Google Git
Sign in
chromium / chromiumos / platform / cryptohome / 0.13.558.B
commitf75f398f8e78625bb068f57d6a0c675076679b81[log] [tgz]
authorGaurav Shah <gauravsh@chromium.org>Sat May 14 01:40:36 2011
committerGaurav Shah <gauravsh@chromium.org>Sat May 21 02:48:51 2011
tree43bf5fb96e043559193c1f6305a1e90753f817a3
parent76bc2675462a0591021a31e563cdae620487bb13 [diff]
Get rid of the call to pkcs11_startup and avoid duplicate tokens

pkcs11_startup does a bunch of stuff that we already do or isn't necessary
(like setting up a soft token). Replace the call to it by doing the needed
steps programmatically.

Also change token initialization to use the minimum privileges necessary. None
of the tools and daemons run as root now.

BUG=chromium-os:15403
TEST=manual (see below)

// Check that pkcs initialization succeeds from scratch
1) Blow away /var/lib/opencryptoki and /home/chronos/user/.tpm/
2) Run cryptohome --action=pkcs11_init
3) Pin reset should succeed.

// Entd is correctly able to detect token is being initialized.
// Also, only one token is displayed.
1) Configure cryptohomed to perform TPM initialization instead of entd
2) Install enterprise policy extension.
2) Blow away /home/chronos/user/tpm.
3) Login with a @google.com account
4) Open extension policy Options page
5) Let token initialization complete
6) Only one TPM token should be visible under Tokens

Change-Id: I4af7229b36c882ca6dffc0d9555192664411a671
Reviewed-on: http://gerrit.chromium.org/gerrit/893
Reviewed-by: Ken Mixter <kmixter@chromium.org>
Tested-by: Gaurav Shah <gauravsh@chromium.org>
5 files changed
tree: 43bf5fb96e043559193c1f6305a1e90753f817a3
  1. etc/
  2. lib/
  3. share/
  4. credentials.h
  5. crypto.cc
  6. crypto.h
  7. crypto_unittest.cc
  8. cryptohome.cc
  9. cryptohome.xml
  10. cryptohome_common.h
  11. cryptohome_event_source.cc
  12. cryptohome_event_source.h
  13. cryptohome_event_source_unittest.cc
  14. cryptohome_testrunner.cc
  15. cryptohomed.cc
  16. email_to_image
  17. entropy_source.h
  18. inherit-review-settings-ok
  19. install_attributes.cc
  20. install_attributes.h
  21. install_attributes.proto
  22. install_attributes_unittest.cc
  23. interface.cc
  24. interface.h
  25. LICENSE
  26. lockbox.cc
  27. lockbox.h
  28. lockbox_unittest.cc
  29. make_tests.cc
  30. make_tests.h
  31. make_tests.sh
  32. marshal.list
  33. mock_install_attributes.h
  34. mock_lockbox.h
  35. mock_mount.h
  36. mock_platform.h
  37. mock_tpm.h
  38. mock_user_session.h
  39. mount.cc
  40. mount.h
  41. mount_task.cc
  42. mount_task.h
  43. mount_task_unittest.cc
  44. mount_unittest.cc
  45. old_vault_keyset.cc
  46. old_vault_keyset.h
  47. pam_mount.conf.xml
  48. pkcs11_init.cc
  49. pkcs11_init.h
  50. platform.cc
  51. platform.h
  52. README
  53. README.dbus
  54. README.homedirs
  55. README.lockbox
  56. README.tpm
  57. SConstruct
  58. scoped_tss_type.h
  59. secure_blob.cc
  60. secure_blob.h
  61. secure_blob_unittest.cc
  62. service.cc
  63. service.h
  64. service_unittest.cc
  65. sha_test_vectors.cc
  66. sha_test_vectors.h
  67. tpm.cc
  68. tpm.h
  69. tpm_init.cc
  70. tpm_init.h
  71. tpm_status.proto
  72. user_oldest_activity_timestamp_cache.cc
  73. user_oldest_activity_timestamp_cache.h
  74. user_oldest_activity_timestamp_cache_unittest.cc
  75. user_session.cc
  76. user_session.h
  77. user_session_unittest.cc
  78. username_passkey.cc
  79. username_passkey.h
  80. username_passkey_unittest.cc
  81. vault_keyset.cc
  82. vault_keyset.h
  83. vault_keyset.proto
  84. vault_keyset_unittest.cc
  85. WATCHLISTS