1 /* 2 * The Initial Developer of the Original Code is International 3 * Business Machines Corporation. Portions created by IBM 4 * Corporation are Copyright (C) 2005 International Business 5 * Machines Corporation. All Rights Reserved. 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the Common Public License as published by 9 * IBM Corporation; either version 1 of the License, or (at your option) 10 * any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * Common Public License for more details. 16 * 17 * You should have received a copy of the Common Public License 18 * along with this program; if not, a copy can be viewed at 19 * http://www.opensource.org/licenses/cpl1.0.php. 20 */ 21 22 #include "tpm_tspi.h" 23 #include "tpm_utils.h" 24 25 //Controled by input options 26 static BOOL bValue = FALSE; //If true FORCE CLEAR 27 static BOOL isWellKnown = FALSE; 28 TSS_HCONTEXT hContext = 0; 29 30 static inline TSS_RESULT tpmClearOwner(TSS_HTPM a_hTpm, BOOL a_bValue) 31 { 32 33 TSS_RESULT result = Tspi_TPM_ClearOwner(a_hTpm, a_bValue); 34 tspiResult("Tspi_TPM_ClearOwner", result); 35 36 return result; 37 38 } 39 40 static void help(const char *aCmd) 41 { 42 logCmdHelp(aCmd); 43 logUnicodeCmdOption(); 44 logCmdOption("-f, --force", _("Use physical presence authorization.")); 45 logCmdOption("-z, --well-known", 46 _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data")); 47 } 48 49 static int parse(const int aOpt, const char *aArg) 50 { 51 52 switch (aOpt) { 53 case 'f': 54 logDebug(_("Changing mode to use force authorization\n")); 55 bValue = TRUE; 56 break; 57 case 'z': 58 logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n")); 59 isWellKnown = TRUE; 60 break; 61 default: 62 return -1; 63 } 64 return 0; 65 66 } 67 68 int main(int argc, char **argv) 69 { 70 71 char *szTpmPasswd = NULL; 72 int pswd_len; 73 TSS_HTPM hTpm; 74 TSS_HPOLICY hTpmPolicy; 75 int iRc = -1; 76 struct option opts[] = { 77 {"force", no_argument, NULL, 'f'}, 78 {"well-known", no_argument, NULL, 'z'}, 79 }; 80 BYTE well_known[] = TSS_WELL_KNOWN_SECRET; 81 82 initIntlSys(); 83 84 if (genericOptHandler 85 (argc, argv, "fz", opts, sizeof(opts) / sizeof(struct option), 86 parse, help) != 0) 87 goto out; 88 89 if (contextCreate(&hContext) != TSS_SUCCESS) 90 goto out; 91 92 if (contextConnect(hContext) != TSS_SUCCESS) 93 goto out_close; 94 95 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) 96 goto out_close; 97 98 if (!bValue) { 99 if (isWellKnown){ 100 szTpmPasswd = (char *)well_known; 101 pswd_len = sizeof(well_known); 102 }else{ 103 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE); 104 if (!szTpmPasswd) { 105 logMsg(_("Failed to get password\n")); 106 goto out_close; 107 } 108 } 109 110 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) 111 goto out_close; 112 113 if (policySetSecret(hTpmPolicy, pswd_len, 114 (BYTE *)szTpmPasswd) != TSS_SUCCESS) 115 goto out_close; 116 } 117 //Setup complete attempt command 118 if (tpmClearOwner(hTpm, bValue) != TSS_SUCCESS) 119 goto out_close; 120 121 //Command successful 122 iRc = 0; 123 logSuccess(argv[0]); 124 125 logMsg( _("TPM Successfuly Cleared. You need to reboot to complete this operation. After reboot the TPM will be in the default state: unowned, disabled and inactive.\n") ); 126 127 //Cleanup 128 out_close: 129 if (szTpmPasswd && !isWellKnown) 130 shredPasswd(szTpmPasswd); 131 132 contextClose(hContext); 133 134 out: 135 return iRc; 136 } 137