commit b3239c0a30b2d0805e0cd690cf952bc2644bbfe8
author Darren Krahn <dkrahn@chromium.org> Wed Jan 29 14:46:56 2014 -0800
committer chrome-internal-fetch <chrome-internal-fetch@google.com> Thu Jan 30 22:52:16 2014 +0000
tree 0d5381985178bc1c16b133623aedfa27a716318e
parent 3770a8aea76a42df8818e334c31fd9e96e8f991a

Unload the chaps system token in TPMStore.reset().

The chapsd daemon may load automatically load a system token from
/var/lib/chaps.  TPMStore assumes no other chaps tokens exist so this
token is now explicitly unloaded.

BUG=chromium:210525
TEST=Run VPNConnect.openvpn_cert_verify and check the client stderr
to verify that test tokens are always allocated slot 0.

Change-Id: I39054390552ec775899a79483ecc0709994c147b
Reviewed-on: https://chromium-review.googlesource.com/184405
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>

client/cros/tpm_store.py

diff --git a/client/cros/tpm_store.py b/client/cros/tpm_store.py
index 0ff6d4d..03e61be 100644
--- a/client/cros/tpm_store.py
+++ b/client/cros/tpm_store.py
@@ -11,6 +11,7 @@
     """Context enclosing the use of the TPM."""
 
     CHAPS_CLIENT_COMMAND = 'chaps_client'
+    CHAPS_SYSTEM_TOKEN = '/var/lib/chaps'
     CONVERT_TYPE_RSA = 'rsa'
     CONVERT_TYPE_X509 = 'x509'
     CRYPTOHOME_ACTION_TAKE_OWNERSHIP = 'tpm_take_ownership'
@@ -73,6 +74,8 @@
     def reset(self):
         """Reset the crypto store and take ownership of the device."""
         utils.system('initctl restart chapsd')
+        utils.system('%s --unload --path=%s' %
+                     (self.CHAPS_CLIENT_COMMAND, self.CHAPS_SYSTEM_TOKEN))
         self._cryptohome_action(self.CRYPTOHOME_ACTION_TAKE_OWNERSHIP)
         self._cryptohome_action(self.CRYPTOHOME_ACTION_WAIT_OWNERSHIP)