & test logic for platform2 projects |
crash-reporter | The system crash handler & reporter |
cros-disks | Daemon for mounting removable media (e.g. USB sticks and SD cards) |
cros-fuzz | Support crate for fuzzing rust code |
crosdns | Hostname resolution service for Chrome OS |
crosh | The Chromium OS shell |
croslog | The log manipulation command |
cryptohome | Daemon and tools for managing encrypted /home and /var directories |
cups_proxy | Daemon for proxying CUPS printing request |
debugd | Centralized debug daemon for random tools |
dev-install | Tools & settings for managing the developer environment on the device |
diagnostics | Device telemetry and diagnostics daemons |
disk_updater | Utility for updating root disk firmware (e.g. SSDs and eMMC) |
dlcservice | Downloadable Content (DLC) Service daemon |
easy-unlock | Daemon for handling Easy Unlock requests (e.g. unlocking Chromebooks with an Android device) |
feedback | Daemon for headless systems that want to gather feedback (normally Chrome manages it) |
fitpicker | |
foomatic_shell | Simple shell used by the foomatic-rip package |
glib-bridge | library for libchrome-glib message loop interoperation |
goldfishd | Android Emulator Daemon |
hammerd | Firmware updater utility for hammer hardware |
hardware_verifier | Hardware verifier tool |
hermes | Chrome OS LPA implementation for eSIM hardware support |
hwsec-test-utils | Hwsec-related test-only features |
iioservice | Daemon and libraries that provide sensor data to all processes |
image-burner | Daemon for writing disk images (e.g. recovery) to USB sticks & SD cards |
imageloader | Daemon for mounting signed disk images |
init | CrOS common startup init scripts and boot time helpers |
installer | CrOS installer utility (for AU/recovery/etc...) |
ippusb_bridge | HTTP proxy to IPP-enabled printers |
ippusb_manager | “Service” for ipp-over-usb printing |
kerberos | Daemon for managing Kerberos tickets |
libbrillo | Common platform utility library |
libchromeos-rs | Common platform utility library for Rust |
libchromeos-ui | |
libcontainer | |
libhwsec | Library for the utility functions of all TPM related daemons |
libipp | Library for building and parsing IPP (Internet Printing Protocol) frames |
libmems | Utility library to configure, manage and retrieve events from IIO sensors |
libpasswordprovider | Password Provider library for securely managing credentials with system services |
libtpmcrypto | Library for AES256-GCM encryption with TPM sealed keys |
login_manager | Session manager for handling the life cycle of the main session (e.g. Chrome) |
lorgnette | Daemon for managing attached USB scanners via SANE |
media_perception | Media perception service for select platforms |
memd | Daemon that logs memory-related data and events |
mems_setup | Boot-time initializer tool for sensors |
metrics | Client side user metrics collection |
midis | MIDI service |
mist | Modem USB Interface Switching Tool |
ml | Machine learning service |
ml_benchmark | ML performance benchmark for Chrome OS |
modem-utilities | |
modemfwd | Daemon for managing modem firmware updaters |
mtpd | Daemon for handling Media Transfer Protocol (MTP) with devices (e.g. phones) |
nnapi | Implementation of the Android Neural Networks API |
ocr | Optical Character Recognition (OCR) service for Chrome OS |
oobe_config | Utilities for saving and restoring OOBE config state |
p2p | Service for sharing files between CrOS devices (e.g. updates) |
patchpanel | Platform networking daemons |
permission_broker | |
policy_proto | Build file to compile policy proto file |
policy_utils | Tools and related library to set or override device policies |
power_manager | Userspace power management daemon and associated tools |
print_tools | Various tools related to the native printing system |
regions | |
run_oci | Minimalistic container runtime |
runtime_probe | Runtime probe tool for ChromeOS |
salsa | Touchpad experimentation framework |
screenshot | Tiny command to take a screenshot |
sealed_storage | Library for sealing data to device identity and state |
secure-wipe | Secure disk wipe |
secure_erase_file | Helper tools for securely erasing files from storage (e.g. keys and PII data) |
sepolicy | SELinux policy for Chrome OS |
shill | Chrome OS Connection Manager |
sirenia | Minimalistic init written in Rust |
smbfs | FUSE-based filesystem for accessing Samba / Windows networking shares |
smbprovider | Daemon for connecting Samba / Windows networking shares to the Files.app |
smogcheck | Developer library for working with raw I2C devices |
st_flash | |
storage_info | Helper shell functions for retrieving disk information) |
system-proxy | Daemon for web proxy authentication support on Chrome OS |
system_api | Headers and .proto files etc. to be shared with chromium |
thd | Thermal daemon to help keep systems running cool |
timberslide | Tool for working with EC crashes for reporting purposes |
touch_firmware_calibration | |
touch_keyboard | Utilities for a touch based virtual keyboard |
tpm2-simulator | A software TPM 2.0 implementation (for testing/debugging) |
tpm_manager | Daemon and client for managing TPM setup and operations |
tpm_softclear_utils | Utilities that soft-clear TPM (for testing only) |
trace_events | A framework for adding trace events to your Rust code. |
trim | Service to manage filesystem trim operations in the background |
trunks | Middleware and resource manager for interfacing with TPM 2.0 hardware |
typecd | System daemon to keep track of USB Type C state |
u2fd | U2FHID emulation daemon for systems with secure elements (not TPMs) |
ureadahead-diff | Tool to calculate difference between 2 ureadahead packs |
usb_bouncer | Tools for managing USBGuard white-lists and configuration on Chrome OS |
userfeedback | Various utilities to gather extended data for user feedback reports |
userspace_touchpad | |
virtual_file_provider | |
vm_tools | Utilities for Virtual Machine (VM) orchestration |
vpn-manager | Chrome OS Native L2TP/IPSec VPN Daemon |
webserver | Small web server with D-Bus client backends |
wifi-testbed | Tools for creating a WiFi testbed image |
These projects can be found here: https://chromium.googlesource.com/aosp/platform/