Reland "LoginScreen: Show TPM lock status."

This is a reland of 67a4df6
CL was reverted cause of failing
chromeos-betty-pi-arc-cfi-thin-lto-chrome due to reaching deadline
on one of the tests. This is gonna be fixed by increasing time limit.
See details here: https://crbug.com/1116379

Original change's description:
> LoginScreen: Show TPM lock status.
>
> If TPM is locked show banner with steps on how to fix this issue.
>
> Bug: 1114656
> Change-Id: I85dab0f4ce003ac3dad61c318efb3333457993ac
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2346266
> Reviewed-by: Toni Baržić <tbarzic@chromium.org>
> Commit-Queue: Roman Aleksandrov <raleksandrov@google.com>
> Cr-Commit-Position: refs/heads/master@{#797992}

Bug: 1114656
Change-Id: Iba50daf1d1b892539e00d9be04fc2b8c0a5a279e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2359992
Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org>
Commit-Queue: Roman Aleksandrov <raleksandrov@google.com>
Cr-Commit-Position: refs/heads/master@{#798698}
(cherry picked from commit 065ade0)


TBR=raleksandrov@google.com

Change-Id: I0b0510c80ddd1f0a21cb0c26cfa8e85fd907dbbd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2358835
Reviewed-by: Roman Aleksandrov <raleksandrov@google.com>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Cr-Commit-Position: refs/branch-heads/4147@{#1109}
Cr-Branched-From: 1630782-refs/heads/master@{#768962}

ash/ash_strings.grd

@@ -2122,6 +2122,12 @@ This file contains the strings for ash.
       <message name="IDS_ASH_LOGIN_SCREEN_UNVERIFIED_CODE_WARNING" desc="Message shown at the bottom of the login screen when the device has ran or is capable to run unverified code.">
         This device may contain apps that haven't been verified by Google.
       </message>
+      <message name="IDS_ASH_LOGIN_POD_TPM_LOCKED_ISSUE_WARNING" desc="Message shown as part of the TPM locked warning bubble when TPM is locked.">
+        Your Chromebook is locked due to a known issue. You will be able to sign in after: <ph name="TIME_LEFT">$1<ex>1 hour, 15 minutes, 10 seconds</ex></ph>.
+      </message>
+      <message name="IDS_ASH_LOGIN_POD_TPM_LOCKED_ISSUE_DESCRIPTION" desc="Message shown as part of the TPM locked warning bubble when TPM is locked.">
+        Your Chromebook needs to stay on and connected to power during this time. Make sure the charger or adapter cables are completely plugged in, both to your Chromebook and the power outlet. Do not turn off your Chromebook.
+      </message>
 
       <!-- Multi-profiles intro dialog -->
       <message name="IDS_ASH_MULTIPROFILES_INTRO_HEADLINE" desc="Describes which feature multi-profiles intro dialog presents.">

ash/ash_strings_grd/IDS_ASH_LOGIN_POD_TPM_LOCKED_ISSUE_DESCRIPTION.png.sha1

@@ -0,0 +1 @@
+f51cff68354bd8a9f31e7c0bc42b520d6ae2b591

ash/ash_strings_grd/IDS_ASH_LOGIN_POD_TPM_LOCKED_ISSUE_WARNING.png.sha1

@@ -0,0 +1 @@
+f51cff68354bd8a9f31e7c0bc42b520d6ae2b591

ash/login/ui/lock_contents_view.cc

@@ -950,6 +950,17 @@ void LockContentsView::OnAuthDisabledForUser(
   }
 }
 
+void LockContentsView::OnSetTpmLockedState(const AccountId& user,
+                                           bool is_locked,
+                                           base::TimeDelta time_left) {
+  LoginBigUserView* big_user =
+      TryToFindBigUser(user, false /*require_auth_active*/);
+  if (big_user && big_user->auth_user()) {
+    LayoutAuth(big_user, nullptr /*opt_to_hide*/, true /*animate*/);
+    big_user->auth_user()->SetTpmLockedState(is_locked, time_left);
+  }
+}
+
 void LockContentsView::OnTapToUnlockEnabledForUserChanged(const AccountId& user,
                                                           bool enabled) {
   LockContentsView::UserState* state = FindStateForUser(user);

