diff options
Diffstat (limited to 'host/lib/crossystem.c')
-rw-r--r-- | host/lib/crossystem.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/host/lib/crossystem.c b/host/lib/crossystem.c index 6d72dc07..25a55d82 100644 --- a/host/lib/crossystem.c +++ b/host/lib/crossystem.c @@ -3,10 +3,11 @@ * found in the LICENSE file. */ +#include <ctype.h> #include <stddef.h> #include <stdio.h> #include <string.h> -#include <ctype.h> +#include <unistd.h> #include "2api.h" #include "2common.h" @@ -23,6 +24,9 @@ /* Filename for kernel command line */ #define KERNEL_CMDLINE_PATH "/proc/cmdline" +/* Filename for the mount-encrypted key */ +#define MOUNT_ENCRYPTED_KEY_PATH "/mnt/stateful_partition/encrypted.key" + /* Fields that GetVdatString() can get */ typedef enum VdatStringField { VDAT_STRING_DEPRECATED_TIMERS = 0, /* Timer values */ @@ -370,7 +374,12 @@ int VbGetSystemPropertyInt(const char *name) } else if (!strcasecmp(name,"disable_dev_request")) { value = vb2_get_nv_storage(VB2_NV_DISABLE_DEV_REQUEST); } else if (!strcasecmp(name,"clear_tpm_owner_request")) { - value = vb2_get_nv_storage(VB2_NV_CLEAR_TPM_OWNER_REQUEST); + if (TPM2_SIMULATOR) + /* Check mount-encrypted key status */ + value = access(MOUNT_ENCRYPTED_KEY_PATH, F_OK) != 0; + else + value = vb2_get_nv_storage( + VB2_NV_CLEAR_TPM_OWNER_REQUEST); } else if (!strcasecmp(name,"clear_tpm_owner_done")) { value = vb2_get_nv_storage(VB2_NV_CLEAR_TPM_OWNER_DONE); } else if (!strcasecmp(name,"tpm_rebooted")) { @@ -542,7 +551,26 @@ int VbSetSystemPropertyInt(const char *name, int value) } else if (!strcasecmp(name,"disable_dev_request")) { return vb2_set_nv_storage(VB2_NV_DISABLE_DEV_REQUEST, value); } else if (!strcasecmp(name,"clear_tpm_owner_request")) { - return vb2_set_nv_storage(VB2_NV_CLEAR_TPM_OWNER_REQUEST, value); + if (TPM2_SIMULATOR) { + /* We don't support to set clear_tpm_owner_request to 0 + * on simulator */ + if (value == 0) + return -1; + /* Check mount-encrypted key status */ + if (!access(MOUNT_ENCRYPTED_KEY_PATH, F_OK)) { + /* Remove the mount_encrypted key, and it would + * also clear the TPM2.0 simulator NV space on + * it. */ + return remove(MOUNT_ENCRYPTED_KEY_PATH); + } else { + /* Return success when the file is already + * removed */ + return 0; + } + } else { + return vb2_set_nv_storage( + VB2_NV_CLEAR_TPM_OWNER_REQUEST, value); + } } else if (!strcasecmp(name,"clear_tpm_owner_done")) { /* Can only clear this flag; it's set by firmware. */ return vb2_set_nv_storage(VB2_NV_CLEAR_TPM_OWNER_DONE, 0); |