[portage-stable] add --pass support to tpm_clear

BUG=chromium-os:19971 TEST=Adhoc tpm_clear -l debug --pass <tpm password> works. Change-Id: Ibcd7eb02e07d244caaafc02993cb58b3868739fc Signed-off-by: Elly Jones <ellyjones@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/20590 Reviewed-by: Kees Cook <keescook@chromium.org>
2025-09-29 17:41:05 +02:00 · 2012-04-19 13:04:13 -04:00 · 2012-04-19 13:04:13 -04:00 · 8bfa7483af
commit 8bfa7483af
parent 1db581847f
2 changed files with 119 additions and 0 deletions
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm-tools/files/tpm-tools-1.3.5-password.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm-tools/files/tpm-tools-1.3.5-password.patch
@ -0,0 +1,71 @@
+diff --git a/src/tpm_mgmt/tpm_clear.c b/src/tpm_mgmt/tpm_clear.c
+index c7b286f..6549a67 100644
+--- a/src/tpm_mgmt/tpm_clear.c
+++ b/src/tpm_mgmt/tpm_clear.c
+@@ -25,6 +25,7 @@
+ //Controled by input options
+ static BOOL bValue = FALSE;	//If true FORCE CLEAR
+ static BOOL isWellKnown = FALSE;
+static char *szTpmPasswd = NULL;
+ TSS_HCONTEXT hContext = 0;
+ 
+ static inline TSS_RESULT tpmClearOwner(TSS_HTPM a_hTpm, BOOL a_bValue)
+@@ -42,6 +43,7 @@ static void help(const char *aCmd)
+ 	logCmdHelp(aCmd);
+ 	logUnicodeCmdOption();
+ 	logCmdOption("-f, --force", _("Use physical presence authorization."));
+	logCmdOption("-p, --password", _("TPM authorization data."));
+ 	logCmdOption("-z, --well-known",
+ 		     _("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data"));
+ }
+@@ -54,6 +56,10 @@ static int parse(const int aOpt, const char *aArg)
+ 		logDebug(_("Changing mode to use force authorization\n"));
+ 		bValue = TRUE;
+ 		break;
+	case 'p':
+		logDebug(_("Setting password\n"));
+		szTpmPasswd = strdup(aArg);
+		break;
+ 	case 'z':
+ 		logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n"));
+ 		isWellKnown = TRUE;
+@@ -68,13 +74,13 @@ static int parse(const int aOpt, const char *aArg)
+ int main(int argc, char **argv)
+ {
+ 
+-	char *szTpmPasswd = NULL;
+ 	int pswd_len;
+ 	TSS_HTPM hTpm;
+ 	TSS_HPOLICY hTpmPolicy;
+ 	int iRc = -1;
+ 	struct option opts[] = {
+ 			{"force", no_argument, NULL, 'f'},
+			{"pass", required_argument, NULL, 'p'},
+ 			{"well-known", no_argument, NULL, 'z'},
+ 	};
+ 	BYTE well_known[] = TSS_WELL_KNOWN_SECRET;
+@@ -82,7 +88,7 @@ int main(int argc, char **argv)
+         initIntlSys();
+ 
+ 	if (genericOptHandler
+-	    (argc, argv, "fz", opts, sizeof(opts) / sizeof(struct option),
+	    (argc, argv, "fpz", opts, sizeof(opts) / sizeof(struct option),
+ 	     parse, help) != 0)
+ 		goto out;
+ 
+@@ -99,12 +105,14 @@ int main(int argc, char **argv)
+ 		if (isWellKnown){
+ 			szTpmPasswd = (char *)well_known;
+ 			pswd_len = sizeof(well_known);
+-		}else{
+		}else if (!szTpmPasswd){
+ 			szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
+ 			if (!szTpmPasswd) {
+ 				logMsg(_("Failed to get password\n"));
+ 				goto out_close;
+ 			}
+		}else{
+			pswd_len = strlen(szTpmPasswd);
+ 		}
+ 
+ 		if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
--- a/sdk_container/src/third_party/portage-stable/app-crypt/tpm-tools/tpm-tools-1.3.5-r2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/tpm-tools/tpm-tools-1.3.5-r2.ebuild
@ -0,0 +1,48 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/tpm-tools/tpm-tools-1.3.5-r1.ebuild,v 1.1 2011/03/31 22:19:40 flameeyes Exp $
+
+EAPI=4
+inherit autotools eutils flag-o-matic
+
+DESCRIPTION="TrouSerS' support tools for the Trusted Platform Modules"
+HOMEPAGE="http://trousers.sourceforge.net"
+SRC_URI="mirror://sourceforge/trousers/${P}.tar.gz"
+LICENSE="CPL-1.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="nls pkcs11 debug"
+
+COMMON_DEPEND="
+	>=app-crypt/trousers-0.3.0
+	dev-libs/openssl
+	pkcs11? ( dev-libs/opencryptoki )
+	"
+RDEPEND="${COMMON_DEPEND}
+	nls? ( virtual/libintl )"
+DEPEND="${COMMON_DEPEND}
+	nls? ( sys-devel/gettext )"
+
+src_prepare() {
+	sed -i -e "s/-Werror //" configure.in || die "Sed failed"
+	epatch "${FILESDIR}"/${PN}-1.3.1-gold.patch
+	epatch "${FILESDIR}"/${PN}-1.3.5-password.patch
+
+	eautoreconf
+}
+
+src_configure() {
+	local myconf="$(use_enable nls)"
+
+	# don't use --enable-pkcs11-support, configure is a mess.
+	use pkcs11 || myconf+=" --disable-pkcs11-support"
+
+	use debug && append-flags -DDEBUG || append-flags -DNDEBUG
+
+	econf ${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	dodoc README
+}