File: tpm_firmware_update.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (69 lines) | stat: -rw-r--r-- 2,477 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_TPM_TPM_FIRMWARE_UPDATE_H_
#define CHROME_BROWSER_ASH_TPM_TPM_FIRMWARE_UPDATE_H_

#include <memory>
#include <set>

#include "base/functional/callback_forward.h"
#include "base/time/time.h"

namespace base {
class Value;
}

namespace enterprise_management {
class TPMFirmwareUpdateSettingsProto;
}

namespace ash {
namespace tpm_firmware_update {

// Constants to identify the TPM firmware update modes that are supported. Do
// not re-assign constants, the numbers appear in local_state pref values.
enum class Mode : int {
  // No update should take place. Used as a default in contexts where there is
  // no proper value.
  kNone = 0,
  // Update TPM firmware via powerwash.
  kPowerwash = 1,
  // Device-state preserving update flow. Destroys all user data.
  kPreserveDeviceState = 2,
  // Force clear TPM after successful update, useful to flush out vulnerable
  // SRK that might be left behind.
  kCleanup = 3,
};

// Settings dictionary key constants.
extern const char kSettingsKeyAllowPowerwash[];
extern const char kSettingsKeyAllowPreserveDeviceState[];
extern const char kSettingsKeyAutoUpdateMode[];

// Decodes the TPM firmware update settings into base::Value representation.
base::Value DecodeSettingsProto(
    const enterprise_management::TPMFirmwareUpdateSettingsProto& settings);

// Check what update modes are allowed. The |timeout| parameter determines how
// long to wait in case the decision whether an update is available is still
// pending.
void GetAvailableUpdateModes(
    base::OnceCallback<void(const std::set<Mode>&)> completion,
    base::TimeDelta timeout);

// Checks if there's a TPM firmware update available. Calls the callback
// |completion| with the result. Result is true if there's an update available
// and the SRK (Storage Root Key) is vulnerable, false otherwise. More
// information: https://www.chromium.org/chromium-os/tpm_firmware_update Note:
// This method doesn't check if policy allows TPM firmware updates. Note: This
// method doesn't consider the case where the firmware is updated but the SRK is
// still vulnerable.
void UpdateAvailable(base::OnceCallback<void(bool)> completion,
                     base::TimeDelta timeout);

}  // namespace tpm_firmware_update
}  // namespace ash

#endif  // CHROME_BROWSER_ASH_TPM_TPM_FIRMWARE_UPDATE_H_