| #!/bin/sh |
| # |
| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| set -e |
| |
| # Flag file indicating that a TPM firmware update has been requested. |
| TPM_FIRMWARE_UPDATE_REQUEST=/mnt/stateful_partition/unencrypted/preserve/tpm_firmware_update_request |
| |
| # Verifies that the TPM is in good state after updating. When performing an |
| # owner-authorized TPM firmware update, the previous SRK remains. Since that SRK |
| # might be weak we can't allow for it to stick around. The updater generally |
| # requests the TPM to be cleared after updating, but there are edge cases |
| # (interrupted updates, TPM firmware bugs that prevent the update from |
| # completing successfully) for which we might reboot in normal mode without the |
| # TPM having been cleared. As a safety net to handle these cases we check that |
| # the TPM is cleared and if not request another clear here. |
| cleanup() { |
| if [ "$(tpmc getownership)" != "Owned: no" ]; then |
| crossystem clear_tpm_owner_request=1 |
| reboot |
| sleep infinity |
| fi |
| |
| # Looking good, don't trigger the TPM updater again after reboot. |
| rm "${TPM_FIRMWARE_UPDATE_REQUEST}" |
| } |
| |
| main() { |
| if [ ! -e "${TPM_FIRMWARE_UPDATE_REQUEST}" ]; then |
| return 0 |
| fi |
| |
| local mode="$(cat "${TPM_FIRMWARE_UPDATE_REQUEST}")" |
| if [ "$mode" = "cleanup" ]; then |
| cleanup |
| fi |
| } |
| |
| main "$@" |