ash/login/ui/lock_contents_view.h

@@ -167,6 +167,9 @@ class ASH_EXPORT LockContentsView
   void OnAuthDisabledForUser(
       const AccountId& user,
       const AuthDisabledData& auth_disabled_data) override;
+  void OnSetTpmLockedState(const AccountId& user,
+                           bool is_locked,
+                           base::TimeDelta time_left) override;
   void OnLockScreenNoteStateChanged(mojom::TrayActionState state) override;
   void OnTapToUnlockEnabledForUserChanged(const AccountId& user,
                                           bool enabled) override;

ash/login/ui/login_auth_user_view.cc

@@ -33,6 +33,7 @@
 #include "base/i18n/time_formatting.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/utf_string_conversions.h"
+#include "base/time/time.h"
 #include "base/timer/timer.h"
 #include "chromeos/constants/chromeos_features.h"
 #include "components/user_manager/user.h"
@@ -52,6 +53,7 @@
 #include "ui/views/border.h"
 #include "ui/views/controls/button/md_text_button.h"
 #include "ui/views/controls/highlight_path_generator.h"
+#include "ui/views/controls/label.h"
 #include "ui/views/layout/box_layout.h"
 #include "ui/views/layout/fill_layout.h"
 #include "ui/views/layout/flex_layout.h"
@@ -118,6 +120,15 @@ constexpr int kDisabledAuthMessageTitleFontSizeDeltaDp = 3;
 constexpr int kDisabledAuthMessageContentsFontSizeDeltaDp = -1;
 constexpr int kDisabledAuthMessageRoundedCornerRadiusDp = 8;
 
+constexpr int kLockedTpmMessageVerticalBorderDp = 16;
+constexpr int kLockedTpmMessageHorizontalBorderDp = 16;
+constexpr int kLockedTpmMessageChildrenSpacingDp = 4;
+constexpr int kLockedTpmMessageWidthDp = 360;
+constexpr int kLockedTpmMessageHeightDp = 108;
+constexpr int kLockedTpmMessageIconSizeDp = 24;
+constexpr int kLockedTpmMessageDeltaDp = 0;
+constexpr int kLockedTpmMessageRoundedCornerRadiusDp = 8;
+
 constexpr int kNonEmptyWidthDp = 1;
 
 // Returns an observer that will hide |view| when it fires. The observer will
@@ -713,6 +724,88 @@ class LoginAuthUserView::DisabledAuthMessageView : public views::View {
   DISALLOW_COPY_AND_ASSIGN(DisabledAuthMessageView);
 };
 
