tcsd.conf - chromiumos/platform/init - Git at Google

 # Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Trousers daemon, which talks to the TPM (or the TPM emulator).
 # Started directly from tpm-probe.

 # Note, this line is modified by chromeos-factoryinstall.ebuild
 # Please do not change without also changing this reference.
 stop on starting halt or starting reboot

 respawn
 expect fork

 pre-start script
   export TPM_DEVICE_PATH=/dev/tpm  # /dev/tpm0 may not be created yet

   # Temporary fix for BIOS bug.  Very Soon[tm] this fix will be in the BIOS.
   status=$(/usr/bin/tpm_init_temp_fix || true)
   /usr/bin/logger "tpm fix status: $status"
   # end of temporary fix

   # If we're booting in recovery mode, first do a sanity check of the TPM and
   # try to bring it to a sane state.  Then clear the TPM owner and lock the
   # TPM down.
   binf1=/sys/devices/platform/chromeos_acpi/BINF.1
   if [ -e $binf1 -a "$(cat $binf1)" = "0" ]; then
     /usr/sbin/chromeos-tpm-recovery /var/log/tpm-recovery.log \
         || logger "tpm-recovery: status $?"
     tpmc clear  || logger "tpmc clear:  status $?"
     tpmc enable || logger "tpmc enable: status $?"
     tpmc act    || logger "tpmc act:    status $?"
     tpmc block  || logger "tpmc block:  status $?"
     tpmc pplock || logger "tpmc pplock: status $?"
   fi

   if [ -e /sys/class/misc/tpm0/device/owned ]; then
     owned=$(cat /sys/class/misc/tpm0/device/owned || echo "")
     if [ "$owned" -eq "0" ]; then
       # Clean up any existing tcsd state.
       rm -rf /var/lib/tpm/*
     elif [ "$owned" -eq "1" ]; then
       # Already owned.
       # Check if trousers' system.data is size zero.  If so, then the TPM has
       # been owned already and we need to copy over an empty system.data to be
       # able to use it in trousers.
       if [ ! -f /var/lib/tpm/system.data ] || \
          [ ! -s /var/lib/tpm/system.data ]; then
         if [ ! -e /var/lib/tpm ]; then
           mkdir -m 0700 -p /var/lib/tpm
         fi
         umask 0177
         cp --no-preserve=mode /etc/trousers/system.data.auth \
           /var/lib/tpm/system.data
         umask 0133
         touch /var/lib/.tpm_owned
       fi
     fi
   fi
 end script

 exec /usr/sbin/tcsd
	# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Trousers daemon, which talks to the TPM (or the TPM emulator).
	# Started directly from tpm-probe.

	# Note, this line is modified by chromeos-factoryinstall.ebuild
	# Please do not change without also changing this reference.
	stop on starting halt or starting reboot

	respawn
	expect fork

	pre-start script
	export TPM_DEVICE_PATH=/dev/tpm # /dev/tpm0 may not be created yet

	# Temporary fix for BIOS bug. Very Soon[tm] this fix will be in the BIOS.
	status=$(/usr/bin/tpm_init_temp_fix \|\| true)
	/usr/bin/logger "tpm fix status: $status"
	# end of temporary fix

	# If we're booting in recovery mode, first do a sanity check of the TPM and
	# try to bring it to a sane state. Then clear the TPM owner and lock the
	# TPM down.
	binf1=/sys/devices/platform/chromeos_acpi/BINF.1
	if [ -e $binf1 -a "$(cat $binf1)" = "0" ]; then
	/usr/sbin/chromeos-tpm-recovery /var/log/tpm-recovery.log \
	\|\| logger "tpm-recovery: status $?"
	tpmc clear \|\| logger "tpmc clear: status $?"
	tpmc enable \|\| logger "tpmc enable: status $?"
	tpmc act \|\| logger "tpmc act: status $?"
	tpmc block \|\| logger "tpmc block: status $?"
	tpmc pplock \|\| logger "tpmc pplock: status $?"
	fi

	if [ -e /sys/class/misc/tpm0/device/owned ]; then
	owned=$(cat /sys/class/misc/tpm0/device/owned \|\| echo "")
	if [ "$owned" -eq "0" ]; then
	# Clean up any existing tcsd state.
	rm -rf /var/lib/tpm/*
	elif [ "$owned" -eq "1" ]; then
	# Already owned.
	# Check if trousers' system.data is size zero. If so, then the TPM has
	# been owned already and we need to copy over an empty system.data to be
	# able to use it in trousers.
	if [ ! -f /var/lib/tpm/system.data ] \|\| \
	[ ! -s /var/lib/tpm/system.data ]; then
	if [ ! -e /var/lib/tpm ]; then
	mkdir -m 0700 -p /var/lib/tpm
	fi
	umask 0177
	cp --no-preserve=mode /etc/trousers/system.data.auth \
	/var/lib/tpm/system.data
	umask 0133
	touch /var/lib/.tpm_owned
	fi
	fi
	fi
	end script

	exec /usr/sbin/tcsd