client/common_lib/cros/enrollment.py

# Copyright 2014 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import logging, os

from autotest_lib.client.bin import utils
from autotest_lib.client.cros import cros_ui, cryptohome, ownership
from telemetry.core import exceptions
from telemetry.core.backends.chrome import cros_interface


_PASSWD_FILE = '/var/tmp/tpm_passwd'


def ClearTPM():
    """Clears the TPM (if it is owned) using the password stored in
    /var/tmp/tpm_passwd. Returns True if tpm was owned.

    @return True if the TPM was owned - enrollment should not be attempted.
    """
    status = cryptohome.get_tpm_status()
    if not status['Owned']:
        logging.debug('TPM is not owned')
        return False
    password = status['Password']
    if not password:
        if not os.path.isfile(_PASSWD_FILE):
            logging.warn('Password file %s doesn\'t exist, cannot clear TPM. '
                         'You need to have the firmware clear the TPM, for '
                         'instance using crossystem or by toggling the dev '
                         'switch.', _PASSWD_FILE)
            return True
        with open(_PASSWD_FILE) as f:
            password = f.read().rstrip()

    if not password:
        logging.warn('Password file %s empty, cannot clear TPM. '
                     'You need to have the firmware clear the TPM, for '
                     'instance using crossystem or by toggling the dev switch.',
                     _PASSWD_FILE)
        return True

    cros_ui.stop()
    res = utils.system_output('tpm_clear --pass ' + password)
    logging.warn(repr(res))

    cryptohome.remove_all_vaults()
    ownership.clear_ownership_files_no_restart()
    logging.warn('Please reboot the system')
    return True


def _SaveTPMPassword():
    """Save TPM Password to /var/tpm/tpm_passwd.

    During enrollment, the TPM password becomes visible - we capture it and
    save it in to a local file, so we can clear the TPM at the end of the test.
    """
    password = utils.poll_for_condition(
            lambda: cryptohome.get_tpm_status()['Password'],
            sleep_interval=0.5, timeout=60)
    if password:
        with open(_PASSWD_FILE, 'w') as f:
            f.write(password)
    else:
        logging.warn('Could not save TPM password')
    logging.info('TPM Password: ' + password)
    return password


def _ExecuteOobeCmd(browser, cmd):
    logging.info('Invoking ' + cmd)
    oobe = browser.oobe
    oobe.WaitForJavaScriptExpression('typeof Oobe !== \'undefined\'', 10)
    oobe.ExecuteJavaScript(cmd)


def SwitchToRemora(browser):
    """Switch to Remora enrollment.

    @param browser: telemetry browser object.
    """
    _cri = cros_interface.CrOSInterface()
    pid = _cri.GetChromePid()
    try:
        # This will restart the browser.
        _ExecuteOobeCmd(browser, 'Oobe.remoraRequisitionForTesting();')
    except (exceptions.BrowserConnectionGoneException,
            exceptions.TabCrashException):
        pass
    utils.poll_for_condition(lambda: pid != _cri.GetChromePid(), timeout=60)
    utils.poll_for_condition(lambda: browser.oobe_exists, timeout=30)

    _ExecuteOobeCmd(browser, 'Oobe.skipToLoginForTesting();')
    _SaveTPMPassword()


def FinishEnrollment(oobe):
    """Wait for enrollment to finish and dismiss the last enrollment screen.

    @param oobe: telemetry oobe object.
    """
    oobe.WaitForJavaScriptExpression(
            "document.getElementById('oauth-enrollment').className."
            "search('oauth-enroll-state-success') != -1", 30)
    oobe.EvaluateJavaScript('Oobe.enterpriseEnrollmentDone();')


def RemoraEnrollment(browser, user_id, password):
    """Enterprise login for a Remora device.

    @param browser: telemetry browser object.
    @param user_id: login credentials user_id.
    @param password: login credentials password.
    """
    SwitchToRemora(browser)
    browser.oobe.NavigateGaiaLogin(user_id, password)
    FinishEnrollment(browser.oobe)