#! /bin/sh

# Copyright (c) 2012, Wind River Systems, Inc.
#
# The right to copy, distribute, modify, or otherwise make use
# of this software may be licensed only pursuant to the terms
# of an applicable Wind River license agreement.
set -u
[ -f /etc/tcgbox_funcs.sh ] && source /etc/tcgbox_funcs.sh || exit 1

function usage
{
    echo "$0"
    echo ""
    echo "  -h:     Help message"
    echo "  -q:     Quiet mode"
    echo "  -d:     Check device node"
    echo "  -s:     Check sysfs entry"
    echo "  -c:     Check tcsd daemon"
    echo "  -o:     Check tpm chip owned state"
    echo "  -e:     Check tpm chip enabled state"
    echo ""
}

# Check Functions' Body
check_dev_func ()
{
    ls /dev/tpm* > /dev/null 2>&1 && return 0 || return 1
}

check_owned_func ()
{
    mount|grep -q "^securityfs" || {
        mount -t securityfs securityfs /sys/kernel/security || return 1
    }
    [ "$(cat /sys/class/misc/tpm0/device/owned)" = "1" ] && return 0 || return 1
}

check_enabled_func ()
{
    mount|grep -q "^securityfs" || {
        mount -t securityfs securityfs /sys/kernel/security || return 1
    }
    [ "$(cat /sys/class/misc/tpm0/device/enabled)" = "1" ] && return 0 || return 1
}

check_sys_func ()
{
    [ ! -d /sys/bus/pnp/drivers/tpm_tis/0* ] || return 0
    [ ! -d /sys/class/misc/tpm0/device ] || return 0

    return 1
}

check_tcsd_func ()
{
    pgrep tcsd >/dev/null 2>&1 || return 1

    return 0
}

check_loadk_func ()
{
    #echo "${KEY_ID} :: ${KEY_TYPE}"
    if [ "x${KEY_ID}" = "x" ] || [ "x${KEY_TYPE}" = "x" ]; then 
        qecho "ERROR: Key's UUID and TYPE both MUST be specified"; qecho ""; return 1
    fi
    if [ ${KEY_TYPE} != "sign" -a ${KEY_TYPE} != "seal" ]; then
        qecho "ERROR: Key's TYPE MUST be either [sign] or [seal]"; qecho ""; return 1
    fi

    tpm_loadkey -zq -k ${KEY_ID} -t ${KEY_TYPE}
    [ $? -eq 0 ] && return 0 || return 1
}

# Initial Section
QUIET=0
DEP_LIST="mount grep cat pgrep"
CHECK_DEV=0
CHECK_SYS=0
CHECK_TCSD=0
CHECK_LOADK=0
CHECK_OWNED=0
CHECK_ENABLED=0

KEY_ID=""
KEY_TYPE=""

# Process Command Options
OPTIND=1
while getopts "hoceflqds" opt "$@"; do
    case $opt in
        d)      CHECK_DEV=1     ;;
        c)      CHECK_TCSD=1    ;;
        s)      CHECK_SYS=1     ;;
        q)      QUIET=1         ;;
        o)      CHECK_OWNED=1;  ;;
        e)      CHECK_ENABLED=1; ;;
        h|\?)   usage; exit 1   ;;
    esac
done

[ ${OPTIND} -eq 1 ] && usage && exit 1
OPTIND=1
shift $(( OPTIND-1 ))

# Print Banner
qecho "TPM Sanity Check - Version 1.0"
qecho ""

# Check Environment
export PATH="${PATH}:/usr/sbin/:/sbin/:/usr/bin/"
for i in ${DEP_LIST}; do
    if ! env_check $i; then
        qecho ""
        qecho "Invalid Environment! Exit!"
        exit 1
    fi  
done
qecho ""

# Call Check Functions
for i in DEV SYS TCSD LOADK OWNED ENABLED; do
    VARSTR=CHECK_${i}
    VAR="\${"${VARSTR}"}"
    eval VAR=${VAR}
    if [ ${VAR} = "1" ]; then
        FUNC=$(echo $VARSTR|tr "A-Z" "a-z")"_func"
        eval ${FUNC}
        RET=$?
        qecho -ne "${VARSTR}:\t"
        [ ${RET} -eq 0 ] && qecho "[OK]" || qecho "[NOK]"
        [ ${RET} -ne 0 ] && exit ${RET}
    fi
done
qecho ""

exit 0

