tpm_manager: implement ClearStoredOwnerPassword
Add ClearStoredOwnerPassword command to clear the stored owner
password if all dependencies are removed. Delete clearing the
passwords from RemoveOwnerDependency handler. Keep other
passwords available even after clearing the owner password -
they are needed not only during the first boot.
The dependencies are removed too early during the first boot
to clear the password after that. The owner password should be
available after that until an explicit ClearStoredPasswords.
BUG=chrome-os-partner:58786
BUG=chrome-os-partner:62689
TEST=On a system with still unremoved dependencies:
1) tpm_manager_client clear_owner_password
The command should succeed.
Check "tpm_manager_client status", the passwords should
still be available since dependencies still remain.
2) tpm_manager_client remove_dependency \
--dependency="TpmOwnerDependency_Nvram"
tpm_manager_client remove_dependency \
--dependency="TpmOwnerDependency_Attestation"
Check "tpm_manager_client status" again, the passwords
should still be available.
3) tpm_manager_client clear_owner_password
After that the owner password should be cleared, other
passwords should remain.
Change-Id: Ic721fb6df8ec3603b5988c000a10bcc291651860
Reviewed-on: https://chromium-review.googlesource.com/438701
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Ben Chan <benchan@chromium.org>
22 files changed