+// The message shown to user when TPM is locked.
+class LoginAuthUserView::LockedTpmMessageView : public views::View {
+ public:
+  LockedTpmMessageView() {
+    SetLayoutManager(std::make_unique<views::BoxLayout>(
+        views::BoxLayout::Orientation::kVertical,
+        gfx::Insets(kLockedTpmMessageVerticalBorderDp,
+                    kLockedTpmMessageHorizontalBorderDp),
+        kLockedTpmMessageChildrenSpacingDp));
+    SetPaintToLayer();
+    layer()->SetFillsBoundsOpaquely(false);
+    SetPreferredSize(
+        gfx::Size(kLockedTpmMessageWidthDp, kLockedTpmMessageHeightDp));
+    SetFocusBehavior(FocusBehavior::ALWAYS);
+
+    auto message_icon = std::make_unique<views::ImageView>();
+    message_icon->SetPreferredSize(
+        gfx::Size(kLockedTpmMessageIconSizeDp, kLockedTpmMessageIconSizeDp));
+    message_icon->SetImage(
+        gfx::CreateVectorIcon(kLockScreenAlertIcon, SK_ColorWHITE));
+    message_icon_ = AddChildView(std::move(message_icon));
+
+    message_warning_ = CreateLabel();
+    message_description_ = CreateLabel();
+
+    // Set content.
+    base::string16 message_description = l10n_util::GetStringUTF16(
+        IDS_ASH_LOGIN_POD_TPM_LOCKED_ISSUE_DESCRIPTION);
+    message_description_->SetText(message_description);
+  }
+
+  LockedTpmMessageView(const LockedTpmMessageView&) = delete;
+  LockedTpmMessageView& operator=(const LockedTpmMessageView&) = delete;
+  ~LockedTpmMessageView() override = default;
+
+  // Set the parameters needed to render the message.
+  void SetRemainingTime(base::TimeDelta time_left) {
+    base::string16 time_left_message;
+    if (base::TimeDurationFormatWithSeconds(
+            time_left, base::DurationFormatWidth::DURATION_WIDTH_WIDE,
+            &time_left_message)) {
+      base::string16 message_warning = l10n_util::GetStringFUTF16(
+          IDS_ASH_LOGIN_POD_TPM_LOCKED_ISSUE_WARNING, time_left_message);
+      message_warning_->SetText(message_warning);
+    }
+    Layout();
+  }
+
+  // views::View:
+  void OnPaint(gfx::Canvas* canvas) override {
+    views::View::OnPaint(canvas);
+
+    cc::PaintFlags flags;
+    flags.setStyle(cc::PaintFlags::kFill_Style);
+    flags.setColor(
+        PinRequestView::GetChildUserDialogColor(false /*using blur*/));
+    canvas->DrawRoundRect(GetContentsBounds(),
+                          kLockedTpmMessageRoundedCornerRadiusDp, flags);
+  }
+  void RequestFocus() override { message_warning_->RequestFocus(); }
+
+ private:
+  views::Label* CreateLabel() {
+    auto label = std::make_unique<views::Label>(base::string16(),
+                                                views::style::CONTEXT_LABEL,
+                                                views::style::STYLE_PRIMARY);
+    label->SetFontList(gfx::FontList().Derive(kLockedTpmMessageDeltaDp,
+                                              gfx::Font::NORMAL,
+                                              gfx::Font::Weight::NORMAL));
+    label->SetSubpixelRenderingEnabled(false);
+    label->SetAutoColorReadabilityEnabled(false);
+    label->SetEnabledColor(SK_ColorWHITE);
+    label->SetFocusBehavior(FocusBehavior::ALWAYS);
+    label->SetMultiLine(true);
+    return AddChildView(std::move(label));
+  }
+
+  views::Label* message_warning_;
+  views::Label* message_description_;
+  views::ImageView* message_icon_;
+};
+
 struct LoginAuthUserView::AnimationState {
   explicit AnimationState(LoginAuthUserView* view) {
     non_pin_y_start_in_screen = view->GetBoundsInScreen().y();
@@ -848,6 +941,9 @@ LoginAuthUserView::LoginAuthUserView(const LoginUserInfo& user,
   auto disabled_auth_message = std::make_unique<DisabledAuthMessageView>();
   disabled_auth_message_ = disabled_auth_message.get();
 
+  auto locked_tpm_message_view = std::make_unique<LockedTpmMessageView>();
+  locked_tpm_message_view_ = locked_tpm_message_view.get();
+
   auto fingerprint_view = std::make_unique<FingerprintView>();
   fingerprint_view_ = fingerprint_view.get();
 
