trunks/trunksd.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2014 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Chromium OS trunks daemon for TPM2.0"
 author          "chromium-os-dev@chromium.org"

 # TODO(b/265866896): provider better abstraction by adding trunks-pre-init
 # event instead
 start on started boot-services and stopped cr50-result and started dbus
 stop on hwsec-stop-low-level-tpm-daemon-signal
 respawn


 oom score -100

 # These enviroment variable may be modified in the ebuild file.
 # The runtime TPM selection feature would be enabled if this variable is true.
 env TPM_DYNAMIC=false

 # The key eviction feature would be enabled if this variable is true.
 env KEY_EVICTION=false

 pre-start script
   if [ "${TPM_DYNAMIC}" = true ]; then
     # Only start trunksd if TPM 2.0 device is active.
     if [ "$(tpm_version_client)" -ne 2 ]; then
       stop
       exit 0
     fi
   fi

   ERRNO=""
   READ_ERROR="99999"
   LAST_ERROR_PATH="/run/trunks/last-write-error"
   if [ -f "${LAST_ERROR_PATH}" ]; then
     ERRNO=$(cat "${LAST_ERROR_PATH}" || echo "${READ_ERROR}")
   fi
   # There is no write error from last run of trunksd.
   if [ -z "${ERRNO}" ] || [ "${ERRNO}" = "0" ]; then
     return
   fi
   if [ "${ERRNO}" == "${READ_ERROR}" ]; then
     logger -t trunksd "Error reading ${LAST_ERROR_PATH}..rebinding regardless"
   fi
   logger -t trunksd "Rebinding TPM driver upon write errno ${ERRNO}"
   DEVICE=$(find /sys/class/tpm/tpm0/device/driver/ -maxdepth 1 -type l \
       -exec basename {} \; || true)
   if [ -z "${DEVICE}" ]; then
     logger -t trunksd "Failed to get TPM device."
     return
   fi
   DRIVER=$(readlink -f /sys/class/tpm/tpm0/device/driver/ || true)
   if [ -z "${DRIVER}" ]; then
     logger -t trunksd "Failed to get TPM driver."
     return
   fi
   logger -t trunksd "Rebinding TPM drivers..."
   echo "${DEVICE}" > "${DRIVER}/unbind" || \
       logger -t trunksd "Failed to unbind driver"
   echo "${DEVICE}" > "${DRIVER}/bind" || \
       logger -t trunksd "Failed to bind driver"
   if [ "${KEY_EVICTION}" = true ]; then
     /usr/bin/systemd-tmpfiles --create --remove --clean \
       /usr/lib/tmpfiles.d/on-demand/trunks_freezer.conf
   fi
 end script

 expect fork

 exec trunksd
	# Copyright 2014 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Chromium OS trunks daemon for TPM2.0"
	author "chromium-os-dev@chromium.org"

	# TODO(b/265866896): provider better abstraction by adding trunks-pre-init
	# event instead
	start on started boot-services and stopped cr50-result and started dbus
	stop on hwsec-stop-low-level-tpm-daemon-signal
	respawn


	oom score -100

	# These enviroment variable may be modified in the ebuild file.
	# The runtime TPM selection feature would be enabled if this variable is true.
	env TPM_DYNAMIC=false

	# The key eviction feature would be enabled if this variable is true.
	env KEY_EVICTION=false

	pre-start script
	if [ "${TPM_DYNAMIC}" = true ]; then
	# Only start trunksd if TPM 2.0 device is active.
	if [ "$(tpm_version_client)" -ne 2 ]; then
	stop
	exit 0
	fi
	fi

	ERRNO=""
	READ_ERROR="99999"
	LAST_ERROR_PATH="/run/trunks/last-write-error"
	if [ -f "${LAST_ERROR_PATH}" ]; then
	ERRNO=$(cat "${LAST_ERROR_PATH}" \|\| echo "${READ_ERROR}")
	fi
	# There is no write error from last run of trunksd.
	if [ -z "${ERRNO}" ] \|\| [ "${ERRNO}" = "0" ]; then
	return
	fi
	if [ "${ERRNO}" == "${READ_ERROR}" ]; then
	logger -t trunksd "Error reading ${LAST_ERROR_PATH}..rebinding regardless"
	fi
	logger -t trunksd "Rebinding TPM driver upon write errno ${ERRNO}"
	DEVICE=$(find /sys/class/tpm/tpm0/device/driver/ -maxdepth 1 -type l \
	-exec basename {} \; \|\| true)
	if [ -z "${DEVICE}" ]; then
	logger -t trunksd "Failed to get TPM device."
	return
	fi
	DRIVER=$(readlink -f /sys/class/tpm/tpm0/device/driver/ \|\| true)
	if [ -z "${DRIVER}" ]; then
	logger -t trunksd "Failed to get TPM driver."
	return
	fi
	logger -t trunksd "Rebinding TPM drivers..."
	echo "${DEVICE}" > "${DRIVER}/unbind" \|\| \
	logger -t trunksd "Failed to unbind driver"
	echo "${DEVICE}" > "${DRIVER}/bind" \|\| \
	logger -t trunksd "Failed to bind driver"
	if [ "${KEY_EVICTION}" = true ]; then
	/usr/bin/systemd-tmpfiles --create --remove --clean \
	/usr/lib/tmpfiles.d/on-demand/trunks_freezer.conf
	fi
	end script

	expect fork

	exec trunksd