tpm_softclear_utils/tpm_impl.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2019 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef TPM_SOFTCLEAR_UTILS_TPM_IMPL_H_
 #define TPM_SOFTCLEAR_UTILS_TPM_IMPL_H_

 #include "tpm_softclear_utils/tpm.h"

 #include <string>

 #include <base/macros.h>
 #include <base/optional.h>

 namespace tpm_softclear_utils {

 // Utility class for soft-clearing TPM 1.2.
 class TpmImpl : public Tpm {
  public:
   TpmImpl() = default;
   TpmImpl(const TpmImpl&) = delete;
   TpmImpl& operator=(const TpmImpl&) = delete;

   ~TpmImpl() override = default;

   // Not used by TPM 1.2.
   bool Initialize() override { return true; }

   // Gets the owner password from an on-disk file and returns it. In case of an
   // error, returns an empty Optional object.
   base::Optional<std::string> GetAuthForOwnerReset() override;

   // This function does a bunch of things:
   //   1. changing the owner password from |auth_for_owner_reset| to the default
   //      well-known value,
   //   2. removing all owner-defined NV space, except for those write-locked,
   //   3. unloading all keys, and
   //   4. resetting the dictionary attack counter.
   //
   // Returns if the TPM is soft-cleared successfully.
   //
   // Note that this function neither fully clears the owner hierarchy nor
   // brings the TPM back to the unowned state. It just resets as much as it can
   // in the owner hierarchy.
   bool SoftClearOwner(const std::string& auth_for_owner_reset) override;

  private:
   // Changes TPM's owner password from |owner_auth| to the default one. Returns
   // if the operation succeeds.
   bool ResetOwnerPassword(const std::string& owner_auth);

   // Removes all owner-defined NV spaces, except for those write-locked. This
   // function uses the default owner password for authentication and should only
   // be called after ResetOwnerPassword().
   //
   // Note: this function doesn't rollback changes it already made if it failed
   // to remove some NV space.
   //
   // Returns if all removable spaces are removed.
   bool RemoveNvSpace();

   // Lists all loaded keys in the owner hierarchy and unloads them. This
   // function uses the default owner password for authentication and should only
   // be called after ResetOwnerPassword().
   //
   // Note: this function doesn't rollback changes it already made if it failed
   // to unload some key.
   //
   // Returns if all keys are unloaded.
   bool UnloadKeys();

   // Resets the DA counter. This function uses the default owner password for
   // authentication and should only be called after ResetOwnerPassword().
   //
   // Returns if the DA counter is reset successfully.
   bool ResetDictionaryAttackCounter();
 };

 }  // namespace tpm_softclear_utils

 #endif  // TPM_SOFTCLEAR_UTILS_TPM_IMPL_H_
	// Copyright 2019 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef TPM_SOFTCLEAR_UTILS_TPM_IMPL_H_
	#define TPM_SOFTCLEAR_UTILS_TPM_IMPL_H_

	#include "tpm_softclear_utils/tpm.h"

	#include <string>

	#include <base/macros.h>
	#include <base/optional.h>

	namespace tpm_softclear_utils {

	// Utility class for soft-clearing TPM 1.2.
	class TpmImpl : public Tpm {
	public:
	TpmImpl() = default;
	TpmImpl(const TpmImpl&) = delete;
	TpmImpl& operator=(const TpmImpl&) = delete;

	~TpmImpl() override = default;

	// Not used by TPM 1.2.
	bool Initialize() override { return true; }

	// Gets the owner password from an on-disk file and returns it. In case of an
	// error, returns an empty Optional object.
	base::Optional<std::string> GetAuthForOwnerReset() override;

	// This function does a bunch of things:
	// 1. changing the owner password from \|auth_for_owner_reset\| to the default
	// well-known value,
	// 2. removing all owner-defined NV space, except for those write-locked,
	// 3. unloading all keys, and
	// 4. resetting the dictionary attack counter.
	//
	// Returns if the TPM is soft-cleared successfully.
	//
	// Note that this function neither fully clears the owner hierarchy nor
	// brings the TPM back to the unowned state. It just resets as much as it can
	// in the owner hierarchy.
	bool SoftClearOwner(const std::string& auth_for_owner_reset) override;

	private:
	// Changes TPM's owner password from \|owner_auth\| to the default one. Returns
	// if the operation succeeds.
	bool ResetOwnerPassword(const std::string& owner_auth);

	// Removes all owner-defined NV spaces, except for those write-locked. This
	// function uses the default owner password for authentication and should only
	// be called after ResetOwnerPassword().
	//
	// Note: this function doesn't rollback changes it already made if it failed
	// to remove some NV space.
	//
	// Returns if all removable spaces are removed.
	bool RemoveNvSpace();

	// Lists all loaded keys in the owner hierarchy and unloads them. This
	// function uses the default owner password for authentication and should only
	// be called after ResetOwnerPassword().
	//
	// Note: this function doesn't rollback changes it already made if it failed
	// to unload some key.
	//
	// Returns if all keys are unloaded.
	bool UnloadKeys();

	// Resets the DA counter. This function uses the default owner password for
	// authentication and should only be called after ResetOwnerPassword().
	//
	// Returns if the DA counter is reset successfully.
	bool ResetDictionaryAttackCounter();
	};

	} // namespace tpm_softclear_utils

	#endif // TPM_SOFTCLEAR_UTILS_TPM_IMPL_H_