From 96fe5afac7c39d7a0e2074f00d179878d859bc84 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Wed, 30 Aug 2023 16:25:14 -0400 Subject: [PATCH] swtpm: Add support for --print-profiles option Add support for --print-profiles option to print all profiles supported by libtpms. Usage: swtpm socket --tpm2 --print-profiles | jq Signed-off-by: Stefan Berger --- man/man8/swtpm.pod | 11 ++++++++++- src/swtpm/capabilities.c | 12 ++++++++++++ src/swtpm/capabilities.h | 2 ++ src/swtpm/cuse_tpm.c | 12 ++++++++++++ src/swtpm/swtpm.c | 13 +++++++++++++ src/swtpm/swtpm_chardev.c | 13 +++++++++++++ 6 files changed, 62 insertions(+), 1 deletion(-) diff --git a/man/man8/swtpm.pod b/man/man8/swtpm.pod index b9a7c19..6e28e0d 100644 --- a/man/man8/swtpm.pod +++ b/man/man8/swtpm.pod @@ -334,7 +334,8 @@ may contain the following: "rsa-keysize-1024", "rsa-keysize-2048", "rsa-keysize-3072", - "cmdarg-profile" + "cmdarg-profile", + "cmdarg-print-profile" ], "version": "0.7.0" } @@ -415,6 +416,10 @@ The option <--profile> is supported to set a profile for a TPM 2 using either the option parameter I to select a profile by its name or I to provide a JSON-formatted profile. +=item B (since v0.10) + +The option <--print-profiles> is supported. + =back =item B<--print-states> (since v0.7) @@ -542,6 +547,10 @@ I tool: } } +=item B<--print-profiles> (since v0.10) + +Display the profiles supported by libtpms. Use with I<--tpm2> option. + =item B<-h|--help> Display usage info. diff --git a/src/swtpm/capabilities.c b/src/swtpm/capabilities.c index 646acb8..74ef770 100644 --- a/src/swtpm/capabilities.c +++ b/src/swtpm/capabilities.c @@ -218,6 +218,18 @@ error: return ret; } +int print_profiles(void) +{ + char *info_data = TPMLIB_GetInfo(TPMLIB_INFO_AVAILABLE_PROFILES); + + if (info_data) + printf("%s", info_data); + + free(info_data); + + return 0; +} + int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion) { char *string = NULL; diff --git a/src/swtpm/capabilities.h b/src/swtpm/capabilities.h index 46dbebc..2ee6937 100644 --- a/src/swtpm/capabilities.h +++ b/src/swtpm/capabilities.h @@ -44,4 +44,6 @@ int capabilities_print_json(bool cusetpm, TPMLIB_TPMVersion tpmversion); +int print_profiles(void); + #endif /* SWTPM_CAPABILITIES_H */ diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c index f886b5b..fb36c35 100644 --- a/src/swtpm/cuse_tpm.c +++ b/src/swtpm/cuse_tpm.c @@ -279,6 +279,8 @@ static const char *usage = "--print-states : print existing TPM states and terminate\n" "--profile name=|profile=\n" " : Set a profile on the TPM 2\n" +"--print-profiles\n" +" : print all profiles supported by libtpms\n" "-h|--help : display this help screen and terminate\n" "\n"; @@ -1611,6 +1613,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac , no_argument, 0, 'a'}, {"print-states" , no_argument, 0, 'e'}, {"profile" , required_argument, 0, 'I'}, + {"print-profiles", no_argument, 0, 'N'}, {NULL , 0 , 0, 0 }, }; struct cuse_info cinfo; @@ -1627,6 +1630,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac int ret = 0; bool printcapabilities = false; bool printstates = false; + bool printprofiles = false; bool need_init_cmd = true; TPM_RESULT res; @@ -1742,6 +1746,9 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac case 'e': printstates = true; break; + case 'N': /* --print-profiles */ + printprofiles = true; + break; case 'v': /* version */ fprintf(stdout, "TPM emulator CUSE interface version %d.%d.%d, " "Copyright (c) 2014-2015 IBM Corp.\n", @@ -1819,6 +1826,11 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac goto exit; } + if (printprofiles) { + print_profiles(); + goto exit; + } + if (!cinfo.dev_info_argv) { logprintf(STDERR_FILENO, "Error: device name missing\n"); ret = -2; diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c index 754c71d..d87b5e4 100644 --- a/src/swtpm/swtpm.c +++ b/src/swtpm/swtpm.c @@ -199,6 +199,8 @@ static void usage(FILE *file, const char *prgname, const char *iface) " : print existing TPM states and terminate\n" "--profile name=|profile=\n" " : Set a profile on the TPM 2\n" + "--print-profiles\n" + " : print all profiles supported by libtpms\n" "-h|--help : display this help screen and terminate\n" "\n", prgname, iface); @@ -258,6 +260,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) unsigned int seccomp_action; bool printcapabilities = false; bool printstates = false; + bool printprofiles = false; static struct option longopts[] = { {"daemon" , no_argument, 0, 'd'}, {"help" , no_argument, 0, 'h'}, @@ -284,6 +287,7 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) , no_argument, 0, 'a'}, {"print-states", no_argument, 0, 'e'}, {"profile" , required_argument, 0, 'I'}, + {"print-profiles", no_argument, 0, 'N'}, {NULL , 0 , 0, 0 }, }; @@ -434,6 +438,10 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) profiledata = optarg; break; + case 'N': /* --print-profiles */ + printprofiles = true; + break; + default: usage(stderr, prgname, iface); exit(EXIT_FAILURE); @@ -501,6 +509,11 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface) goto exit_failure; } + if (printprofiles) { + print_profiles(); + goto exit_success; + } + if (handle_key_options(keydata) < 0 || handle_migration_key_options(migkeydata) < 0 || handle_pid_options(piddata) < 0 || diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c index c7a3f15..fe857b1 100644 --- a/src/swtpm/swtpm_chardev.c +++ b/src/swtpm/swtpm_chardev.c @@ -220,6 +220,8 @@ static void usage(FILE *file, const char *prgname, const char *iface) " : print existing TPM states and terminate\n" "--profile name=|profile=\n" " : Set a profile on the TPM 2\n" + "--print-profiles\n" + " : print all profiles supported by libtpms\n" "-h|--help : display this help screen and terminate\n" "\n", prgname, iface); @@ -316,6 +318,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i unsigned int seccomp_action; bool printcapabilities = false; bool printstates = false; + bool printprofiles = false; static struct option longopts[] = { {"daemon" , no_argument, 0, 'd'}, {"help" , no_argument, 0, 'h'}, @@ -343,6 +346,7 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i , no_argument, 0, 'a'}, {"print-states", no_argument, 0, 'e'}, {"profile" , required_argument, 0, 'I'}, + {"print-profiles", no_argument, 0, 'N'}, {NULL , 0 , 0, 0 }, }; @@ -484,6 +488,10 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i profiledata = optarg; break; + case 'N': /* --print-profiles */ + printprofiles = true; + break; + default: usage(stderr, prgname, iface); exit(EXIT_FAILURE); @@ -549,6 +557,11 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i goto exit_success; } + if (printprofiles) { + print_profiles(); + goto exit_success; + } + if (mlp.fd < 0) { logprintf(STDERR_FILENO, "Error: Missing character device or file descriptor\n");