1 /*
2 * The Initial Developer of the Original Code is International
3 * Business Machines Corporation. Portions created by IBM
4 * Corporation are Copyright (C) 2005 International Business
5 * Machines Corporation. All Rights Reserved.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the Common Public License as published by
9 * IBM Corporation; either version 1 of the License, or (at your option)
10 * any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * Common Public License for more details.
16 *
17 * You should have received a copy of the Common Public License
18 * along with this program; if not, a copy can be viewed at
19 * http://www.opensource.org/licenses/cpl1.0.php.
20 */
21
22 #include "tpm_tspi.h"
23 #include "tpm_utils.h"
24
25 //Controlled by input options
26 #define STATUS_CHECK 0
27 #define ENABLE 1
28 #define DISABLE 2
29
30 static int request = STATUS_CHECK;
31 static TSS_FLAG fForce = TSS_TPMSTATUS_OWNERSETDISABLE;
32 static BOOL isWellKnown = FALSE;
33 TSS_HCONTEXT hContext = 0;
34 /*
35 * Affect: Change TPM state between enabled and disabled
36 * Default: Display current status
37 * Requires: Owner auth unless force( physical presence ) is specified
38 */
help(const char * cmd)39 static void help(const char *cmd)
40 {
41
42 logCmdHelp(cmd);
43 logUnicodeCmdOption();
44 logCmdOption("-s, --status", _("Display current state"));
45 logCmdOption("-e, --enable", _("Enable TPM"));
46 logCmdOption("-d, --disable", _("Disable TPM"));
47 logCmdOption("-f, --force",
48 _("Use physical presence authorization."));
49 logCmdOption("-z, --well-known",
50 _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data"));
51
52 }
53
parse(const int aOpt,const char * aArg)54 static int parse(const int aOpt, const char *aArg)
55 {
56
57 switch (aOpt) {
58 case 's':
59 logDebug(_("Changing mode to check status.\n"));
60 request = STATUS_CHECK;
61 break;
62 case 'e':
63 logDebug(_("Changing mode to enable the TPM\n"));
64 request = ENABLE;
65 break;
66 case 'd':
67 logDebug(_("Changing mode to disable the TPM\n"));
68 request = DISABLE;
69 break;
70 case 'f':
71 logDebug(_("Changing mode to use force authorization\n"));
72 fForce = TSS_TPMSTATUS_PHYSICALDISABLE;
73 break;
74 case 'z':
75 logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n"));
76 isWellKnown = TRUE;
77 break;
78 default:
79 return -1;
80 }
81 return 0;
82 }
83
main(int argc,char ** argv)84 int main(int argc, char **argv)
85 {
86
87 char *szTpmPasswd = NULL;
88 int pswd_len;
89 TSS_HTPM hTpm;
90 TSS_BOOL bValue;
91 TSS_HPOLICY hTpmPolicy;
92 int iRc = -1;
93 struct option hOpts[] = { {"enable", no_argument, NULL, 'e'},
94 {"disable", no_argument, NULL, 'd'},
95 {"force", no_argument, NULL, 'f'},
96 {"status", no_argument, NULL, 's'},
97 {"well-known", no_argument, NULL, 'z'},
98 };
99 BYTE well_known[] = TSS_WELL_KNOWN_SECRET;
100
101 initIntlSys();
102
103 if (genericOptHandler
104 (argc, argv, "edfsz", hOpts,
105 sizeof(hOpts) / sizeof(struct option), parse, help) != 0)
106 goto out;
107
108 //Connect to TSS and TPM
109 if (contextCreate(&hContext) != TSS_SUCCESS)
110 goto out;
111
112 if (contextConnect(hContext) != TSS_SUCCESS)
113 goto out_close;
114
115 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
116 goto out_close;
117
118 if ( request == STATUS_CHECK) {
119 logInfo( _("Checking current status:\n"));
120 if (isWellKnown) {
121 szTpmPasswd = (char *)well_known;
122 pswd_len = sizeof(well_known);
123 } else {
124 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
125 if (!szTpmPasswd) {
126 logMsg(_("Failed to get password\n"));
127 goto out_close;
128 }
129 }
130 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
131 goto out_close;
132
133 if (policySetSecret
134 (hTpmPolicy, pswd_len,
135 (BYTE *)szTpmPasswd) != TSS_SUCCESS)
136 goto out_close;
137 if (tpmGetStatus
138 (hTpm, TSS_TPMSTATUS_DISABLED,
139 &bValue) != TSS_SUCCESS)
140 goto out_close;
141 logMsg(_("Disabled status: %s\n"), logBool(mapTssBool(bValue)));
142 }else {
143 if (fForce == TSS_TPMSTATUS_OWNERSETDISABLE) {
144 if (isWellKnown) {
145 szTpmPasswd = (char *)well_known;
146 pswd_len = sizeof(well_known);
147 } else {
148 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len,
149 FALSE);
150 if (!szTpmPasswd) {
151 logMsg(_("Failed to get password\n"));
152 goto out_close;
153 }
154 }
155
156 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
157 goto out_close;
158
159 if (policySetSecret
160 (hTpmPolicy, pswd_len,
161 (BYTE *)szTpmPasswd) != TSS_SUCCESS)
162 goto out_close;
163 }
164
165 //Setup complete. Attempt the command
166 if (tpmSetStatus(hTpm, fForce, (request == ENABLE) ? FALSE : TRUE ) != TSS_SUCCESS)
167 goto out_close;
168 }
169
170 //Command successful
171 iRc = 0;
172 logSuccess(argv[0]);
173
174 //Cleanup
175 out_close:
176 if (szTpmPasswd && !isWellKnown)
177 shredPasswd(szTpmPasswd);
178
179 contextClose(hContext);
180
181 out:
182 return iRc;
183 }
184