BOOL is an int and therefore we cannot just write out the
single byte at the address of the BOOL. On big endian systems
the BOOL value is at offset 3. So we implement functions for
marshalling and unmarshalling of a BOOL as a single byte and
do the conversion with the 'int' there.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Round up the sizes of the structures written into NVRAM so we
have some space in front of them.
Prepend a heaer in front of the structure written into NVRAM. Initialize
them with a version number and a magic. The version number should
theoretically allow us to read TPM 2 state of different revisions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add functions to marshal the volatile state of the TPM. We write it in
big endian format.
Add functions to write the data structure in big endian format
into NVRAM.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Return a failure code to the control command initiated
initialization of the TPM 2.
Reset the failure move on every INIT call so that corrections
can be done without having to restart the TPM emulator.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce --with-tpm2 for ./configure to enable building with
TPM 2 functionality. Delay the building of TPM 2 code until more
patches are applied and the vTPM state that's created has a chance
of being backwards compatible.
Extend the libtpms API to allow user to choose version of TPM.
Missing functionality at this point:
- TPM 2 needs to be extended to serialize and deserialize its volatile state
- Handling of the establishment bit
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make the #define RADIX_BITS dependent on #defines set by the
OpenSSL library: THIRTY_TWO_BIT and SIXTY_FOUR_BIT_LONG
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
clang complains:
tpm12/tpm_init.c:666:9: error: variable 'tag' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
if (rc == 0) {
^~~~~~~
tpm12/tpm_init.c:746:9: note: uninitialized use occurs here
if (tag == TPM_TAG_STCLEAR_DATA) {
^~~
tpm12/tpm_init.c:666:5: note: remove the 'if' if its condition is always true
if (rc == 0) {
^~~~~~~~~~~~~
tpm12/tpm_init.c:662:28: note: initialize the variable 'tag' to silence this warning
TPM_STRUCTURE_TAG tag;
^
= 0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The permanent state has to be loaded before the volatile or save state blobs
can be tested since they are connected to the permanenent state.
We implement TPM_PermanentAll_NVLoad_Preserve that makes a copy of any
cached permanent state blobs before we load the permanent state via
TPM_PermanentAll_NVLoad, which would consume and free any cached state blob,
if there was one (would fall back to reading from file otherwise). We then
set the copy of any cached permanent state blob back so that it can be used
when the TPM 1.2 start.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Clear all the cached states blobs set using TPMLIB_SetState if one
of them cannot be accepted.
Signed-off-by: Stfean Berger <stefanb@linux.vnet.ibm.com>
Expose the two new API calls TPMLIB_GetState() and TPMLIB_SetState().
Fix one parameter in the TPMLIB_GetState() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The permanent state has to be loaded before either the volatile
or the save state can be validated.
Also fix another bug that was testing for whether there was no
cached state. It should test whether there is a cached state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If the permanent state was set using SetState() write the permanent
state once we successfully read the volatile state and can use it.
This way we have the state in a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Modify TPM_NVRAM_LoadData() to try to get the cached state blob before trying
to read the state blob from the file. We clear the state blob as part of
passing it to the TPM.
A side effect is now that if TPMLIB_ValidateState is called on a blob that
this call would not remove the cached blob. So we have to save a copy before
reading (and parsing) the state blob so we still have it when TPM_MainInit()
is called.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This patch adds APIs for getting and setting all types of state
blobs. We cache these blobs and allow them to be picked up when
the TPM starts. It will get any of these state blobs, if they
were set, before we go out and try to read the state blob from
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The EK certificates need information about the TPM specification that was
implemented. The best place to get the information from seems the TPM itself.
So we implement a function TPMLIB_GetInfo() to allow to query for the TPM
specification information and possibly other information in the future.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The logic for invoking the validation of the TPM 1.2 state was
broken. The validation of volatile and save state state requires
that the permanent state is available, so we always load it
first.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_ValidateState(), which is supposed to be used
for checking usability of state blobs before TPMLIB_MainInit()
is called or TPM_Startup has been sent to the TPM.
This function is useful to be called once TPM state blobs
have been migrated to a destination and we need to check
whether libtpms can use these state blobs and if not
we have a chance to fall back to the migration source host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the previous support of a fixed buffer size to work
with a minimum of 3k and a maximum of 4k.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also allow to get the minimum and maximum supported buffer size
with the TPMLIB_SetBufferSize() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_SetBufferSize() for setting the size of the I/O buffer
that the TPM may advertise. For TPM 1.2 the size remains fixed since the
TIS interface can handle the current 4096 bytes.
This function will be important for TPM 2 with a CRB interface that cannot
handle 4096 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When checking for missing symbols we need to add -lc to the libraries
passed to gcc otherwise we always see lots of missing symbols even if
there aren't any.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
LibreSSL on OpenBSD seems to not support the new API of OpenSSL 1.1.
So create a new #define OPENSSL_OLD_API that is set if the old API
is to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the dprintf call to use a format parameter that otherwise causes
errors with gcc on certain platforms.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix compilation problems like the following:
/usr/local/lib/libtpms.so: undefined reference to `va_start'
/usr/local/lib/libtpms.so: undefined reference to `va_end'
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
vdprintf with a NULL parameter on the 3rd position crashes
on Linux. Replace it with dprintf.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add API calls TPMLIB_SetDebugFD(), TPMLIB_SetDebugLevel(),
TPMLIB_SetDebugPrefix().
Convert the internal printing of debugging strings to
correspond to the log level. Print the prefix in front
of every line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce an internal interface that allows us to reach TPM functionality
from the libary's API layer. This prepares the code for the addition
of a new API function that lets us choose which TPM to use, TPM 1.2 or
TPM2. Currently only TPM 1.2 functionality is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move all TPM1.2 code to src/tpm12 directory. Adapt the Makefile.am
to point to tpm12 directory for the TPM1.2 sources.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix support for ARM64 by testing for whether __aarch64__ is defined.
Also see http://sourceforge.net/p/predef/wiki/Architectures for the
gcc preprocessor defines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the build process to build a dll on cygwin and remove
freebl specific shell calls when building for OpenSSL.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Remove unnecessary files in the repository and add boostrap.sh to create the
configure file and other files we are removing here. Users have to run
bootstrap.sh to have those files created in their build environment.
Update the INSTALL instructions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Implement missing base64 decoder support when using OpenSSL library.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
The physical presence flag should not be used if CMD enable is false
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
This is the initial import of the libtpms library. The libtpms library
provides software emulation of a Trusted Platform Module (TPM). It is
intended to be used by applications when a hardware TPM is not adequate.
For example, a hypervisor can use libtpms to emulate an independent TPM
for each of it's virtual machine guests. The library provides a high-
level API for developers to integrate the emulated TPM support into
their application.
The code was originally written by Kenneth Goldman <kgoldman@us.ibm.com>
and Stefan Berger <stefanb@us.ibm.com>.
The code is licensed under the Modified BSD License.
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
