The EK certificates need information about the TPM specification that was
implemented. The best place to get the information from seems the TPM itself.
So we implement a function TPMLIB_GetInfo() to allow to query for the TPM
specification information and possibly other information in the future.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The logic for invoking the validation of the TPM 1.2 state was
broken. The validation of volatile and save state state requires
that the permanent state is available, so we always load it
first.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_ValidateState(), which is supposed to be used
for checking usability of state blobs before TPMLIB_MainInit()
is called or TPM_Startup has been sent to the TPM.
This function is useful to be called once TPM state blobs
have been migrated to a destination and we need to check
whether libtpms can use these state blobs and if not
we have a chance to fall back to the migration source host.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the previous support of a fixed buffer size to work
with a minimum of 3k and a maximum of 4k.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Also allow to get the minimum and maximum supported buffer size
with the TPMLIB_SetBufferSize() call.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement TPMLIB_SetBufferSize() for setting the size of the I/O buffer
that the TPM may advertise. For TPM 1.2 the size remains fixed since the
TIS interface can handle the current 4096 bytes.
This function will be important for TPM 2 with a CRB interface that cannot
handle 4096 bytes.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
When checking for missing symbols we need to add -lc to the libraries
passed to gcc otherwise we always see lots of missing symbols even if
there aren't any.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
LibreSSL on OpenBSD seems to not support the new API of OpenSSL 1.1.
So create a new #define OPENSSL_OLD_API that is set if the old API
is to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the dprintf call to use a format parameter that otherwise causes
errors with gcc on certain platforms.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix compilation problems like the following:
/usr/local/lib/libtpms.so: undefined reference to `va_start'
/usr/local/lib/libtpms.so: undefined reference to `va_end'
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
vdprintf with a NULL parameter on the 3rd position crashes
on Linux. Replace it with dprintf.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add API calls TPMLIB_SetDebugFD(), TPMLIB_SetDebugLevel(),
TPMLIB_SetDebugPrefix().
Convert the internal printing of debugging strings to
correspond to the log level. Print the prefix in front
of every line.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce an internal interface that allows us to reach TPM functionality
from the libary's API layer. This prepares the code for the addition
of a new API function that lets us choose which TPM to use, TPM 1.2 or
TPM2. Currently only TPM 1.2 functionality is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move all TPM1.2 code to src/tpm12 directory. Adapt the Makefile.am
to point to tpm12 directory for the TPM1.2 sources.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix support for ARM64 by testing for whether __aarch64__ is defined.
Also see http://sourceforge.net/p/predef/wiki/Architectures for the
gcc preprocessor defines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the build process to build a dll on cygwin and remove
freebl specific shell calls when building for OpenSSL.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Remove unnecessary files in the repository and add boostrap.sh to create the
configure file and other files we are removing here. Users have to run
bootstrap.sh to have those files created in their build environment.
Update the INSTALL instructions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Implement missing base64 decoder support when using OpenSSL library.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
The physical presence flag should not be used if CMD enable is false
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
This is the initial import of the libtpms library. The libtpms library
provides software emulation of a Trusted Platform Module (TPM). It is
intended to be used by applications when a hardware TPM is not adequate.
For example, a hypervisor can use libtpms to emulate an independent TPM
for each of it's virtual machine guests. The library provides a high-
level API for developers to integrate the emulated TPM support into
their application.
The code was originally written by Kenneth Goldman <kgoldman@us.ibm.com>
and Stefan Berger <stefanb@us.ibm.com>.
The code is licensed under the Modified BSD License.
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
