xref: /netbsd-src/crypto/external/cpl/tpm-tools/dist/src/tpm_mgmt/tpm_nvrelease.c (revision 63aea4bd5b445e491ff0389fe27ec78b3099dba3) 
1 /*
2  * The Initial Developer of the Original Code is International
3  * Business Machines Corporation. Portions created by IBM
4  * Corporation are Copyright (C) 2005 International Business
5  * Machines Corporation. All Rights Reserved.
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the Common Public License as published by
9  * IBM Corporation; either version 1 of the License, or (at your option)
10  * any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * Common Public License for more details.
16  *
17  * You should have received a copy of the Common Public License
18  * along with this program; if not, a copy can be viewed at
19  * http://www.opensource.org/licenses/cpl1.0.php.
20  */
21 
22 #include <limits.h>
23 
24 #include "tpm_nvcommon.h"
25 #include "tpm_tspi.h"
26 #include "tpm_utils.h"
27 
28 static unsigned int nvindex;
29 static const char *ownerpass;
30 static BOOL ownerWellKnown;
31 static BOOL askOwnerPass;
32 TSS_HCONTEXT hContext = 0;
33 
34 
35 static int parse(const int aOpt, const char *aArg)
36 {
37 
38 	switch (aOpt) {
39 	case 'i':
40 		if (parseHexOrDecimal(aArg, &nvindex, 0, UINT_MAX,
41 				      "NVRAM index") != 0)
42 			return -1;
43 		break;
44 
45 	case 'o':
46 		ownerpass = aArg;
47 		if (!ownerpass)
48 			askOwnerPass = TRUE;
49 		else
50 			askOwnerPass = FALSE;
51 		ownerWellKnown = FALSE;
52 		break;
53 
54 	case 'y':
55 		ownerWellKnown = TRUE;
56 		askOwnerPass = FALSE;
57 		ownerpass = NULL;
58 		break;
59 
60 	case 'u':
61 		useUnicode = TRUE;
62 		break;
63 
64 	default:
65 		return -1;
66 	}
67 	return 0;
68 }
69 
70 static void help(const char* aCmd)
71 {
72 	logCmdHelp(aCmd);
73 	logUnicodeCmdOption();
74 	logCmdOption("-y, --owner-well-known",
75 		     _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM owner password"));
76 	logOwnerPassCmdOption();
77 	logNVIndexCmdOption();
78 }
79 
80 int main(int argc, char **argv)
81 {
82 	TSS_RESULT res;
83 	TSS_HTPM hTpm;
84 	TSS_HNVSTORE nvObject;
85 	TSS_FLAG fNvAttrs;
86 	TSS_HPOLICY hTpmPolicy;
87 	int iRc = -1;
88 	int pswd_len = -1;
89 	BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
90 	struct option hOpts[] = {
91 		{"index"           , required_argument, NULL, 'i'},
92 		{"pwdo"            , optional_argument, NULL, 'o'},
93 		{"owner-well-known",       no_argument, NULL, 'y'},
94 		{NULL              ,       no_argument, NULL, 0},
95 	};
96 
97 	initIntlSys();
98 
99 	if (genericOptHandler
100 		    (argc, argv, "i:o::y", hOpts,
101 		     sizeof(hOpts) / sizeof(struct option), parse, help) != 0)
102 		goto out;
103 
104 	if (nvindex == 0) {
105 		logError(_("You must provide an index (!= 0) for the "
106 		           "NVRAM area.\n"));
107 		goto out;
108 	}
109 
110 	if (contextCreate(&hContext) != TSS_SUCCESS)
111 		goto out;
112 
113 	if (contextConnect(hContext) != TSS_SUCCESS)
114 		goto out_close;
115 
116 	if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
117 		goto out_close;
118 
119 	fNvAttrs = 0;
120 
121 	if (askOwnerPass) {
122 		ownerpass = _GETPASSWD(_("Enter owner password: "), &pswd_len,
123 			FALSE, useUnicode );
124 		if (!ownerpass) {
125 			logError(_("Failed to get owner password\n"));
126 			goto out_close;
127 		}
128 	}
129 
130 	if (ownerpass || ownerWellKnown) {
131 		if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
132 			goto out_close;
133 		if (ownerpass) {
134 			if (pswd_len < 0)
135 				pswd_len = strlen(ownerpass);
136 
137 			if (policySetSecret(hTpmPolicy, pswd_len,
138 					    (BYTE *)ownerpass) != TSS_SUCCESS)
139 				goto out_close;
140 		} else {
141 			if (policySetSecret(hTpmPolicy, TCPA_SHA1_160_HASH_LEN,
142 					    (BYTE *)well_known_secret) != TSS_SUCCESS)
143 				goto out_close;
144 		}
145 	}
146 
147 	if (contextCreateObject(hContext,
148 				TSS_OBJECT_TYPE_NV,
149 				fNvAttrs,
150 				&nvObject) != TSS_SUCCESS)
151 		goto out_close;
152 
153 	if (Tspi_SetAttribUint32(nvObject,
154 				 TSS_TSPATTRIB_NV_INDEX,
155 				 0,
156 				 nvindex) != TSS_SUCCESS)
157 		goto out_close_obj;
158 
159 	if ((res = NVReleaseSpace(nvObject)) != TSS_SUCCESS) {
160 		goto out_close;
161 	}
162 
163 	logMsg(_("Successfully released NVRAM area at index 0x%x (%d).\n"),
164 	       nvindex, nvindex);
165 
166 	iRc = 0;
167 
168 	goto out_close;
169 
170       out_close_obj:
171 	contextCloseObject(hContext, nvObject);
172 
173       out_close:
174 	contextClose(hContext);
175 
176       out:
177 	return iRc;
178 }
179