tcsd.conf - chromiumos/platform/init - Git at Google

 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Trousers daemon, which talks to the TPM (or the TPM emulator).
 # Started directly from tpm-probe.

 # Note, this line is modified by chromeos-factoryinstall.ebuild
 # Please do not change without also changing this reference.
 stop on starting halt or starting reboot

 respawn
 expect fork

 pre-start script
   # Temporary fix for BIOS bug.  Very Soon[tm] this fix will be in the BIOS.
   status=$(/usr/bin/tpm_init_temp_fix || true)
   logger -t "$UPSTART_JOB" "fix status $status"
   # end of temporary fix

   # If we're booting in recovery mode, first do a sanity check of the TPM and
   # try to bring it to a sane state.  Then clear the TPM owner and lock the
   # TPM down.
   if ! crossystem "recovery_reason?0" ; then
     /usr/sbin/chromeos-tpm-recovery /var/log/tpm-recovery.log \
         || logger -t "$UPSTART_JOB" "tpm-recovery status $?"
     tpmc clear  || logger -t "$UPSTART_JOB" "tpmc clear:  status $?"
     tpmc enable || logger -t "$UPSTART_JOB" "tpmc enable: status $?"
     tpmc act    || logger -t "$UPSTART_JOB" "tpmc act:    status $?"
     tpmc block  || logger -t "$UPSTART_JOB" "tpmc block:  status $?"
     tpmc pplock || logger -t "$UPSTART_JOB" "tpmc pplock: status $?"
   fi

   if [ -e /sys/class/misc/tpm0/device/owned ]; then
     owned=$(cat /sys/class/misc/tpm0/device/owned || echo "")
     if [ "$owned" -eq "0" ]; then
       # Clean up any existing tcsd state.
       rm -rf /var/lib/tpm/*
     elif [ "$owned" -eq "1" ]; then
       # Already owned.
       # Check if trousers' system.data is size zero.  If so, then the TPM has
       # been owned already and we need to copy over an empty system.data to be
       # able to use it in trousers.
       if [ ! -f /var/lib/tpm/system.data ] || \
          [ ! -s /var/lib/tpm/system.data ]; then
         if [ ! -e /var/lib/tpm ]; then
           mkdir -m 0700 -p /var/lib/tpm
         fi
         umask 0177
         cp --no-preserve=mode /etc/trousers/system.data.auth \
           /var/lib/tpm/system.data
         umask 0133
         touch /var/lib/.tpm_owned
       fi
     fi
   fi
 end script

 exec /usr/sbin/tcsd
	# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Trousers daemon, which talks to the TPM (or the TPM emulator).
	# Started directly from tpm-probe.

	# Note, this line is modified by chromeos-factoryinstall.ebuild
	# Please do not change without also changing this reference.
	stop on starting halt or starting reboot

	respawn
	expect fork

	pre-start script
	# Temporary fix for BIOS bug. Very Soon[tm] this fix will be in the BIOS.
	status=$(/usr/bin/tpm_init_temp_fix \|\| true)
	logger -t "$UPSTART_JOB" "fix status $status"
	# end of temporary fix

	# If we're booting in recovery mode, first do a sanity check of the TPM and
	# try to bring it to a sane state. Then clear the TPM owner and lock the
	# TPM down.
	if ! crossystem "recovery_reason?0" ; then
	/usr/sbin/chromeos-tpm-recovery /var/log/tpm-recovery.log \
	\|\| logger -t "$UPSTART_JOB" "tpm-recovery status $?"
	tpmc clear \|\| logger -t "$UPSTART_JOB" "tpmc clear: status $?"
	tpmc enable \|\| logger -t "$UPSTART_JOB" "tpmc enable: status $?"
	tpmc act \|\| logger -t "$UPSTART_JOB" "tpmc act: status $?"
	tpmc block \|\| logger -t "$UPSTART_JOB" "tpmc block: status $?"
	tpmc pplock \|\| logger -t "$UPSTART_JOB" "tpmc pplock: status $?"
	fi

	if [ -e /sys/class/misc/tpm0/device/owned ]; then
	owned=$(cat /sys/class/misc/tpm0/device/owned \|\| echo "")
	if [ "$owned" -eq "0" ]; then
	# Clean up any existing tcsd state.
	rm -rf /var/lib/tpm/*
	elif [ "$owned" -eq "1" ]; then
	# Already owned.
	# Check if trousers' system.data is size zero. If so, then the TPM has
	# been owned already and we need to copy over an empty system.data to be
	# able to use it in trousers.
	if [ ! -f /var/lib/tpm/system.data ] \|\| \
	[ ! -s /var/lib/tpm/system.data ]; then
	if [ ! -e /var/lib/tpm ]; then
	mkdir -m 0700 -p /var/lib/tpm
	fi
	umask 0177
	cp --no-preserve=mode /etc/trousers/system.data.auth \
	/var/lib/tpm/system.data
	umask 0133
	touch /var/lib/.tpm_owned
	fi
	fi
	fi
	end script

	exec /usr/sbin/tcsd