entd: expect cryptohome to initialize pkcs11 by default
BUG=chromium-os:14277
TEST=bvt && below:
1) Log into device without tpm token
2) load enterprise extension and get a certificate
3) log out
4) log in, certificate persists
5) verify secure_certificates it not a crosh command
6) verify if pkcsslotd is started slowly by cryptohome the
extension/entd recovers ok not needing to have entd
start after pkcsslotd.
Change-Id: I651b04dde445966c5f698e23f0636b0d692687a7
Reviewed-on: http://gerrit.chromium.org/gerrit/1272
Tested-by: Ken Mixter <kmixter@chromium.org>
Reviewed-by: Robert Ginda <rginda@chromium.org>
diff --git a/bin/entdwife.sh b/bin/entdwife.sh
index dad3a05..b602e5a 100755
--- a/bin/entdwife.sh
+++ b/bin/entdwife.sh
@@ -292,16 +292,12 @@
local extid="$(basename $(dirname "$extension"))"
- local cryptohome_flag=""
- if [ -r "/home/chronos/.cryptohome-init-pkcs11" ]; then
- cryptohome_flag="--cryptohome-init-pkcs11"
- fi
# Run entd in the background and wait on it - this allows the
# shell interpreter to catch TERM signal and clean up session_path.
"$FLAGS_entd" --utility="$FLAGS_utility" "$root_ca_option" \
--policy="$extension/policy.js" --manifest="$extension/manifest.json" \
--username="$FLAGS_username" --callback-origin=chrome-extension://"$extid" \
- --session-id="$session_id" $cryptohome_flag &
+ --session-id="$session_id" &
local pid=$!
wait $pid
}
diff --git a/main.cc b/main.cc
index 2e73c51..21e0b7c 100644
--- a/main.cc
+++ b/main.cc
@@ -54,10 +54,6 @@
static const char *kSessionId = "session-id";
-// TODO(crosbug.com/14277): Remove option and assume it is true.
-static const char *kCryptohomeInitPkcs11 =
- "cryptohome-init-pkcs11";
-
} // namespace switches
// Return values:
@@ -139,11 +135,6 @@
LOG(INFO) << "Setting libcros location: " << entd::Entd::libcros_location;
}
- if (cl->HasSwitch(switches::kCryptohomeInitPkcs11)) {
- LOG(INFO) << "Expecting cryptohome to initialize the TPM token";
- entd::Tpm::cryptohome_init_pkcs11 = true;
- }
-
if (cl->HasSwitch(switches::kAllowFileIO)) {
LOG(INFO) << "Allowing File IO.";
entd::Entd::allow_file_io = true;
diff --git a/tpm.cc b/tpm.cc
index 04d3f5a..feb7e7a 100644
--- a/tpm.cc
+++ b/tpm.cc
@@ -9,8 +9,6 @@
namespace entd {
-bool Tpm::cryptohome_init_pkcs11 = false;
-
bool Tpm::Initialize() {
return true;
}
@@ -54,14 +52,12 @@
v8::Handle<v8::Value>(), // Don't need any data.
v8::DEFAULT, // DEFAULT AccessControl
v8::DontDelete);
- if (cryptohome_init_pkcs11) {
- instance_t->SetAccessor(v8::String::New("isTokenReady"),
- Tpm::IsTokenReady,
- 0, // readonly, so setter is NULL
- v8::Handle<v8::Value>(), // Don't need any data.
- v8::DEFAULT, // DEFAULT AccessControl
- v8::DontDelete);
- }
+ instance_t->SetAccessor(v8::String::New("isTokenReady"),
+ Tpm::IsTokenReady,
+ 0, // readonly, so setter is NULL
+ v8::Handle<v8::Value>(), // Don't need any data.
+ v8::DEFAULT, // DEFAULT AccessControl
+ v8::DontDelete);
return true;
}
diff --git a/tpm.h b/tpm.h
index 31b9eae..4eb01c1 100644
--- a/tpm.h
+++ b/tpm.h
@@ -32,8 +32,6 @@
const v8::AccessorInfo& info);
static v8::Handle<v8::Value> IsTokenReady(v8::Local<v8::String> property,
const v8::AccessorInfo& info);
-
- static bool cryptohome_init_pkcs11;
};
} // namespace entd