@@ -891,6 +987,9 @@ LoginAuthUserView::LoginAuthUserView(const LoginUserInfo& user,
   auto wrapped_disabled_auth_message_view =
       login_views_utils::WrapViewForPreferredSize(
           std::move(disabled_auth_message));
+  auto wrapped_locked_tpm_message_view =
+      login_views_utils::WrapViewForPreferredSize(
+          std::move(locked_tpm_message_view));
   auto wrapped_user_view =
       login_views_utils::WrapViewForPreferredSize(std::move(user_view));
   auto wrapped_pin_view =
@@ -917,6 +1016,8 @@ LoginAuthUserView::LoginAuthUserView(const LoginUserInfo& user,
       AddChildView(std::move(wrapped_online_sign_in_message_view));
   views::View* wrapped_disabled_auth_message_view_ptr =
       AddChildView(std::move(wrapped_disabled_auth_message_view));
+  views::View* wrapped_locked_tpm_message_view_ptr =
+      AddChildView(std::move(wrapped_locked_tpm_message_view));
   views::View* wrapped_pin_view_ptr = AddChildView(std::move(wrapped_pin_view));
   views::View* wrapped_fingerprint_view_ptr =
       AddChildView(std::move(wrapped_fingerprint_view));
@@ -952,6 +1053,7 @@ LoginAuthUserView::LoginAuthUserView(const LoginUserInfo& user,
   add_padding(kDistanceFromTopOfBigUserViewToUserIconDp);
   add_view(wrapped_user_view_ptr);
   add_padding(kDistanceBetweenUserViewAndPasswordDp);
+  add_view(wrapped_locked_tpm_message_view_ptr);
   add_view(wrapped_password_view_ptr);
   add_view(wrapped_online_sign_in_message_view_ptr);
   add_view(wrapped_disabled_auth_message_view_ptr);
@@ -985,13 +1087,17 @@ void LoginAuthUserView::SetAuthMethods(uint32_t auth_methods,
   bool has_challenge_response = HasAuthMethod(AUTH_CHALLENGE_RESPONSE);
   bool auth_disabled = HasAuthMethod(AUTH_DISABLED);
 
-  bool hide_auth = auth_disabled || force_online_sign_in;
+  bool hide_auth = auth_disabled || force_online_sign_in || tpm_is_locked_;
 
   online_sign_in_message_->SetVisible(force_online_sign_in);
   disabled_auth_message_->SetVisible(auth_disabled);
-  if (auth_disabled)
+  if (auth_disabled && !tpm_is_locked_)
     disabled_auth_message_->RequestFocus();
 
+  locked_tpm_message_view_->SetVisible(tpm_is_locked_);
+  if (tpm_is_locked_)
+    locked_tpm_message_view_->RequestFocus();
+
   // Adjust the PIN keyboard visibility before the password textfield's one, so
   // that when both are about to be hidden the focus doesn't jump to the "1"
   // keyboard button, causing unexpected accessibility effects.
@@ -1245,6 +1351,15 @@ void LoginAuthUserView::SetAuthDisabledMessage(
   Layout();
 }
 
+void LoginAuthUserView::SetTpmLockedState(bool is_locked,
+                                          base::TimeDelta time_left) {
+  if (is_locked)
+    locked_tpm_message_view_->SetRemainingTime(time_left);
+  tpm_is_locked_ = is_locked;
+  // Update auth methods which are available.
+  SetAuthMethods(auth_methods_, can_use_pin_);
+}
+
 const LoginUserInfo& LoginAuthUserView::current_user() const {
   return user_view_->current_user();
 }

ash/login/ui/login_auth_user_view.h

@@ -9,6 +9,7 @@
 #include <memory>
 
 #include "ash/ash_export.h"
+#include "ash/login/ui/login_error_bubble.h"
 #include "ash/login/ui/login_password_view.h"
 #include "ash/login/ui/login_user_view.h"
 #include "ash/login/ui/non_accessible_view.h"
@@ -137,6 +138,8 @@ class ASH_EXPORT LoginAuthUserView
   // auth method is |AUTH_DISABLED|.
   void SetAuthDisabledMessage(const AuthDisabledData& auth_disabled_data);
 
+  void SetTpmLockedState(bool is_locked, base::TimeDelta time_left);
+
   const LoginUserInfo& current_user() const;
 
   LoginPasswordView* password_view() { return password_view_; }
@@ -158,6 +161,7 @@ class ASH_EXPORT LoginAuthUserView
   class FingerprintView;
   class ChallengeResponseView;
   class DisabledAuthMessageView;
+  class LockedTpmMessageView;
 
   // Called when the user submits an auth method. Runs mojo call.
   void OnAuthSubmit(const base::string16& password);
@@ -208,6 +212,7 @@ class ASH_EXPORT LoginAuthUserView
   ChallengeResponseView* challenge_response_view_ = nullptr;
   views::LabelButton* external_binary_auth_button_ = nullptr;
   views::LabelButton* external_binary_enrollment_button_ = nullptr;
+  LockedTpmMessageView* locked_tpm_message_view_ = nullptr;
 
