The swtpm man page also covers the CUSE TPM, so do not maintain the
swtpm_cuse man page anymore but replace it with a redirect to the swtpm
mane page instead.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the buffer the key is read into to hold an 256bit key.
Add support for aes-256-cbc. Also, aes-128-cbc is now a synonym for
aes-cbc.
Update the man pages to reflect the AES 128 support.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use pbkdf2 as the default kdf and sha512 for the existing
test case. Do away with file limit of 32 bytes. This may
break backwards compatibility for some but better to do this
before a release...
Switch the existing test cases to use kdf=sha512 on the command
line where necessary to that the state for these test cases
does not need to be recreated.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement support for TPM2. Some of the capabilities are not supported yet in
this patch.
Extend the man pages with description for --tpm2.
Missing: configure should probe for needed API calls in libtpms
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement support for --locality allow-set-locality option that
is primarily useful in cases when the VTPM proxy access is enabled
by file descriptor passing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add options for locality handling so that commands in locality
4 for example are rejected per command line parameter. This is
useful when the vTPM is used with containers.
Also implement the custom TPM/TPM2_SetLocality command to allow
the Linux vTPM proxy driver to set the locality in which subsequent
TPM commands will be executed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for the --tpmstate dir=<dir> command line parameter.
It will be used instead of the TPM_PATH, unless it is not set.
Adapt two test cases for the new parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for --pid file=<pidfile> command line parameter support.
The swtpm_cuse and swtpm now write their process IDs (pids) into
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
