1 /*
2 * The Initial Developer of the Original Code is International
3 * Business Machines Corporation. Portions created by IBM
4 * Corporation are Copyright (C) 2005 International Business
5 * Machines Corporation. All Rights Reserved.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the Common Public License as published by
9 * IBM Corporation; either version 1 of the License, or (at your option)
10 * any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * Common Public License for more details.
16 *
17 * You should have received a copy of the Common Public License
18 * along with this program; if not, a copy can be viewed at
19 * http://www.opensource.org/licenses/cpl1.0.php.
20 */
21
22 #include "tpm_tspi.h"
23 #include "tpm_utils.h"
24
25 //Controled by input options
26 static BOOL bValue = FALSE; //If true FORCE CLEAR
27 static BOOL isWellKnown = FALSE;
28 TSS_HCONTEXT hContext = 0;
29
tpmClearOwner(TSS_HTPM a_hTpm,BOOL a_bValue)30 static inline TSS_RESULT tpmClearOwner(TSS_HTPM a_hTpm, BOOL a_bValue)
31 {
32
33 TSS_RESULT result = Tspi_TPM_ClearOwner(a_hTpm, a_bValue);
34 tspiResult("Tspi_TPM_ClearOwner", result);
35
36 return result;
37
38 }
39
help(const char * aCmd)40 static void help(const char *aCmd)
41 {
42 logCmdHelp(aCmd);
43 logUnicodeCmdOption();
44 logCmdOption("-f, --force", _("Use physical presence authorization."));
45 logCmdOption("-z, --well-known",
46 _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data"));
47 }
48
parse(const int aOpt,const char * aArg)49 static int parse(const int aOpt, const char *aArg)
50 {
51
52 switch (aOpt) {
53 case 'f':
54 logDebug(_("Changing mode to use force authorization\n"));
55 bValue = TRUE;
56 break;
57 case 'z':
58 logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n"));
59 isWellKnown = TRUE;
60 break;
61 default:
62 return -1;
63 }
64 return 0;
65
66 }
67
main(int argc,char ** argv)68 int main(int argc, char **argv)
69 {
70
71 char *szTpmPasswd = NULL;
72 int pswd_len;
73 TSS_HTPM hTpm;
74 TSS_HPOLICY hTpmPolicy;
75 int iRc = -1;
76 struct option opts[] = {
77 {"force", no_argument, NULL, 'f'},
78 {"well-known", no_argument, NULL, 'z'},
79 };
80 BYTE well_known[] = TSS_WELL_KNOWN_SECRET;
81
82 initIntlSys();
83
84 if (genericOptHandler
85 (argc, argv, "fz", opts, sizeof(opts) / sizeof(struct option),
86 parse, help) != 0)
87 goto out;
88
89 if (contextCreate(&hContext) != TSS_SUCCESS)
90 goto out;
91
92 if (contextConnect(hContext) != TSS_SUCCESS)
93 goto out_close;
94
95 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
96 goto out_close;
97
98 if (!bValue) {
99 if (isWellKnown){
100 szTpmPasswd = (char *)well_known;
101 pswd_len = sizeof(well_known);
102 }else{
103 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
104 if (!szTpmPasswd) {
105 logMsg(_("Failed to get password\n"));
106 goto out_close;
107 }
108 }
109
110 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
111 goto out_close;
112
113 if (policySetSecret(hTpmPolicy, pswd_len,
114 (BYTE *)szTpmPasswd) != TSS_SUCCESS)
115 goto out_close;
116 }
117 //Setup complete attempt command
118 if (tpmClearOwner(hTpm, bValue) != TSS_SUCCESS)
119 goto out_close;
120
121 //Command successful
122 iRc = 0;
123 logSuccess(argv[0]);
124
125 logMsg( _("TPM Successfuly Cleared. You need to reboot to complete this operation. After reboot the TPM will be in the default state: unowned, disabled and inactive.\n") );
126
127 //Cleanup
128 out_close:
129 if (szTpmPasswd && !isWellKnown)
130 shredPasswd(szTpmPasswd);
131
132 contextClose(hContext);
133
134 out:
135 return iRc;
136 }
137