cryptohome: control if PinWeaver is enabled through USE flag
This CL enables using PinWeaver only if USE=pinweaver is specified
during the build.
BUG=chromium:866055
TEST=1) emerge w/o USE flag, deploy, check that PinWeaver is not called
2) emerge with USE=pinweaver, deploy, check that PinWeaver is used
Change-Id: I91d7910261b14fdc71366b53fee23f5cd762f005
Reviewed-on: https://chromium-review.googlesource.com/1145882
Commit-Ready: Allen Webb <allenwebb@google.com>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
(cherry picked from commit 01840b992d0867a0e28c4ad9d9fea8ed44dfddb8)
Reviewed-on: https://chromium-review.googlesource.com/1149121
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
diff --git a/cryptohome/cryptohome-libs.gypi b/cryptohome/cryptohome-libs.gypi
index 25bad5f..3fd3e50 100644
--- a/cryptohome/cryptohome-libs.gypi
+++ b/cryptohome/cryptohome-libs.gypi
@@ -2,7 +2,11 @@
# are used for the resulting executable targets.
{
'target_defaults': {
+ 'variables': {
+ 'USE_pinweaver%': 0,
+ },
'defines': [
+ 'USE_PINWEAVER=<(USE_pinweaver)',
'USE_TPM2=<(USE_tpm2)',
],
},
diff --git a/cryptohome/tpm2_impl.cc b/cryptohome/tpm2_impl.cc
index 85e95c6..4d06654 100644
--- a/cryptohome/tpm2_impl.cc
+++ b/cryptohome/tpm2_impl.cc
@@ -1484,7 +1484,11 @@
}
LECredentialBackend* Tpm2Impl::GetLECredentialBackend() {
+#if USE_PINWEAVER
return &le_credential_backend_;
+#else
+ return nullptr;
+#endif
}
SignatureSealingBackend* Tpm2Impl::GetSignatureSealingBackend() {
diff --git a/cryptohome/tpm2_impl.h b/cryptohome/tpm2_impl.h
index 1e2495f..9deb97e 100644
--- a/cryptohome/tpm2_impl.h
+++ b/cryptohome/tpm2_impl.h
@@ -259,7 +259,9 @@
std::unique_ptr<tpm_manager::TpmOwnershipDBusProxy> default_tpm_owner_;
tpm_manager::TpmNvramInterface* tpm_nvram_ = nullptr;
std::unique_ptr<tpm_manager::TpmNvramDBusProxy> default_tpm_nvram_;
+#if USE_PINWEAVER
PinweaverLECredentialBackend le_credential_backend_{this};
+#endif
SignatureSealingBackendTpm2Impl signature_sealing_backend_{this};
DISALLOW_COPY_AND_ASSIGN(Tpm2Impl);