blob: 26ec3c243495a445c9061cad9ac87160e17e18da [file] [log] [blame]
// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package hwsec
import (
const tpmManagerLocalDataBackupPath = "/var/lib/tpm_manager/local_tpm_data.tast-hwsec-backup"
// isTPMLocalDataIntact uses tpm_manager_client to check if local data still contains owner password,
// which means the set of imporant secrets are still intact.
func isTPMLocalDataIntact(ctx context.Context) (bool, error) {
out, err := testexec.CommandContext(ctx, "tpm_manager_client", "status").Output()
if err != nil {
return false, errors.Wrap(err, "failed to call tpm_manager_client")
return strings.Contains(string(out), "owner_password"), nil
// BackupTPMManagerDataIfIntact backs up a the tpm manager data if the important secrets is not cleared.
func BackupTPMManagerDataIfIntact(ctx context.Context) error {
ok, err := isTPMLocalDataIntact(ctx)
if err != nil {
return errors.Wrap(err, "failed to check tpm local data")
if !ok {
return errors.New("owner password not found")
if err := fsutil.CopyFile(hwsec.TpmManagerLocalDataPath, tpmManagerLocalDataBackupPath); err != nil {
return errors.Wrap(err, "failed to copy tpm manager local data")
return nil
// RestoreTPMManagerData copies the backup file back to the location of tpm manager local data.
func RestoreTPMManagerData(ctx context.Context) error {
if err := fsutil.CopyFile(tpmManagerLocalDataBackupPath, hwsec.TpmManagerLocalDataPath); err != nil {
return errors.Wrap(err, "failed to copy tpm manager local data backup")
return nil