The attached patch adds support for -p/--pass to tpm_clear, which lets a user
supply the TPM password on the command line instead of from stdin. The patch
applies and builds against tpm-tools 1.3.5.
-- elly
diff --git a/src/tpm_mgmt/tpm_clear.c b/src/tpm_mgmt/tpm_clear.c
index c7b286f..6549a67 100644
--- a/src/tpm_mgmt/tpm_clear.c
+++ b/src/tpm_mgmt/tpm_clear.c
@@ -25,6 +25,7 @@
//Controled by input options
static BOOL bValue = FALSE; //If true FORCE CLEAR
static BOOL isWellKnown = FALSE;
+static char *szTpmPasswd = NULL;
TSS_HCONTEXT hContext = 0;
static inline TSS_RESULT tpmClearOwner(TSS_HTPM a_hTpm, BOOL a_bValue)
@@ -42,6 +43,7 @@ static void help(const char *aCmd)
logCmdHelp(aCmd);
logUnicodeCmdOption();
logCmdOption("-f, --force", _("Use physical presence authorization."));
+ logCmdOption("-p, --password", _("TPM authorization data."));
logCmdOption("-z, --well-known",
_("Use 20 bytes of zeros (TSS_WELL_KNOWN_SECRET) as the TPM secret authorization data"));
}
@@ -54,6 +56,10 @@ static int parse(const int aOpt, const char *aArg)
logDebug(_("Changing mode to use force authorization\n"));
bValue = TRUE;
break;
+ case 'p':
+ logDebug(_("Setting password\n"));
+ szTpmPasswd = strdup(aArg);
+ break;
case 'z':
logDebug(_("Using TSS_WELL_KNOWN_SECRET to authorize the TPM command\n"));
isWellKnown = TRUE;
@@ -68,13 +74,13 @@ static int parse(const int aOpt, const char *aArg)
int main(int argc, char **argv)
{
- char *szTpmPasswd = NULL;
int pswd_len;
TSS_HTPM hTpm;
TSS_HPOLICY hTpmPolicy;
int iRc = -1;
struct option opts[] = {
{"force", no_argument, NULL, 'f'},
+ {"pass", required_argument, NULL, 'p'},
{"well-known", no_argument, NULL, 'z'},
};
BYTE well_known[] = TSS_WELL_KNOWN_SECRET;
@@ -82,7 +88,7 @@ int main(int argc, char **argv)
initIntlSys();
if (genericOptHandler
- (argc, argv, "fz", opts, sizeof(opts) / sizeof(struct option),
+ (argc, argv, "fpz", opts, sizeof(opts) / sizeof(struct option),
parse, help) != 0)
goto out;
@@ -99,12 +105,14 @@ int main(int argc, char **argv)
if (isWellKnown){
szTpmPasswd = (char *)well_known;
pswd_len = sizeof(well_known);
- }else{
+ }else if (!szTpmPasswd){
szTpmPasswd = GETPASSWD(_("Enter owner password: "), &pswd_len, FALSE);
if (!szTpmPasswd) {
logMsg(_("Failed to get password\n"));
goto out_close;
}
+ }else{
+ pswd_len = strlen(szTpmPasswd);
}
if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
