Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 19:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

swtpm: Add support for --print-profiles option

Browse Source 
Add support for --print-profiles option to print all profiles supported
by libtpms.

Usage:

  swtpm socket --tpm2 --print-profiles | jq

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2023-08-30 16:25:14 -04:00 committed by Stefan Berger
parent 62aaf0a251
commit 96fe5afac7
6 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
man/man8/swtpm.pod
View File

@ -334,7 +334,8 @@ may contain the following:
"rsa-keysize-1024", "rsa-keysize-1024",
"rsa-keysize-2048", "rsa-keysize-2048",
"rsa-keysize-3072", "rsa-keysize-3072",
"cmdarg-profile" "cmdarg-profile",
"cmdarg-print-profile"
], ],
"version": "0.7.0" "version": "0.7.0"
} }
@ -415,6 +416,10 @@ The option <--profile> is supported to set a profile for a TPM 2 using either
the option parameter I<name=> to select a profile by its name or I<profile=> the option parameter I<name=> to select a profile by its name or I<profile=>
to provide a JSON-formatted profile. to provide a JSON-formatted profile.
=item B<cmdarg-print-profiles> (since v0.10)
The option <--print-profiles> is supported.
=back =back
=item B<--print-states> (since v0.7) =item B<--print-states> (since v0.7)
@ -542,6 +547,10 @@ I<swtpm_ioctl> tool:
} }
} }
=item B<--print-profiles> (since v0.10)
Display the profiles supported by libtpms. Use with I<--tpm2> option.
=item B<-h|--help> =item B<-h|--help>
Display usage info. Display usage info.

12
src/swtpm/capabilities.c
View File

@ -218,6 +218,18 @@ error:
return ret; return ret;
} }
int print_profiles(void)
{
char *info_data = TPMLIB_GetInfo(TPMLIB_INFO_AVAILABLE_PROFILES);
if (info_data)
printf("%s", info_data);
free(info_data);
return 0;
}
int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion) int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion)
{ {
char *string = NULL; char *string = NULL;

2
src/swtpm/capabilities.h
View File

@ -44,4 +44,6 @@
int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion); int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion);
int print_profiles(void);
#endif /* SWTPM_CAPABILITIES_H */ #endif /* SWTPM_CAPABILITIES_H */

12
src/swtpm/cuse_tpm.c
View File

@ -279,6 +279,8 @@ static const char *usage =
"--print-states : print existing TPM states and terminate\n" "--print-states : print existing TPM states and terminate\n"
"--profile name=<name>|profile=<json-profile>\n" "--profile name=<name>|profile=<json-profile>\n"
" : Set a profile on the TPM 2\n" " : Set a profile on the TPM 2\n"
"--print-profiles\n"
" : print all profiles supported by libtpms\n"
"-h|--help : display this help screen and terminate\n" "-h|--help : display this help screen and terminate\n"
"\n"; "\n";
@ -1611,6 +1613,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
, no_argument, 0, 'a'}, , no_argument, 0, 'a'},
{"print-states" , no_argument, 0, 'e'}, {"print-states" , no_argument, 0, 'e'},
{"profile" , required_argument, 0, 'I'}, {"profile" , required_argument, 0, 'I'},
{"print-profiles", no_argument, 0, 'N'},
{NULL , 0 , 0, 0 }, {NULL , 0 , 0, 0 },
}; };
struct cuse_info cinfo; struct cuse_info cinfo;
@ -1627,6 +1630,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
int ret = 0; int ret = 0;
bool printcapabilities = false; bool printcapabilities = false;
bool printstates = false; bool printstates = false;
bool printprofiles = false;
bool need_init_cmd = true; bool need_init_cmd = true;
TPM_RESULT res; TPM_RESULT res;
@ -1742,6 +1746,9 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
case 'e': case 'e':
printstates = true; printstates = true;
break; break;
case 'N': /* --print-profiles */
printprofiles = true;
break;
case 'v': /* version */ case 'v': /* version */
fprintf(stdout, "TPM emulator CUSE interface version %d.%d.%d, " fprintf(stdout, "TPM emulator CUSE interface version %d.%d.%d, "
"Copyright (c) 2014-2015 IBM Corp.\n", "Copyright (c) 2014-2015 IBM Corp.\n",
@ -1819,6 +1826,11 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
goto exit; goto exit;
} }
if (printprofiles) {
print_profiles();
goto exit;
}
if (!cinfo.dev_info_argv) { if (!cinfo.dev_info_argv) {
logprintf(STDERR_FILENO, "Error: device name missing\n"); logprintf(STDERR_FILENO, "Error: device name missing\n");
ret = -2; ret = -2;

