swtpm: Add support for --print-profiles option

Add support for --print-profiles option to print all profiles supported by libtpms. Usage: swtpm socket --tpm2 --print-profiles | jq Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-08-22 19:04:35 +00:00 · 2023-08-30 16:25:14 -04:00 · 2023-08-30 16:25:14 -04:00 · 96fe5afac7
commit 96fe5afac7
parent 62aaf0a251
6 changed files with 62 additions and 1 deletions
--- a/man/man8/swtpm.pod
+++ b/man/man8/swtpm.pod
@ -334,7 +334,8 @@ may contain the following:
        "rsa-keysize-1024",
        "rsa-keysize-2048",
        "rsa-keysize-3072",
-        "cmdarg-profile"
+        "cmdarg-profile",
+        "cmdarg-print-profile"
      ],
      "version": "0.7.0"
    }
@ -415,6 +416,10 @@ The option <--profile> is supported to set a profile for a TPM 2 using either
 the option parameter I<name=> to select a profile by its name or I<profile=>
 to provide a JSON-formatted profile.

+=item B<cmdarg-print-profiles> (since v0.10)
+
+The option <--print-profiles> is supported.
+
 =back

 =item B<--print-states> (since v0.7)
@ -542,6 +547,10 @@ I<swtpm_ioctl> tool:
      }
    }

+=item B<--print-profiles> (since v0.10)
+
+Display the profiles supported by libtpms. Use with I<--tpm2> option.
+
 =item B<-h|--help>

 Display usage info.
--- a/src/swtpm/capabilities.c
+++ b/src/swtpm/capabilities.c
@ -218,6 +218,18 @@ error:
    return ret;
 }

+int print_profiles(void)
+{
+    char *info_data = TPMLIB_GetInfo(TPMLIB_INFO_AVAILABLE_PROFILES);
+
+    if (info_data)
+        printf("%s", info_data);
+
+    free(info_data);
+
+    return 0;
+}
+
 int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion)
 {
    char *string = NULL;
--- a/src/swtpm/capabilities.h
+++ b/src/swtpm/capabilities.h
@ -44,4 +44,6 @@

 int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion);

+int print_profiles(void);
+
 #endif /* SWTPM_CAPABILITIES_H */
--- a/src/swtpm/cuse_tpm.c
+++ b/src/swtpm/cuse_tpm.c
@ -279,6 +279,8 @@ static const char *usage =
 "--print-states      : print existing TPM states and terminate\n"
 "--profile name=<name>|profile=<json-profile>\n"
 "                    : Set a profile on the TPM 2\n"
+"--print-profiles\n"
+"                    : print all profiles supported by libtpms\n"
 "-h|--help           :  display this help screen and terminate\n"
 "\n";

@ -1611,6 +1613,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
                         ,       no_argument, 0, 'a'},
        {"print-states"  ,       no_argument, 0, 'e'},
        {"profile"       , required_argument, 0, 'I'},
+        {"print-profiles",       no_argument, 0, 'N'},
        {NULL            , 0                , 0, 0  },
    };
    struct cuse_info cinfo;
@ -1627,6 +1630,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
    int ret = 0;
    bool printcapabilities = false;
    bool printstates = false;
+    bool printprofiles = false;
    bool need_init_cmd = true;
    TPM_RESULT res;

@ -1742,6 +1746,9 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
        case 'e':
            printstates = true;
            break;
+        case 'N': /* --print-profiles */
+            printprofiles = true;
+            break;
        case 'v': /* version */
            fprintf(stdout, "TPM emulator CUSE interface version %d.%d.%d, "
                    "Copyright (c) 2014-2015 IBM Corp.\n",
@ -1819,6 +1826,11 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
        goto exit;
    }

+    if (printprofiles) {
+        print_profiles();
+        goto exit;
+    }
+
    if (!cinfo.dev_info_argv) {
        logprintf(STDERR_FILENO, "Error: device name missing\n");
        ret = -2;
--- a/src/swtpm/swtpm.c
+++ b/src/swtpm/swtpm.c
@ -199,6 +199,8 @@ static void usage(FILE *file, const char *prgname, const char *iface)
    "                 : print existing TPM states and terminate\n"
    "--profile name=<name>|profile=<json-profile>\n"
    "                 : Set a profile on the TPM 2\n"
+    "--print-profiles\n"
+    "                 : print all profiles supported by libtpms\n"
    "-h|--help        : display this help screen and terminate\n"
    "\n",
    prgname, iface);
@ -258,6 +260,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
    unsigned int seccomp_action;
    bool printcapabilities = false;
    bool printstates = false;
+    bool printprofiles = false;
    static struct option longopts[] = {
        {"daemon"    ,       no_argument, 0, 'd'},
        {"help"      ,       no_argument, 0, 'h'},
@ -284,6 +287,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
                     ,       no_argument, 0, 'a'},
        {"print-states",     no_argument, 0, 'e'},
        {"profile"   , required_argument, 0, 'I'},
+        {"print-profiles",   no_argument, 0, 'N'},
        {NULL        , 0                , 0, 0  },
    };

@ -434,6 +438,10 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
            profiledata = optarg;
            break;

+        case 'N': /* --print-profiles */
+            printprofiles = true;
+            break;
+
        default:
            usage(stderr, prgname, iface);
            exit(EXIT_FAILURE);
@ -501,6 +509,11 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
            goto exit_failure;
    }

+    if (printprofiles) {
+        print_profiles();
+        goto exit_success;
+    }
+
    if (handle_key_options(keydata) < 0 ||
        handle_migration_key_options(migkeydata) < 0 ||
        handle_pid_options(piddata) < 0 ||
--- a/src/swtpm/swtpm_chardev.c
+++ b/src/swtpm/swtpm_chardev.c
@ -220,6 +220,8 @@ static void usage(FILE *file, const char *prgname, const char *iface)
    "                 : print existing TPM states and terminate\n"
    "--profile name=<name>|profile=<json-profile>\n"
    "                 : Set a profile on the TPM 2\n"
+    "--print-profiles\n"
+    "                 : print all profiles supported by libtpms\n"
    "-h|--help        : display this help screen and terminate\n"
    "\n",
    prgname, iface);
@ -316,6 +318,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
    unsigned int seccomp_action;
    bool printcapabilities = false;
    bool printstates = false;
+    bool printprofiles = false;
    static struct option longopts[] = {
        {"daemon"    ,       no_argument, 0, 'd'},
        {"help"      ,       no_argument, 0, 'h'},
@ -343,6 +346,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
                     ,       no_argument, 0, 'a'},
        {"print-states",     no_argument, 0, 'e'},
        {"profile"   , required_argument, 0, 'I'},
+        {"print-profiles",   no_argument, 0, 'N'},
        {NULL        , 0                , 0, 0  },
    };

@ -484,6 +488,10 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
            profiledata = optarg;
            break;

+        case 'N': /* --print-profiles */
+            printprofiles = true;
+            break;
+
        default:
            usage(stderr, prgname, iface);
            exit(EXIT_FAILURE);
@ -549,6 +557,11 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
            goto exit_success;
    }

+    if (printprofiles) {
+        print_profiles();
+        goto exit_success;
+    }
+
    if (mlp.fd < 0) {
        logprintf(STDERR_FILENO,
                  "Error: Missing character device or file descriptor\n");