1 /* 2 * The Initial Developer of the Original Code is International 3 * Business Machines Corporation. Portions created by IBM 4 * Corporation are Copyright (C) 2005 International Business 5 * Machines Corporation. All Rights Reserved. 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the Common Public License as published by 9 * IBM Corporation; either version 1 of the License, or (at your option) 10 * any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * Common Public License for more details. 16 * 17 * You should have received a copy of the Common Public License 18 * along with this program; if not, a copy can be viewed at 19 * http://www.opensource.org/licenses/cpl1.0.php. 20 */ 21 22 #include "tpm_tspi.h" 23 #include "tpm_utils.h" 24 #include <getopt.h> 25 26 //controlled by input options 27 static BOOL bCheck = TRUE; 28 static BOOL isWellKnown = FALSE; 29 TSS_HCONTEXT hContext = 0; 30 31 static int parse(const int aOpt, const char *aArg) 32 { 33 34 switch (aOpt) { 35 case 's': 36 logDebug(_("Changing mode to check status.\n")); 37 bCheck = TRUE; 38 break; 39 case 'r': 40 logDebug(_("Changing mode to restrist PubEK access\n")); 41 bCheck = FALSE; 42 break; 43 case 'z': 44 logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n")); 45 isWellKnown = TRUE; 46 break; 47 default: 48 return -1; 49 } 50 return 0; 51 } 52 53 static void help(const char *aCmd) 54 { 55 56 logCmdHelp(aCmd); 57 logUnicodeCmdOption(); 58 logCmdOption("-s, --status", _("Display current status")); 59 logCmdOption("-r, --restrict", 60 _("Restrict PubEK read to owner only")); 61 logCmdOption("-z, --well-known", 62 _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data")); 63 } 64 65 int main(int argc, char **argv) 66 { 67 68 char *szTpmPasswd = NULL; 69 int pswd_len; 70 TSS_HPOLICY hTpmPolicy; 71 TSS_HTPM hTpm; 72 int iRc = -1; 73 struct option opts[] = { {"status", no_argument, NULL, 's'}, 74 {"restrict", no_argument, NULL, 'r'}, 75 {"well-known", no_argument, NULL, 'z'}, 76 }; 77 BYTE well_known[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; 78 79 initIntlSys(); 80 81 if (genericOptHandler 82 (argc, argv, "srz", opts, sizeof(opts) / sizeof(struct option), 83 parse, help) != 0) 84 goto out; 85 86 //Connect to TSS and TPM 87 if (contextCreate(&hContext) != TSS_SUCCESS) 88 goto out; 89 90 if (contextConnect(hContext) != TSS_SUCCESS) 91 goto out_close; 92 93 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) 94 goto out_close; 95 96 if (isWellKnown) { 97 szTpmPasswd = (char *)well_known; 98 pswd_len = sizeof(well_known); 99 } else { 100 // Prompt for owner password 101 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE); 102 if (!szTpmPasswd) { 103 logMsg(_("Failed to get password\n")); 104 goto out_close; 105 } 106 } 107 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) 108 goto out_close; 109 if (policySetSecret 110 (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) 111 goto out_close; 112 113 if (bCheck) { 114 TSS_BOOL bValue; 115 if (tpmGetStatus 116 (hTpm, TSS_TPMSTATUS_DISABLEPUBEKREAD, 117 &bValue) != TSS_SUCCESS) 118 goto out; 119 logMsg(_("Public Endorsement Key readable by: %s\n"), 120 bValue ? _("owner") : _("everyone")); 121 122 } else { 123 if (tpmSetStatus(hTpm, TSS_TPMSTATUS_DISABLEPUBEKREAD, 0) 124 != TSS_SUCCESS) 125 goto out_close; 126 } 127 128 iRc = 0; 129 logSuccess(argv[0]); 130 131 out_close: 132 contextClose(hContext); 133 134 out: 135 if (szTpmPasswd && !isWellKnown) 136 shredPasswd(szTpmPasswd); 137 138 return iRc; 139 140 } 141