Unload the chaps system token in TPMStore.reset().
The chapsd daemon may load automatically load a system token from
/var/lib/chaps. TPMStore assumes no other chaps tokens exist so this
token is now explicitly unloaded.
BUG=chromium:210525
TEST=Run VPNConnect.openvpn_cert_verify and check the client stderr
to verify that test tokens are always allocated slot 0.
Change-Id: I39054390552ec775899a79483ecc0709994c147b
Reviewed-on: https://chromium-review.googlesource.com/184405
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
diff --git a/client/cros/tpm_store.py b/client/cros/tpm_store.py
index 0ff6d4d..03e61be 100644
--- a/client/cros/tpm_store.py
+++ b/client/cros/tpm_store.py
@@ -11,6 +11,7 @@
"""Context enclosing the use of the TPM."""
CHAPS_CLIENT_COMMAND = 'chaps_client'
+ CHAPS_SYSTEM_TOKEN = '/var/lib/chaps'
CONVERT_TYPE_RSA = 'rsa'
CONVERT_TYPE_X509 = 'x509'
CRYPTOHOME_ACTION_TAKE_OWNERSHIP = 'tpm_take_ownership'
@@ -73,6 +74,8 @@
def reset(self):
"""Reset the crypto store and take ownership of the device."""
utils.system('initctl restart chapsd')
+ utils.system('%s --unload --path=%s' %
+ (self.CHAPS_CLIENT_COMMAND, self.CHAPS_SYSTEM_TOKEN))
self._cryptohome_action(self.CRYPTOHOME_ACTION_TAKE_OWNERSHIP)
self._cryptohome_action(self.CRYPTOHOME_ACTION_WAIT_OWNERSHIP)