1 /*
2 * The Initial Developer of the Original Code is International
3 * Business Machines Corporation. Portions created by IBM
4 * Corporation are Copyright (C) 2005 International Business
5 * Machines Corporation. All Rights Reserved.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the Common Public License as published by
9 * IBM Corporation; either version 1 of the License, or (at your option)
10 * any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * Common Public License for more details.
16 *
17 * You should have received a copy of the Common Public License
18 * along with this program; if not, a copy can be viewed at
19 * http://www.opensource.org/licenses/cpl1.0.php.
20 */
21
22 #include "tpm_tspi.h"
23 #include "tpm_utils.h"
24 #include <getopt.h>
25
26 //controlled by input options
27 static BOOL bCheck = TRUE;
28 static BOOL isWellKnown = FALSE;
29 TSS_HCONTEXT hContext = 0;
30
parse(const int aOpt,const char * aArg)31 static int parse(const int aOpt, const char *aArg)
32 {
33
34 switch (aOpt) {
35 case 's':
36 logDebug(_("Changing mode to check status.\n"));
37 bCheck = TRUE;
38 break;
39 case 'r':
40 logDebug(_("Changing mode to restrist PubEK access\n"));
41 bCheck = FALSE;
42 break;
43 case 'z':
44 logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n"));
45 isWellKnown = TRUE;
46 break;
47 default:
48 return -1;
49 }
50 return 0;
51 }
52
help(const char * aCmd)53 static void help(const char *aCmd)
54 {
55
56 logCmdHelp(aCmd);
57 logUnicodeCmdOption();
58 logCmdOption("-s, --status", _("Display current status"));
59 logCmdOption("-r, --restrict",
60 _("Restrict PubEK read to owner only"));
61 logCmdOption("-z, --well-known",
62 _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data"));
63 }
64
main(int argc,char ** argv)65 int main(int argc, char **argv)
66 {
67
68 char *szTpmPasswd = NULL;
69 int pswd_len;
70 TSS_HPOLICY hTpmPolicy;
71 TSS_HTPM hTpm;
72 int iRc = -1;
73 struct option opts[] = { {"status", no_argument, NULL, 's'},
74 {"restrict", no_argument, NULL, 'r'},
75 {"well-known", no_argument, NULL, 'z'},
76 };
77 BYTE well_known[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
78
79 initIntlSys();
80
81 if (genericOptHandler
82 (argc, argv, "srz", opts, sizeof(opts) / sizeof(struct option),
83 parse, help) != 0)
84 goto out;
85
86 //Connect to TSS and TPM
87 if (contextCreate(&hContext) != TSS_SUCCESS)
88 goto out;
89
90 if (contextConnect(hContext) != TSS_SUCCESS)
91 goto out_close;
92
93 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
94 goto out_close;
95
96 if (isWellKnown) {
97 szTpmPasswd = (char *)well_known;
98 pswd_len = sizeof(well_known);
99 } else {
100 // Prompt for owner password
101 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
102 if (!szTpmPasswd) {
103 logMsg(_("Failed to get password\n"));
104 goto out_close;
105 }
106 }
107 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
108 goto out_close;
109 if (policySetSecret
110 (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS)
111 goto out_close;
112
113 if (bCheck) {
114 TSS_BOOL bValue;
115 if (tpmGetStatus
116 (hTpm, TSS_TPMSTATUS_DISABLEPUBEKREAD,
117 &bValue) != TSS_SUCCESS)
118 goto out;
119 logMsg(_("Public Endorsement Key readable by: %s\n"),
120 bValue ? _("owner") : _("everyone"));
121
122 } else {
123 if (tpmSetStatus(hTpm, TSS_TPMSTATUS_DISABLEPUBEKREAD, 0)
124 != TSS_SUCCESS)
125 goto out_close;
126 }
127
128 iRc = 0;
129 logSuccess(argv[0]);
130
131 out_close:
132 contextClose(hContext);
133
134 out:
135 if (szTpmPasswd && !isWellKnown)
136 shredPasswd(szTpmPasswd);
137
138 return iRc;
139
140 }
141