diff options
author | Meng-Huan Yu <menghuan@google.com> | 2018-10-25 15:46:51 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-11-01 02:17:43 -0700 |
commit | 62eec262de829a641833f9509231f099f0661dad (patch) | |
tree | 9667caee30977d2c4c513b3e38bcee230a14c310 /utility | |
parent | e05cdbc1d3f10df0301fe0b4ec7a7ff7bc502097 (diff) | |
download | vboot-62eec262de829a641833f9509231f099f0661dad.tar.gz |
tpmc: Make 'tpmc def' replace the existing space by default
In chromium:895549, we want to have consistent behavior of
'tpmc def' between TPM 1.2 and TPM 2.0.
In TPM 1.2, define space command will undefine the existing space,
and create a new one. So we make the 'tpmc def' act as this by
default.
Also, provide a option for whom may want to define a new space
only if it is not defined yet. It will return TPM error code
at that case.
BUG=chromium:895549
BRANCH=None
TEST=unit test; manually test:
# For TPM 2.0 use AUTHREAD|AUTHWRITE
tpmc tpmversion | grep 2.0 && export PERM=0x40004
tpmc tpmversion | grep 1.2 && export PERM=0x1
# Define the space
tpmc def 0x1020 0x1 "$PERM"
# Redefine the space, default will overwrite
tpmc def 0x1020 0x1 "$PERM"
# Expected: Success
tpmc def 0x1020 0x1 "$PERM" --no-overwrite
# Expected: output error for the space is already defined.
# For TPM 2.0, it should output:
# command "def" failed with code 0x14c
# the TPM error code is unknown to this program
# For TPM 1.2, it should output:
# The space is existing but --no-overwrite is set.
Change-Id: I9b4e742f2935578443ebcc69e91d0aebc84deed8
Reviewed-on: https://chromium-review.googlesource.com/1298098
Commit-Ready: Meng-Huan Yu <menghuan@chromium.org>
Tested-by: Meng-Huan Yu <menghuan@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'utility')
-rw-r--r-- | utility/tpmc.c | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/utility/tpmc.c b/utility/tpmc.c index 587e99ff..2e1e5180 100644 --- a/utility/tpmc.c +++ b/utility/tpmc.c @@ -167,10 +167,14 @@ static uint32_t HandlerDeactivate(void) { static uint32_t HandlerDefineSpace(void) { uint32_t index, size, perm; - if (nargs != 5) { - fprintf(stderr, "usage: tpmc def <index> <size> <perm>\n"); + int overwrite = 1; + + if (nargs != 5 && nargs != 6) { + fprintf(stderr, "usage: tpmc def <index> <size> <perm> " + "[--no-overwrite])\n"); exit(OTHER_ERROR); } + if (HexStringToUint32(args[2], &index) != 0 || HexStringToUint32(args[3], &size) != 0 || HexStringToUint32(args[4], &perm) != 0) { @@ -178,6 +182,32 @@ static uint32_t HandlerDefineSpace(void) { "32-bit hex (0x[0-9a-f]+)\n"); exit(OTHER_ERROR); } + + if (args[5] && strcmp(args[5], "--no-overwrite") == 0) { + overwrite = 0; + } + +#ifdef TPM2_MODE + // For TPM 2.0, DefineSpace will fail if the space already exists, so to + // support the default 'overwrite' mode, need to undefine the space first. + if (overwrite) { + TlclUndefineSpace(index); + } +#else /* ifndef TPM2_MODE */ + // For TPM 1.2, we have to check the existing before calling DefineSpace(), + // since it will automaticly overwrite the existing space by default. + // Do nothing for TPM 2.0. We rely on DefineSpace() to return the appropriate + // error code. + if (!overwrite) { + uint32_t result , permissions; + result = TlclGetPermissions(index, &permissions); + if (!result) { + fprintf(stderr, "The space is existing but --no-overwrite is set.\n"); + exit(OTHER_ERROR); + } + } +#endif + return TlclDefineSpace(index, perm, size); } @@ -587,7 +617,10 @@ command_record command_table[] = { TPM_MODE_SELECT("set the bGlobalLock until reboot", "set rollback protection lock for R/W firmware until reboot"), TlclSetGlobalLock }, - { "definespace", "def", "define a space (def <index> <size> <perm>)", + { "definespace", "def", + TPM_MODE_SELECT("define a space (def <index> <size> <perm>). ", + "define a space (def <index> <size> <perm> [--no-overwrite]). ") + "Default will overwrite if the space is defined.", HandlerDefineSpace }, { "undefinespace", "undef", "undefine a space (undef <index>)" |