From ecbc296c22f9269d8910d644e9ee04d1838260bb Mon Sep 17 00:00:00 2001
From: Wang Xiaokai <xiaokai.wang@intel.com>
Date: Tue, 5 Mar 2013 10:57:52 +0800
Subject: [PATCH] add tpm_getpermanentflags cmd

---
 src/tpm_mgmt/tpm_getpermanentflags.c |  238 ++++++++++++++++++++++++++++++++++
 1 file changed, 238 insertions(+)
 create mode 100644 src/tpm_mgmt/tpm_getpermanentflags.c

diff --git a/src/tpm_mgmt/tpm_getpermanentflags.c b/src/tpm_mgmt/tpm_getpermanentflags.c
new file mode 100644
index 0000000..ebc0362
--- /dev/null
+++ b/src/tpm_mgmt/tpm_getpermanentflags.c
@@ -0,0 +1,238 @@
+/*
+ * The Initial Developer of the Original Code is International
+ * Business Machines Corporation. Portions created by IBM
+ * Corporation are Copyright (C) 2013 International Business
+ * Machines Corporation. All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the Common Public License as published by
+ * IBM Corporation; either version 1 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * Common Public License for more details.
+ *
+ * You should have received a copy of the Common Public License
+ * along with this program; if not, a copy can be viewed at
+ * http://www.opensource.org/licenses/cpl1.0.php.
+ */
+
+#include <limits.h>
+#include <arpa/inet.h>
+
+#include "tpm_tspi.h"
+#include "tpm_utils.h"
+#include "tpm_nvcommon.h"
+
+#define BUFFER_SIZE 1024
+
+static const char *ownerpass;
+TSS_HCONTEXT hContext = 0;
+static BOOL askOwnerPass;
+int opswd_len = -1;
+
+static int parse(const int aOpt, const char *aArg)
+{
+
+	switch (aOpt) {
+	case 'o':
+		ownerpass = aArg;
+		if (!ownerpass)
+			askOwnerPass = TRUE;
+		else
+			askOwnerPass = FALSE;
+		break;
+
+	default:
+		return -1;
+	}
+	return 0;
+}
+
+
+static void help(const char* aCmd)
+{
+	logCmdHelp(aCmd);
+	logCmdOption("-o, --pwdo",
+		     _("Owner password."));
+}
+
+const char *bool_to_str(int b)
+{
+	return b ? "TRUE" : "FALSE";
+}
+
+void Decode_copy_UINT32(uint32_t *out,unsigned char **blob)
+{
+	*out = Decode_UINT32((BYTE *)*blob);
+	*blob += sizeof(*out);
+}
+
+typedef struct {
+	uint32_t disable                            : 1;
+	uint32_t ownership                          : 1;
+	uint32_t deactivated                        : 1;
+	uint32_t readPubek                          : 1;
+	uint32_t disableOwnerClear                  : 1;
+	uint32_t allowMaintenance                   : 1;
+	uint32_t physicalPresenceLifetimeLock       : 1;
+	uint32_t physicalPresenceHWEnable           : 1;
+	uint32_t physicalPresenceCMDEnable          : 1;
+	uint32_t CEKPUsed                           : 1;
+	uint32_t TPMpost                            : 1;
+	uint32_t TPMpostLock                        : 1;
+	uint32_t FIPS                               : 1;
+	uint32_t Operator                           : 1;
+	uint32_t enableRevokeEK                     : 1;
+	uint32_t nvLocked                           : 1;
+	uint32_t readSRKPub                         : 1;
+	uint32_t tpmEstablished                     : 1;
+	uint32_t maintenanceDone                    : 1;
+} tpm_perm_flags_t;
+
+typedef struct {
+	uint32_t deactivated              : 1;
+	uint32_t disableForceClear        : 1;
+	uint32_t physicalPresence         : 1;
+	uint32_t physicalPresenceLock     : 1;
+	uint32_t bGlobalLock              : 1;
+} tpm_stclear_flags_t;
+
+TSS_RESULT
+display_flags(void)
+{
+	TSS_HPOLICY htpmpolicy = 0;
+	TSS_HCONTEXT hcontext = 0;
+	TSS_HTPM htpm = 0;
+
+	uint32_t i;
+	uint32_t subcap = 0;
+	uint32_t datasize = 0;
+	unsigned char *pbuf;
+	tpm_perm_flags_t perm_flags;
+	tpm_stclear_flags_t stclear_flags;
+
+	if (contextCreate(&hcontext) != TSS_SUCCESS)
+		goto out_close;
+
+	if (contextConnect(hcontext) != TSS_SUCCESS)
+		goto out_close;
+
