Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-02-04 03:59:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

swtpm: Call API call for resetting the TPM Established flag

Browse Source 
Call the libtpms API for resetting the TPM Established flag rather
than sending a TPM command, which only works for TPM1.2.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2016-12-21 17:01:07 -05:00
parent 326e7b5a75
commit 15dfd665c1
4 changed files with 16 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/swtpm/ctrlchannel.c
View File

@ -487,6 +487,7 @@ int ctrlchannel_process_fd(int fd,
uint32_t offset;
char *info_data = NULL;
size_t length;
TPM_MODIFIER_INDICATOR orig_locality;
if (fd < 0)
return -1;
@ -626,8 +627,12 @@ int ctrlchannel_process_fd(int fd,
if (re->u.req.loc > 4) {
res = htobe32(TPM_BAD_LOCALITY);
} else {
res = htobe32(tpmlib_TpmEstablished_Reset(locality,
re->u.req.loc));
orig_locality = *locality;
*locality = re->u.req.loc;
res = htobe32(TPM_IO_TpmEstablished_Reset());
*locality = orig_locality;
}
*res_p = res;

60
src/swtpm/cuse_tpm.c
View File

@ -217,18 +217,6 @@ static const char *usage =
"-h|--help : display this help screen and terminate\n"
"\n";
const static unsigned char TPM_ResetEstablishmentBit[] = {
0x00, 0xC1, /* TPM Request */
0x00, 0x00, 0x00, 0x0A, /* length (10) */
0x40, 0x00, 0x00, 0x0B /* TPM_ORD_ResetEstablishmentBit */
};
const static unsigned char TPM2_Resp_FatalError[] = {
0x80, 0x01, /* TPM Response */
0x00, 0x00, 0x00, 0x0A, /* length (10) */
0x00, 0x00, 0x01, 0x01 /* TPM_FAIL */
};
static TPM_RESULT
ptm_io_getlocality(TPM_MODIFIER_INDICATOR *loc, uint32_t tpmnum)
{
@ -397,43 +385,6 @@ static void worker_thread(gpointer data, gpointer user_data)
/***************************** utility functions ****************************/
/* _TPM_IO_TpmEstablished_Reset
*
* Reset the TPM Established bit by creating a TPM_ResetEstablishmentBit
* command and sending it to the TPM; we temporarily switch the locality
* to the one provded to this call. We wait until the TPM has processed
* the request.
*/
static TPM_RESULT _TPM_IO_TpmEstablished_Reset(fuse_req_t req,
TPM_MODIFIER_INDICATOR locty)
{
TPM_RESULT res = TPM_FAIL;
TPM_Response_Header *tpmrh;
TPM_MODIFIER_INDICATOR orig_locality = locality;
locality = locty;
ptm_req_len = sizeof(TPM_ResetEstablishmentBit);
memcpy(ptm_request, TPM_ResetEstablishmentBit, ptm_req_len);
msg.type = MESSAGE_TPM_CMD;
worker_thread_mark_busy();
g_thread_pool_push(pool, &msg, NULL);
worker_thread_wait_done();
if (ptm_res_len >= sizeof(TPM_Response_Header)) {
tpmrh = (TPM_Response_Header *)ptm_response;
res = ntohl(tpmrh->returnCode);
}
locality = orig_locality;
return res;
}
/*
* tpm_start: Start the TPM
*
@ -935,6 +886,7 @@ static void ptm_ioctl(fuse_req_t req, int cmd, void *arg,
TPM_RESULT res = TPM_FAIL;
bool exit_prg = FALSE;
ptm_init *init_p;
TPM_MODIFIER_INDICATOR orig_locality;
/* some commands have to wait until the worker thread is done */
switch(cmd) {
@ -978,7 +930,7 @@ static void ptm_ioctl(fuse_req_t req, int cmd, void *arg,
| PTM_CAP_HASHING
| PTM_CAP_CANCEL_TPM_CMD
//| PTM_CAP_STORE_VOLATILE
//| PTM_CAP_RESET_TPMESTABLISHED
| PTM_CAP_RESET_TPMESTABLISHED
//| PTM_CAP_GET_STATEBLOB
//| PTM_CAP_SET_STATEBLOB
| PTM_CAP_STOP
@ -1084,7 +1036,13 @@ static void ptm_ioctl(fuse_req_t req, int cmd, void *arg,
if (re->u.req.loc > 4) {
res = TPM_BAD_LOCALITY;
} else {
res = _TPM_IO_TpmEstablished_Reset(req, re->u.req.loc);
/* set locality and reset flag in one command */
orig_locality = locality;
locality = re->u.req.loc;
res = TPM_IO_TpmEstablished_Reset();
locality = orig_locality;
fuse_reply_ioctl(req, 0, &res, sizeof(res));
}
}

33
src/swtpm/tpmlib.c
View File

@ -154,39 +154,6 @@ bool tpmlib_is_request_cancelable(TPMLIB_TPMVersion tpmversion,
ordinal == TPMLIB_TPM_ORD_CreateWrapKey);
}
const static unsigned char TPM_ResetEstablishmentBit[] = {
0x00, 0xC1, /* TPM Request */
0x00, 0x00, 0x00, 0x0A, /* length (10) */
0x40, 0x00, 0x00, 0x0B /* TPM_ORD_ResetEstablishmentBit */
};
TPM_RESULT tpmlib_TpmEstablished_Reset(TPM_MODIFIER_INDICATOR *g_locality,
TPM_MODIFIER_INDICATOR locality)
{
TPM_RESULT res;
unsigned char *rbuffer = NULL;
uint32_t rlength = 0;
uint32_t rTotal = 0;
TPM_MODIFIER_INDICATOR orig_locality = *g_locality;
unsigned char command[sizeof(TPM_ResetEstablishmentBit)];
struct tpm_resp_header *tpmrh;
memcpy(command, TPM_ResetEstablishmentBit, sizeof(command));
*g_locality = locality;
res = TPMLIB_Process(&rbuffer, &rlength, &rTotal,
command, sizeof(command));
if (res == TPM_SUCCESS && rlength >= sizeof(*tpmrh)) {
tpmrh = (struct tpm_resp_header *)rbuffer;
res = be32toh(tpmrh->errcode);
}
*g_locality = orig_locality;
free(rbuffer);
return res;
}
static void tpmlib_write_error_response(unsigned char **rbuffer,
uint32_t *rlength,
uint32_t *rTotal,

2
src/swtpm/tpmlib.h
View File

@ -50,8 +50,6 @@ TPM_RESULT tpmlib_start(uint32_t flags, TPMLIB_TPMVersion tpmversion);
int tpmlib_get_tpm_property(enum TPMLIB_TPMProperty prop);
bool tpmlib_is_request_cancelable(TPMLIB_TPMVersion tpmversion,
const unsigned char *request, size_t req_len);
TPM_RESULT tpmlib_TpmEstablished_Reset(TPM_MODIFIER_INDICATOR *g_locty,
TPM_MODIFIER_INDICATOR locty);
void tpmlib_write_fatal_error_response(unsigned char **rbuffer,
uint32_t *rlength,
uint32_t *rTotal,