Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 1a4b7ee28bf7413af6513fb45ad0d0736048f866 / . / meta-security / meta-tpm / recipes-tpm / openssl-tpm-engine / files / 0002-libtpm-support-env-TPM_SRK_PW.patch
blob: 2caaaf05431c52e07b8b89a69cce2371fb9db0f8 [file] [log] [blame]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]1commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
2Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
3Date: Wed Jun 19 18:57:13 2013 +0800
4
5support reading SRK password from env TPM_SRK_PW
6
7Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially,
8use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password.
9
10Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
11
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]12Index: git/src/e_tpm.c
13===================================================================
14--- git.orig/src/e_tpm.c
15+++ git/src/e_tpm.c
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]16@@ -38,6 +38,8 @@
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]17 #include "e_tpm.h"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]18 #include "ssl_compat.h"
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]19
20+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
21+
22 //#define DLOPEN_TSPI
23
24 #ifndef OPENSSL_NO_HW
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]25@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]26 TSS_RESULT result;
27 UINT32 authusage;
28 BYTE *auth;
29+ char *srkPasswd = NULL;
30+ TSS_FLAG secretMode = secret_mode;
31+ int authlen = 0;
32+
33
34 if (hSRK != NULL_HKEY) {
35 DBGFN("SRK is already loaded.");
Brad Bishop1a4b7ee2018-12-16 17:11:34 -0800[diff] [blame^]36@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]37 return 0;
38 }
39
40- if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
41- cb_data)) {
42- Tspi_Context_CloseObject(hContext, hSRK);
43- free(auth);
44- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
45- return 0;
46+ srkPasswd = getenv("TPM_SRK_PW");
47+ if (NULL != srkPasswd) {
48+ if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
49+ memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
50+ secretMode = TSS_SECRET_MODE_SHA1;
51+ authlen = TPM_WELL_KNOWN_KEY_LEN;
52+ } else {
53+ int authbuflen = 128;
54+ memset(auth, 0, authbuflen);
55+ strncpy(auth, srkPasswd, authbuflen-1);
56+ secretMode = TSS_SECRET_MODE_PLAIN;
57+ authlen = strlen(auth);
58+ }
59+ }
60+ else {
61+ if (!tpm_engine_get_auth(ui, (char *)auth, 128,
62+ "SRK authorization: ", cb_data)) {
63+ Tspi_Context_CloseObject(hContext, hSRK);
64+ free(auth);
65+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
66+ return 0;
67+ }
68+ secretMode = secret_mode;
69+ authlen = strlen(auth);
70 }
71
72 /* secret_mode is a global that may be set by engine ctrl
73 * commands. By default, its set to TSS_SECRET_MODE_PLAIN */
74- if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
75- strlen((char *)auth), auth))) {
76+ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode,
77+ authlen, auth))) {
78 Tspi_Context_CloseObject(hContext, hSRK);
79 free(auth);
80 TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);