int main(int argc, char **argv) { char *szTpmPasswd = NULL; int pswd_len; TSS_HPOLICY hTpmPolicy; TSS_HTPM hTpm; int iRc = -1; struct option opts[] = { {"allow", no_argument, NULL, 'a'}, {"status", no_argument, NULL, 's'}, {"restrict", no_argument, NULL, 'r'}, {"well-known", no_argument, NULL, 'z'}, }; BYTE well_known[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; initIntlSys(); if (genericOptHandler (argc, argv, "asrz", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; /* If no args are given, the default should be to give status */ if (argc == 1) bCheck = TRUE; //Connect to TSS and TPM if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; if (isWellKnown) { szTpmPasswd = (char *)well_known; pswd_len = sizeof(well_known); } else { // Prompt for owner password szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get password\n")); goto out_close; } } if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) goto out_close; if (bCheck) { TSS_BOOL bValue; if (tpmGetStatus (hTpm, TSS_TPMSTATUS_DISABLEPUBSRKREAD, &bValue) != TSS_SUCCESS) goto out; logMsg(_("Storage Root Key readable with: %s\n"), bValue ? _("owner auth") : _("SRK auth")); } else { if (tpmSetStatus(hTpm, TSS_TPMSTATUS_DISABLEPUBSRKREAD, bRestrict) != TSS_SUCCESS) goto out_close; } iRc = 0; logSuccess(argv[0]); out_close: contextClose(hContext); out: if (szTpmPasswd && !isWellKnown) shredPasswd(szTpmPasswd); return iRc; }
int main( int argc, char **argv ) { char *szTpmPasswd = NULL; int tpm_len; TSS_HTPM hTpm; TSS_HPOLICY hTpmPolicy; TSS_BOOL bValue = TRUE; int iRc = -1; struct option opts[] = { {"use-hex", no_argument, NULL, 'x'}, {"well-known", no_argument, NULL, 'z'}, }; BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; BYTE* pTpmPasswd = NULL; int iTpmPasswdLen; initIntlSys(); if (genericOptHandler(argc, argv, "xz", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (!isWellKnown) { // Prompt for owner password szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get Owner password\n")); goto out; } if( decodeHexPassword ) { if( hex2bytea(szTpmPasswd, &pTpmPasswd, &iTpmPasswdLen) != 0 ) { logError(_("Invalid hex owner secret\n")); goto out_close; } } } else { szTpmPasswd = (char *)wellKnown; tpm_len = sizeof(wellKnown); } if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if( decodeHexPassword ) { if( Tspi_Policy_SetSecret(hTpmPolicy, TSS_SECRET_MODE_PLAIN, iTpmPasswdLen, pTpmPasswd) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hTpmPolicy, tpm_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) goto out_close; } if (tpmSetStatus(hTpm, TSS_TPMSTATUS_RESETLOCK, bValue) != TSS_SUCCESS) goto out_close; iRc = 0; logSuccess(argv[0]); out_close: contextClose(hContext); out: if (!isWellKnown && szTpmPasswd) shredPasswd(szTpmPasswd); if( pTpmPasswd ) shredByteArray(pTpmPasswd, iTpmPasswdLen); return iRc; }