blob: 8a17e1dc52c54402dde2f3a5669e9c3f9d800d33 [file] [log] [blame]
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Trousers daemon, which talks to the TPM (or the TPM emulator).
# Started directly from tpm-probe.
# Note, this line is modified by chromeos-factoryinstall.ebuild
# Please do not change without also changing this reference.
stop on starting halt or starting reboot
expect fork
pre-start script
export TPM_DEVICE_PATH=/dev/tpm # /dev/tpm0 may not be created yet
# Temporary fix for BIOS bug. Very Soon[tm] this fix will be in the BIOS.
status=$(/usr/bin/tpm_init_temp_fix || true)
/usr/bin/logger "tpm fix status: $status"
# end of temporary fix
# If we're booting in recovery mode, first do a sanity check of the TPM and
# try to bring it to a sane state. Then clear the TPM owner and lock the
# TPM down.
if [ -e $binf1 -a "$(cat $binf1)" = "0" ]; then
/usr/sbin/chromeos-tpm-recovery /var/log/tpm-recovery.log \
|| logger "tpm-recovery: status $?"
tpmc clear || logger "tpmc clear: status $?"
tpmc enable || logger "tpmc enable: status $?"
tpmc act || logger "tpmc act: status $?"
tpmc block || logger "tpmc block: status $?"
tpmc pplock || logger "tpmc pplock: status $?"
if [ -e /sys/class/misc/tpm0/device/owned ]; then
owned=$(cat /sys/class/misc/tpm0/device/owned || echo "")
if [ "$owned" -eq "0" ]; then
# Clean up any existing tcsd state.
rm -rf /var/lib/tpm/*
elif [ "$owned" -eq "1" ]; then
# Already owned.
# Check if trousers' is size zero. If so, then the TPM has
# been owned already and we need to copy over an empty to be
# able to use it in trousers.
if [ ! -f /var/lib/tpm/ ] || \
[ ! -s /var/lib/tpm/ ]; then
if [ ! -e /var/lib/tpm ]; then
mkdir -m 0700 -p /var/lib/tpm
umask 0177
cp --no-preserve=mode /etc/trousers/ \
umask 0133
touch /var/lib/.tpm_owned
end script
exec /usr/sbin/tcsd