13
src/swtpm/swtpm.c
View File

@ -199,6 +199,8 @@ static void usage(FILE *file, const char *prgname, const char *iface)
" : print existing TPM states and terminate\n" " : print existing TPM states and terminate\n"
"--profile name=<name>|profile=<json-profile>\n" "--profile name=<name>|profile=<json-profile>\n"
" : Set a profile on the TPM 2\n" " : Set a profile on the TPM 2\n"
"--print-profiles\n"
" : print all profiles supported by libtpms\n"
"-h|--help : display this help screen and terminate\n" "-h|--help : display this help screen and terminate\n"
"\n", "\n",
prgname, iface); prgname, iface);
@ -258,6 +260,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
unsigned int seccomp_action; unsigned int seccomp_action;
bool printcapabilities = false; bool printcapabilities = false;
bool printstates = false; bool printstates = false;
bool printprofiles = false;
static struct option longopts[] = { static struct option longopts[] = {
{"daemon" , no_argument, 0, 'd'}, {"daemon" , no_argument, 0, 'd'},
{"help" , no_argument, 0, 'h'}, {"help" , no_argument, 0, 'h'},
@ -284,6 +287,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
, no_argument, 0, 'a'}, , no_argument, 0, 'a'},
{"print-states", no_argument, 0, 'e'}, {"print-states", no_argument, 0, 'e'},
{"profile" , required_argument, 0, 'I'}, {"profile" , required_argument, 0, 'I'},
{"print-profiles", no_argument, 0, 'N'},
{NULL , 0 , 0, 0 }, {NULL , 0 , 0, 0 },
}; };
@ -434,6 +438,10 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
profiledata = optarg; profiledata = optarg;
break; break;
case 'N': /* --print-profiles */
printprofiles = true;
break;
default: default:
usage(stderr, prgname, iface); usage(stderr, prgname, iface);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -501,6 +509,11 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
goto exit_failure; goto exit_failure;
} }
if (printprofiles) {
print_profiles();
goto exit_success;
}
if (handle_key_options(keydata) < 0 || if (handle_key_options(keydata) < 0 ||
handle_migration_key_options(migkeydata) < 0 || handle_migration_key_options(migkeydata) < 0 ||
handle_pid_options(piddata) < 0 || handle_pid_options(piddata) < 0 ||

13
src/swtpm/swtpm_chardev.c
View File

@ -220,6 +220,8 @@ static void usage(FILE *file, const char *prgname, const char *iface)
" : print existing TPM states and terminate\n" " : print existing TPM states and terminate\n"
"--profile name=<name>|profile=<json-profile>\n" "--profile name=<name>|profile=<json-profile>\n"
" : Set a profile on the TPM 2\n" " : Set a profile on the TPM 2\n"
"--print-profiles\n"
" : print all profiles supported by libtpms\n"
"-h|--help : display this help screen and terminate\n" "-h|--help : display this help screen and terminate\n"
"\n", "\n",
prgname, iface); prgname, iface);
@ -316,6 +318,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
unsigned int seccomp_action; unsigned int seccomp_action;
bool printcapabilities = false; bool printcapabilities = false;
bool printstates = false; bool printstates = false;
bool printprofiles = false;
static struct option longopts[] = { static struct option longopts[] = {
{"daemon" , no_argument, 0, 'd'}, {"daemon" , no_argument, 0, 'd'},
{"help" , no_argument, 0, 'h'}, {"help" , no_argument, 0, 'h'},
@ -343,6 +346,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
, no_argument, 0, 'a'}, , no_argument, 0, 'a'},
{"print-states", no_argument, 0, 'e'}, {"print-states", no_argument, 0, 'e'},
{"profile" , required_argument, 0, 'I'}, {"profile" , required_argument, 0, 'I'},
{"print-profiles", no_argument, 0, 'N'},
{NULL , 0 , 0, 0 }, {NULL , 0 , 0, 0 },
}; };
@ -484,6 +488,10 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
profiledata = optarg; profiledata = optarg;
break; break;
case 'N': /* --print-profiles */
printprofiles = true;
break;
default: default:
usage(stderr, prgname, iface); usage(stderr, prgname, iface);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
@ -549,6 +557,11 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
goto exit_success; goto exit_success;
} }
if (printprofiles) {
print_profiles();
goto exit_success;
}
if (mlp.fd < 0) { if (mlp.fd < 0) {
logprintf(STDERR_FILENO, logprintf(STDERR_FILENO,
"Error: Missing character device or file descriptor\n"); "Error: Missing character device or file descriptor\n");