644 cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
645 {
646 TSS_RESULT ret;
647 TSS_HOBJECT hKeySRK;
648
649 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
650 gettext("= TPM owner passphrase ="), 0, NULL))
651 return (ERR_FAIL);
652
653 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
654 TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION, &hKeySRK);
655 if (ret) {
656 print_error(ret, gettext("Create storage root key"));
657 return (ERR_FAIL);
658 }
659
660 if (set_object_policy(hKeySRK, TSS_SECRET_MODE_SHA1, NULL,
661 sizeof (well_known), well_known))
662 return (ERR_FAIL);
663
664 ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
665 if (ret == TPM_E_NO_ENDORSEMENT) {
666 if (createek(hContext, hTPM))
667 return (ERR_FAIL);
668 ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
669 }
670 if (ret) {
671 print_error(ret, gettext("Take ownership"));
672 return (ERR_FAIL);
673 }
674
675 return (0);
676 }
677
678 /*
679 * Auth
680 */
681
682 /*ARGSUSED*/
683 int
684 cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
685 {
686 TSS_RESULT ret;
687 TSS_HPOLICY hNewPolicy;
688
689 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
690 gettext("= TPM owner passphrase ="), 0, NULL))
691 return (ERR_FAIL);
692
693 /* policy object for new passphrase */
694 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
695 TSS_POLICY_USAGE, &hNewPolicy);
696 if (ret) {
697 print_error(ret, gettext("Create policy object"));
698 return (ERR_FAIL);
699 }
700 if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP,
701 gettext("= New TPM owner passphrase ="), 0, NULL))
702 return (ERR_FAIL);
703
704 ret = Tspi_ChangeAuth(hTPM, NULL, hNewPolicy);
705 if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) {
706 print_error(ret, gettext("Change authorization"));
707 return (ERR_FAIL);
708 }
709
710 return (0);
711 }
|
644 cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
645 {
646 TSS_RESULT ret;
647 TSS_HOBJECT hKeySRK;
648
649 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
650 gettext("= TPM owner passphrase ="), 0, NULL))
651 return (ERR_FAIL);
652
653 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
654 TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION, &hKeySRK);
655 if (ret) {
656 print_error(ret, gettext("Create storage root key"));
657 return (ERR_FAIL);
658 }
659
660 if (set_object_policy(hKeySRK, TSS_SECRET_MODE_SHA1, NULL,
661 sizeof (well_known), well_known))
662 return (ERR_FAIL);
663
664 ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, (TSS_HKEY)NULL);
665 if (ret == TPM_E_NO_ENDORSEMENT) {
666 if (createek(hContext, hTPM))
667 return (ERR_FAIL);
668 ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, (TSS_HKEY)NULL);
669 }
670 if (ret) {
671 print_error(ret, gettext("Take ownership"));
672 return (ERR_FAIL);
673 }
674
675 return (0);
676 }
677
678 /*
679 * Auth
680 */
681
682 /*ARGSUSED*/
683 int
684 cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
685 {
686 TSS_RESULT ret;
687 TSS_HPOLICY hNewPolicy;
688
689 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
690 gettext("= TPM owner passphrase ="), 0, NULL))
691 return (ERR_FAIL);
692
693 /* policy object for new passphrase */
694 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
695 TSS_POLICY_USAGE, &hNewPolicy);
696 if (ret) {
697 print_error(ret, gettext("Create policy object"));
698 return (ERR_FAIL);
699 }
700 if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP,
701 gettext("= New TPM owner passphrase ="), 0, NULL))
702 return (ERR_FAIL);
703
704 ret = Tspi_ChangeAuth(hTPM, (TSS_HOBJECT)NULL, hNewPolicy);
705 if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) {
706 print_error(ret, gettext("Change authorization"));
707 return (ERR_FAIL);
708 }
709
710 return (0);
711 }
|