+	if (contextGetTpm(hcontext, &htpm) != TSS_SUCCESS)
+		goto out_close;
+
+	if (policyGet(htpm, &htpmpolicy) != TSS_SUCCESS)
+		goto out_close;
+	if (opswd_len < 0)
+		opswd_len = strlen(ownerpass);
+	if (policySetSecret(htpmpolicy, opswd_len,
+				(BYTE *)ownerpass) != TSS_SUCCESS)
+		goto out_close;
+
+	if (getCapability(htpm, TSS_TPMCAP_FLAG, 4, (unsigned char *)&subcap,
+	              &datasize, &pbuf) != TSS_SUCCESS) {
+		logMsg(_("error getting TPM_PERMANENT_FLAGS.\n"));
+		goto out_close;
+	}
+
+	if (datasize != 2*sizeof(uint32_t)) {
+		logMsg(_("error getting TPM_PERMANENT_FLAGS.\n"));
+		goto out_close;
+	}
+
+	if (pbuf == NULL) {
+		logMsg(_("error getting TPM_PERMANENT_FLAGS.\n"));
+		goto out_close;
+	}
+
+	logMsg("The response data is:\n");
+	for (i = 0; i < datasize; i++) {
+		logMsg("%02x ", pbuf[i]);
+
+		if (i%16 == 15)
+			logMsg("\n");
+	}
+	logMsg("\n");
+
+	Decode_copy_UINT32((uint32_t *)&perm_flags, &pbuf);
+	Decode_copy_UINT32((uint32_t *)&stclear_flags, &pbuf);
+
+	logMsg("TPM_PERMANENT_FLAGS:\n");
+	logMsg("\t disable: %s\n", bool_to_str(perm_flags.disable));
+	logMsg("\t ownership: %s\n", bool_to_str(perm_flags.ownership));
+	logMsg("\t deactivated: %s\n", bool_to_str(perm_flags.deactivated));
+	logMsg("\t readPubek: %s\n", bool_to_str(perm_flags.readPubek));
+	logMsg("\t disableOwnerClear: %s\n",
+	           bool_to_str(perm_flags.disableOwnerClear));
+	logMsg("\t allowMaintenance: %s\n",
+	           bool_to_str(perm_flags.allowMaintenance));
+	logMsg("\t physicalPresenceLifetimeLock: %s\n",
+	           bool_to_str(perm_flags.physicalPresenceLifetimeLock));
+	logMsg("\t physicalPresenceHWEnable: %s\n",
+	           bool_to_str(perm_flags.physicalPresenceHWEnable));
+	logMsg("\t physicalPresenceCMDEnable: %s\n",
+	           bool_to_str(perm_flags.physicalPresenceCMDEnable));
+	logMsg("\t CEKPUsed: %s\n", bool_to_str(perm_flags.CEKPUsed));
+	logMsg("\t TPMpost: %s\n", bool_to_str(perm_flags.TPMpost));
+	logMsg("\t TPMpostLock: %s\n", bool_to_str(perm_flags.TPMpostLock));
+	logMsg("\t FIPS: %s\n", bool_to_str(perm_flags.FIPS));
+	logMsg("\t Operator: %s\n", bool_to_str(perm_flags.Operator));
+	logMsg("\t enableRevokeEK: %s\n",
+	           bool_to_str(perm_flags.enableRevokeEK));
+	logMsg("\t nvLocked: %s\n", bool_to_str(perm_flags.nvLocked));
+	logMsg("\t readSRKPub: %s\n", bool_to_str(perm_flags.readSRKPub));
+	logMsg("\t tpmEstablished: %s\n",
+	           bool_to_str(perm_flags.tpmEstablished));
+	logMsg("\t maintenanceDone: %s\n",
+	           bool_to_str(perm_flags.maintenanceDone));
+
+	logMsg("\nTPM_STCLEAR_FLAGS:\n");
+	logMsg("\t deactivated: %s\n", bool_to_str(stclear_flags.deactivated));
+	logMsg("\t disableForceClear: %s\n",
+	           bool_to_str(stclear_flags.disableForceClear));
+	logMsg("\t physicalPresence: %s\n",
+	           bool_to_str(stclear_flags.physicalPresence));
+	logMsg("\t physicalPresenceLock: %s\n",
+	           bool_to_str(stclear_flags.physicalPresenceLock));
+	logMsg("\t bGlobalLock: %s\n", bool_to_str(stclear_flags.bGlobalLock));
+
+	out_close:
+	contextClose(hcontext);
+
+	return TSS_SUCCESS;
+}
+
+int main(int argc, char **argv)
+{
+	int iRc = -1;
+	struct option hOpts[] = {
+		{"pwdo", optional_argument, NULL, 'o'},
+	};
+
+	initIntlSys();
+
+	if (genericOptHandler
+		    (argc, argv, "o", hOpts,
+		     sizeof(hOpts) / sizeof(struct option), parse, help) != 0)
+		goto out;
+
+	if (askOwnerPass) {
+		ownerpass = _GETPASSWD(_("Enter owner password: "), &opswd_len,
+			FALSE, useUnicode );
+		if (!ownerpass) {
+			logError(_("Failed to get owner password\n"));
+			goto out;
+		}
+	}
+
+	if (display_flags() != TSS_SUCCESS)
+		return iRc;
+
+	iRc = 0;
+
+       out:
+
+	return iRc;
+}
-- 
1.7.9.5