int main(int argc, char **argv)
{
char *szTpmPasswd = NULL;
int pswd_len;
TSS_HPOLICY hTpmPolicy;
TSS_HTPM hTpm;
int iRc = -1;
struct option opts[] = { {"allow", no_argument, NULL, 'a'},
{"status", no_argument, NULL, 's'},
{"restrict", no_argument, NULL, 'r'},
{"well-known", no_argument, NULL, 'z'},
};
BYTE well_known[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
initIntlSys();
if (genericOptHandler
(argc, argv, "asrz", opts, sizeof(opts) / sizeof(struct option),
parse, help) != 0)
goto out;
/* If no args are given, the default should be to give status */
if (argc == 1)
bCheck = TRUE;
//Connect to TSS and TPM
if (contextCreate(&hContext) != TSS_SUCCESS)
goto out;
if (contextConnect(hContext) != TSS_SUCCESS)
goto out_close;
if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
goto out_close;
if (isWellKnown) {
szTpmPasswd = (char *)well_known;
pswd_len = sizeof(well_known);
} else {
// Prompt for owner password
szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get password\n"));
goto out_close;
}
}
if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
goto out_close;
if (policySetSecret
(hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS)
goto out_close;
if (bCheck) {
TSS_BOOL bValue;
if (tpmGetStatus
(hTpm, TSS_TPMSTATUS_DISABLEPUBSRKREAD,
&bValue) != TSS_SUCCESS)
goto out;
logMsg(_("Storage Root Key readable with: %s\n"),
bValue ? _("owner auth") : _("SRK auth"));
} else {
if (tpmSetStatus(hTpm, TSS_TPMSTATUS_DISABLEPUBSRKREAD, bRestrict)
!= TSS_SUCCESS)
goto out_close;
}
iRc = 0;
logSuccess(argv[0]);
out_close:
contextClose(hContext);
out:
if (szTpmPasswd && !isWellKnown)
shredPasswd(szTpmPasswd);
return iRc;
}
int
main( int argc, char **argv )
{
char *szTpmPasswd = NULL;
int tpm_len;
TSS_HTPM hTpm;
TSS_HPOLICY hTpmPolicy;
TSS_BOOL bValue = TRUE;
int iRc = -1;
struct option opts[] = {
{"use-hex", no_argument, NULL, 'x'},
{"well-known", no_argument, NULL, 'z'},
};
BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
BYTE* pTpmPasswd = NULL;
int iTpmPasswdLen;
initIntlSys();
if (genericOptHandler(argc, argv, "xz", opts, sizeof(opts) / sizeof(struct option), parse,
help) != 0)
goto out;
if (contextCreate(&hContext) != TSS_SUCCESS)
goto out;
if (!isWellKnown) {
// Prompt for owner password
szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get Owner password\n"));
goto out;
}
if( decodeHexPassword ) {
if( hex2bytea(szTpmPasswd, &pTpmPasswd, &iTpmPasswdLen) != 0 ) {
logError(_("Invalid hex owner secret\n"));
goto out_close;
}
}
} else {
szTpmPasswd = (char *)wellKnown;
tpm_len = sizeof(wellKnown);
}
if (contextConnect(hContext) != TSS_SUCCESS)
goto out_close;
if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
goto out_close;
if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
goto out_close;
if( decodeHexPassword ) {
if( Tspi_Policy_SetSecret(hTpmPolicy, TSS_SECRET_MODE_PLAIN, iTpmPasswdLen,
pTpmPasswd) != TSS_SUCCESS)
goto out_close;
}
else {
if (policySetSecret(hTpmPolicy, tpm_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS)
goto out_close;
}
if (tpmSetStatus(hTpm, TSS_TPMSTATUS_RESETLOCK, bValue) != TSS_SUCCESS)
goto out_close;
iRc = 0;
logSuccess(argv[0]);
out_close:
contextClose(hContext);
out:
if (!isWellKnown && szTpmPasswd)
shredPasswd(szTpmPasswd);
if( pTpmPasswd )
shredByteArray(pTpmPasswd, iTpmPasswdLen);
return iRc;
}
