def test_ownerpw(owner_pw,reentry=False):
tmppath = None
try:
#make a temp file for the output
_,tmppath = tempfile.mkstemp()
(output,code) = tpm_exec.run("getpubek -pwdo %s -ok %s"%(owner_pw,tmppath),raiseOnError=False)
if code!=tpm_exec.EXIT_SUCESS:
if len(output)>0 and output[0].startswith("Error Authentication failed (Incorrect Password) from TPM_OwnerReadPubek"):
return False
elif len(output)>0 and output[0].startswith("Error Defend lock running from TPM_OwnerReadPubek"):
if reentry:
logger.error("Unable to unlock TPM")
return False
# tpm got locked. lets try to unlock it
logger.error("TPM is locked from too many invalid owner password attempts, attempting to unlock with password: %s"%owner_pw)
# i have no idea why, but runnig this twice seems to actually work
tpm_exec.run("resetlockvalue -pwdo %s"%owner_pw,raiseOnError=False)
tpm_exec.run("resetlockvalue -pwdo %s"%owner_pw,raiseOnError=False)
return test_ownerpw(owner_pw,True)
else:
raise Exception("test ownerpw, getpubek failed with code "+str(code)+": "+str(output))
finally:
if tmppath is not None:
os.remove(tmppath)
return True
评论列表
文章目录
