From 15dfd665c19553a352867b93df4e6fcdb1bf42af Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Wed, 21 Dec 2016 17:01:07 -0500 Subject: [PATCH] swtpm: Call API call for resetting the TPM Established flag Call the libtpms API for resetting the TPM Established flag rather than sending a TPM command, which only works for TPM1.2. Signed-off-by: Stefan Berger --- src/swtpm/ctrlchannel.c | 9 +++++-- src/swtpm/cuse_tpm.c | 60 +++++++---------------------------------- src/swtpm/tpmlib.c | 33 ----------------------- src/swtpm/tpmlib.h | 2 -- 4 files changed, 16 insertions(+), 88 deletions(-) diff --git a/src/swtpm/ctrlchannel.c b/src/swtpm/ctrlchannel.c index f999480..3b7e084 100644 --- a/src/swtpm/ctrlchannel.c +++ b/src/swtpm/ctrlchannel.c @@ -487,6 +487,7 @@ int ctrlchannel_process_fd(int fd, uint32_t offset; char *info_data = NULL; size_t length; + TPM_MODIFIER_INDICATOR orig_locality; if (fd < 0) return -1; @@ -626,8 +627,12 @@ int ctrlchannel_process_fd(int fd, if (re->u.req.loc > 4) { res = htobe32(TPM_BAD_LOCALITY); } else { - res = htobe32(tpmlib_TpmEstablished_Reset(locality, - re->u.req.loc)); + orig_locality = *locality; + *locality = re->u.req.loc; + + res = htobe32(TPM_IO_TpmEstablished_Reset()); + + *locality = orig_locality; } *res_p = res; diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c index 82a700f..60416b3 100644 --- a/src/swtpm/cuse_tpm.c +++ b/src/swtpm/cuse_tpm.c @@ -217,18 +217,6 @@ static const char *usage = "-h|--help : display this help screen and terminate\n" "\n"; -const static unsigned char TPM_ResetEstablishmentBit[] = { - 0x00, 0xC1, /* TPM Request */ - 0x00, 0x00, 0x00, 0x0A, /* length (10) */ - 0x40, 0x00, 0x00, 0x0B /* TPM_ORD_ResetEstablishmentBit */ -}; - -const static unsigned char TPM2_Resp_FatalError[] = { - 0x80, 0x01, /* TPM Response */ - 0x00, 0x00, 0x00, 0x0A, /* length (10) */ - 0x00, 0x00, 0x01, 0x01 /* TPM_FAIL */ -}; - static TPM_RESULT ptm_io_getlocality(TPM_MODIFIER_INDICATOR *loc, uint32_t tpmnum) { @@ -397,43 +385,6 @@ static void worker_thread(gpointer data, gpointer user_data) /***************************** utility functions ****************************/ -/* _TPM_IO_TpmEstablished_Reset - * - * Reset the TPM Established bit by creating a TPM_ResetEstablishmentBit - * command and sending it to the TPM; we temporarily switch the locality - * to the one provded to this call. We wait until the TPM has processed - * the request. - */ -static TPM_RESULT _TPM_IO_TpmEstablished_Reset(fuse_req_t req, - TPM_MODIFIER_INDICATOR locty) -{ - TPM_RESULT res = TPM_FAIL; - TPM_Response_Header *tpmrh; - TPM_MODIFIER_INDICATOR orig_locality = locality; - - locality = locty; - - ptm_req_len = sizeof(TPM_ResetEstablishmentBit); - memcpy(ptm_request, TPM_ResetEstablishmentBit, ptm_req_len); - - msg.type = MESSAGE_TPM_CMD; - - worker_thread_mark_busy(); - - g_thread_pool_push(pool, &msg, NULL); - - worker_thread_wait_done(); - - if (ptm_res_len >= sizeof(TPM_Response_Header)) { - tpmrh = (TPM_Response_Header *)ptm_response; - res = ntohl(tpmrh->returnCode); - } - - locality = orig_locality; - - return res; -} - /* * tpm_start: Start the TPM * @@ -935,6 +886,7 @@ static void ptm_ioctl(fuse_req_t req, int cmd, void *arg, TPM_RESULT res = TPM_FAIL; bool exit_prg = FALSE; ptm_init *init_p; + TPM_MODIFIER_INDICATOR orig_locality; /* some commands have to wait until the worker thread is done */ switch(cmd) { @@ -978,7 +930,7 @@ static void ptm_ioctl(fuse_req_t req, int cmd, void *arg, | PTM_CAP_HASHING | PTM_CAP_CANCEL_TPM_CMD //| PTM_CAP_STORE_VOLATILE - //| PTM_CAP_RESET_TPMESTABLISHED + | PTM_CAP_RESET_TPMESTABLISHED //| PTM_CAP_GET_STATEBLOB //| PTM_CAP_SET_STATEBLOB | PTM_CAP_STOP @@ -1084,7 +1036,13 @@ static void ptm_ioctl(fuse_req_t req, int cmd, void *arg, if (re->u.req.loc > 4) { res = TPM_BAD_LOCALITY; } else { - res = _TPM_IO_TpmEstablished_Reset(req, re->u.req.loc); + /* set locality and reset flag in one command */ + orig_locality = locality; + locality = re->u.req.loc; + + res = TPM_IO_TpmEstablished_Reset(); + + locality = orig_locality; fuse_reply_ioctl(req, 0, &res, sizeof(res)); } } diff --git a/src/swtpm/tpmlib.c b/src/swtpm/tpmlib.c index 30a5820..988197c 100644 --- a/src/swtpm/tpmlib.c +++ b/src/swtpm/tpmlib.c @@ -154,39 +154,6 @@ bool tpmlib_is_request_cancelable(TPMLIB_TPMVersion tpmversion, ordinal == TPMLIB_TPM_ORD_CreateWrapKey); } -const static unsigned char TPM_ResetEstablishmentBit[] = { - 0x00, 0xC1, /* TPM Request */ - 0x00, 0x00, 0x00, 0x0A, /* length (10) */ - 0x40, 0x00, 0x00, 0x0B /* TPM_ORD_ResetEstablishmentBit */ -}; - -TPM_RESULT tpmlib_TpmEstablished_Reset(TPM_MODIFIER_INDICATOR *g_locality, - TPM_MODIFIER_INDICATOR locality) -{ - TPM_RESULT res; - unsigned char *rbuffer = NULL; - uint32_t rlength = 0; - uint32_t rTotal = 0; - TPM_MODIFIER_INDICATOR orig_locality = *g_locality; - unsigned char command[sizeof(TPM_ResetEstablishmentBit)]; - struct tpm_resp_header *tpmrh; - - memcpy(command, TPM_ResetEstablishmentBit, sizeof(command)); - *g_locality = locality; - - res = TPMLIB_Process(&rbuffer, &rlength, &rTotal, - command, sizeof(command)); - - if (res == TPM_SUCCESS && rlength >= sizeof(*tpmrh)) { - tpmrh = (struct tpm_resp_header *)rbuffer; - res = be32toh(tpmrh->errcode); - } - *g_locality = orig_locality; - free(rbuffer); - - return res; -} - static void tpmlib_write_error_response(unsigned char **rbuffer, uint32_t *rlength, uint32_t *rTotal, diff --git a/src/swtpm/tpmlib.h b/src/swtpm/tpmlib.h index 747be1e..f9f94b5 100644 --- a/src/swtpm/tpmlib.h +++ b/src/swtpm/tpmlib.h @@ -50,8 +50,6 @@ TPM_RESULT tpmlib_start(uint32_t flags, TPMLIB_TPMVersion tpmversion); int tpmlib_get_tpm_property(enum TPMLIB_TPMProperty prop); bool tpmlib_is_request_cancelable(TPMLIB_TPMVersion tpmversion, const unsigned char *request, size_t req_len); -TPM_RESULT tpmlib_TpmEstablished_Reset(TPM_MODIFIER_INDICATOR *g_locty, - TPM_MODIFIER_INDICATOR locty); void tpmlib_write_fatal_error_response(unsigned char **rbuffer, uint32_t *rlength, uint32_t *rTotal,