   // Displays padding between:
   // 1. Password field and pin keyboard
@@ -217,6 +222,8 @@ class ASH_EXPORT LoginAuthUserView
   const OnAuthCallback on_auth_;
   const LoginUserView::OnTap on_tap_;
 
+  bool tpm_is_locked_ = false;
+
   // Animation state that was cached from before a layout. Generated by
   // |CaptureStateForAnimationPreLayout| and consumed by
   // |ApplyAnimationPostLayout|.

ash/login/ui/login_data_dispatcher.cc

@@ -38,6 +38,11 @@ void LoginDataDispatcher::Observer::OnAuthDisabledForUser(
     const AccountId& user,
     const AuthDisabledData& auth_disabled_data) {}
 
+void LoginDataDispatcher::Observer::OnSetTpmLockedState(
+    const AccountId& user,
+    bool is_locked,
+    base::TimeDelta time_left) {}
+
 void LoginDataDispatcher::Observer::OnTapToUnlockEnabledForUserChanged(
     const AccountId& user,
     bool enabled) {}
@@ -154,6 +159,13 @@ void LoginDataDispatcher::DisableAuthForUser(
     observer.OnAuthDisabledForUser(account_id, auth_disabled_data);
 }
 
+void LoginDataDispatcher::SetTpmLockedState(const AccountId& account_id,
+                                            bool is_locked,
+                                            base::TimeDelta time_left) {
+  for (auto& observer : observers_)
+    observer.OnSetTpmLockedState(account_id, is_locked, time_left);
+}
+
 void LoginDataDispatcher::SetTapToUnlockEnabledForUser(const AccountId& user,
                                                        bool enabled) {
   for (auto& observer : observers_)

ash/login/ui/login_data_dispatcher.h

@@ -15,6 +15,7 @@
 #include "ash/public/mojom/tray_action.mojom.h"
 #include "base/macros.h"
 #include "base/observer_list.h"
+#include "base/time/time.h"
 
 namespace ash {
 
@@ -76,6 +77,11 @@ class ASH_EXPORT LoginDataDispatcher : public LoginScreenModel {
         const AccountId& user,
         const AuthDisabledData& auth_disabled_data);
 
+    // Called when TPM is locked.
+    virtual void OnSetTpmLockedState(const AccountId& user,
+                                     bool is_locked,
+                                     base::TimeDelta time_left);
+
     // Called when the given user can click their pod to unlock.
     virtual void OnTapToUnlockEnabledForUserChanged(const AccountId& user,
                                                     bool enabled);
@@ -167,6 +173,9 @@ class ASH_EXPORT LoginDataDispatcher : public LoginScreenModel {
   void EnableAuthForUser(const AccountId& account_id) override;
   void DisableAuthForUser(const AccountId& account_id,
                           const AuthDisabledData& auth_disabled_data) override;
+  void SetTpmLockedState(const AccountId& user,
+                         bool is_locked,
+                         base::TimeDelta time_left) override;
   void SetTapToUnlockEnabledForUser(const AccountId& user,
                                     bool enabled) override;
   void ForceOnlineSignInForUser(const AccountId& user) override;

ash/public/cpp/login_screen_model.h

@@ -9,6 +9,7 @@
 
 #include "ash/public/cpp/ash_public_export.h"
 #include "base/strings/string16.h"
+#include "base/time/time.h"
 
 class AccountId;
 
@@ -77,6 +78,10 @@ class ASH_PUBLIC_EXPORT LoginScreenModel {
       const AccountId& account_id,
       const AuthDisabledData& auth_disabled_data) = 0;
 
+  virtual void SetTpmLockedState(const AccountId& user,
+                                 bool is_locked,
+                                 base::TimeDelta time_left) = 0;
+
   // Enables or disables the authentication type to tap-to-unlock for the user.
   virtual void SetTapToUnlockEnabledForUser(const AccountId& account_id,
                                             bool enabled) = 0;