mkosi integrates with swtpm to automatically set up and build
VMs with vTPM support. The working directory is in an ephemeral
namespace that appears as /work/tmp/, and apparmor stops swtpm
from creating the local state files (lockfile, etc).
Add a policy entry to allow this to work.
Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Propagate the --allow-signing option from swtpm_setup into swtpm_localca
so that a certificate will finally be created that reflects the 'Digital
Signature' key usage.
Extend a test case to check for the 'Digitial signature' flag under
'key usage' when --allow-signing is passed.
Resolves: https://github.com/stefanberger/swtpm/issues/1061
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix the following issue reported when compiling on m68k:
ctrlchannel.c: In function 'ctrlchannel_process_fd':
ctrlchannel.c:710:20: error: comparison of integer expressions of
different signedness: 'uint32_t' {aka 'unsigned int'} and 'ssize_t'
{aka 'int'} [-Werror=sign-compar ]
710 | if (remain < n)
| ^
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Due to the usage of daemonize_prep() by the CUSE swtpm create /dev/null
in the chroot environment.
Suggested-by: Corigne <nathanjodoin@gmail.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend an existing test case to ensure that a 2nd swtpm process terminates
with an error related to not being able to get a lock on the storage's
lockfile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the CUSE TPM starts TPM in one process but then daemonizes and
effectively runs in a child process, the lock records on the storage
that the parent may have set up are lost due to them not being inherited
by the child. Fix the issue by daemonizing before the TPM is started so
that the child grabs the lock on the storage. Prevent CUSE from forking
so that not another child is created.
As a side-effect, this now moves any error reporting, that may previously
have occurred in the main process and where messages were show on stderr,
into the child process. A log is now required for these messages to become
visible.
Resolves: https://github.com/stefanberger/swtpm/issues/1050
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When printing the output of the info flags, the resuling JSON printed to
stdout should be the only printout. Therefore, suppress all informative
output to stdout so that either the JSON is the only output or only error
messages are printed.
Fixes: 3f551e1dc ("swtpm: Implement --print-info to run TPMLIB_GetInfo with flags")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When the special logging file descriptor SUPPRESS_INFO_LOGGING is chosen,
then only suppress informative and warning messages while still allowing
error messages to be printed to stderr.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
RSA-4096 is enabled in libtpms v0.11 and requires that default-v2
profile be used. Extend existing test case with test for RSA-4096
and default-v2 profile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
pkgconf supports setting GMP_CFLAGS and GMP_LIBS if the pkgconf file
does not exist, for older (pre-2019) distributions.
Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
Prevent an integer overflow with the recvd variable. However, the
buffer_len variable serves as an upper bound for how many bytes will ever
be received, so that this integer overflow will never occur. Therefore,
this is a false positive reported by Coverity. Fix it anyway.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Prevent an integer overflow that could result from adding the return value
of 'n' to an existing value. However, for this to occurr in this function,
one would have to write() more than 4G of data on a 32bit system for
example. So, this is a false positive reported by Covertity, but fix it
anyway.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Change the type of buffersize parameter of SWTPM_IO_Read from size_t to
uint32_t to match that of the caller and to avoid Coverity complaints
about possible integer overflows. Also change the offset to uint32_t.
An integer overflow would never have occurred since buffersize always
served as an upper bound of the number of bytes received.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Catch the unlikely case that sysconf returns 0 for _SC_PAGESIZE and avoid
integer overflow with the pagesize calculation, that should never occur if
pagesize is within normal limits. Also ensure that no overflow happens
with the msync_count variable.
On 64bit machines, casting count to size_t could work but would not work on
32bit platforms where size_t is the same as uint32_t, so the overflow
complain would not go away there.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Return ssize_t rather than int from logging function to resolve Coverity
complaints about possible integer overflows. Since no caller looks at the
return value from the logging functions, no other changes are necessary.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Display an error if the user set the backup option when using the
linear storage backend. Update the documentation about the rejection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend an existing test case to use the new fsync option to at least test
the option parser. That fsync() is actually being called is not easy to
observe.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an option to have the storage backend use fsync whenever state is
written to disk. Advertise this capability with
'tpmstate-dir-backend-opt-fsync' and adjust a test case.
Only support for the directory-backend is implemented.
Extend the swtpm man page with a description of this new option.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
