Valgrind reports uninitialized bytes when running some of the swtpm test
cases. The reason is that the indexOrderlyRam variable, which resides on
the stack, was not initialized. This patch fixes this valgrind complaint.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Modify the test for whether a state file exists by return code from the
load function being != TPM_RETRY. All other error codes indicate that some
form of state file exists, independent whether it is readable or not.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On some systems /bin/bash does not exists but is somewhere else and can
be invoked with /usr/bin/env.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
On FreeBSD we need to set the SHELL explicitly to /bin/bash since csh
is used otherwise and wouldn't allow us to run the check-local rule.
Besides that we need -shared for the check to pass. However, the FreeBSD
compiler doesn't allow us to recognize undefined symbols, which seem
to get suppressed with the -shared parameter. If the -shared is not passed
we get error messages due to undefined symbols _progname and environ from
libc.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
OS X needs the -shared parameter when running the undefined symbol
check.
Do not fail if a.out was not created, like on Cygwin.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
To test the creation of the tar and out-of-tree builds all the time, do
'distcheck' rather than a simple 'check'.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The linker on FreeBSD seems to be broken and fails for other reasons
when testing for support of the --version-script flag. The error
that is reported is:
local symbol 'environ' in /usr/lib/crt1.o is referenced by DSO.
Also __progname is needed.
To work around this problem we add a test.syms file that only has
these two symbols in it, which is enough for the test in
configure.ac and gives version script support in case of the
broken linker.
On FreeBSD TPM 1.2 related tests were failing due to test case 6
failures in case no linker script was used. (Very odd.) This patch
fixes this problem.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check whether the linker supports the linker flag --version-script.
The OS X linkwer does not seem to support it.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Instead of adding padding bytes to the end of the structure
extend the d array with 3 additional entries that are not going
to be used but provide the padding so that the structure has the
same size on 32 bit and 64 bit machines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The patch 'Recalculate the entrysize in front of every USER_NVRAM blob'
did not properly account for the TPM_HANDLE when recalculating the
entry size of an OBJECT in NVRAM. As a consequence all OBJECTS and NVRAM
indices following the first OBJECT got lost.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Determine which PCR banks need to be restored by determining which PCR banks
are active. We only expect data for active PCR banks and the other ones do
not need data.
The tricky part here is that the TPM 2 maintains a variable that indicates
which PCR banks are active in gp.pcrAllocated and another variable in NVRAM
indicating which ones will become active after a reboot. So far we only saved
the one from NVRAM when marshalling the state but now we have to save the one
holding the current active PCR banks also. The restauration of this variable
needs to happen when we resume the VM with volatile state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Since the sizeof(TPM_NV_INDEX) and sizeof(OBJECT) may expand when new hash
algorithms are enabled, the size of each entry in the USER_NVRAM may also
expand. We have to account for this when writing the entry size into the
NVRAM and cannot use the one from the unmarshalled state unless it is 0
or the sizes were the same. So the best is to calculate the entry size and
write it again.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce ATTRIBUTE_FORMAT for gcc and clang and use it to check the format
of the printf type function TPMLIB_LogTPM2Error() and the parameters. Fix
several places with errors.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The unmarshalling of the user NVRAM checks whether the NVRAM size allows us
to write the data into it. Since this function is called before writing the
other data into it (PERSISTENT DATA, etc. at lower offsets in the NVRAM),
we can be sure that the NVRAM is large enough to fit everything. Following
this logic, we should be able to loosen the restriction on the NVRAM size and
need not check what size the NVRAM was on the originating side. Since we will
test the unmarshalling of all the data we should be able to detect if the
local NVRAM size is too small and refuse to take the blob based on the failure
to unmarshal completely.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make sure that the NVRAM offsets and structure sizes are the same
on all architectures so that we can fill up the NVRAM on one system
and migrate the state to another architecture and it will fit into
the NVRAM space there.
We leave some space for the first few data structures in the NVRAM to
grow. We do this by rounding up the NV_INDEX_RAM_DATA location to the
next kb boundary. This moves it from offset 4356 to 5120 on x86_64 and
from offset 4332 to 5120 on i386. This now leaves us with the same
amount of space for user dynamic NVRAM, which starts beyond offset 5120.
We also pad the OBJECT structure with 4 bytes so that it is the same
size on 32 and 64 bit architectures. This is a data structure that
is used in user dynamic NVRAM and should be the same size on all
architectures so that a full NVRAM always fits.
Also test the size of the NV_INDEX structure, which already has the
same size on all tested architectures (x86_64, i386, arm32, ppc64).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This is taken directly from chromiumos TPM2 repository:
commit 172eec5ea9b46ddfe720c854fa719fdf8613b4ed
Author: nagendra modadugu <ngm@google.com>
Date: Fri Sep 16 14:07:13 2016 -0700
Add an initial fuzz test corpus for execute-command
This commit introduces a minimized corpus for
the test in fuzz/execute-command.cc.
The corpus was generated by parsing the TCG test
suite log for messages sent to the TPM. The corpus
includes test cases that produced crashes reported
in chrome-os-partner:56767 and chrome-os-partner:56825.
Future work includes defining a dictionary for the
protocol so that mutations can be more effective,
and also generating test-cases that improve coverage
(e.g. create & store primary key, followed by test case).
BUG=chrome-os-partner:50646
BRANCH=none
TEST=follow instructions in fuzz/README
Change-Id: I24332c0f58996626de9a08e2780595b0b2d76350
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/386443
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Kostya Serebryany <kcc@chromium.org>
Reviewed-by: Mike Aizitsky <aizatsky@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Enable SHA512. Since the TPM 2 expects to see PCR values for
the SHA512 bank in some of its structures, this breaks
compatibility with existing state files.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also write those structure related to PERSISTENT_ALL to have
a header with version 2 and a tail that allows the state to be
extended and downgraded.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Write the persistent state's EP,SP, and PPSeed values into the
volatile state and check them when reading. This way we can
prevent that arbitrary volatile and persistent state blobs are
used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Increase the NVRAM memory size to 128kb. That should be it for good.
We accept smaller NVRAM sizes from stored state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
SHA512 is currently not enabled since until a short while ago the test
data was missing. So before we enable it, we should differentiate between
writing adn reading of SHA384 and SHA512 data by using a different magic
in the header. We assign the existing value of the magic for the SHA384
that we currently use and assign SHA512 a new value.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Adapt the MIN_EVICT_OBJETCS #define value to 7 so that it meeds to
TPM Profile (PTP) Specification and TPM_PT_HR_PERSISTENT_MIN returns
the proper value.
We allow to read the state from a TPM that had a lesser value before.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
