Deactivate the code around resetting the TPM established bit
since its implementation currently requires libtpms 0.6.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement two more control channel commands:
- CMD_STORE_VOLATILE
- CMD_HASH_DATA
Implement test cases.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Deactivate the checking for the certificate size since different
GnuTLS versions may create certificates of different sizes by adding
additional fields or other data to the cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the macros defined in endian.h for endianess conversion.
Fix the conversion of a 64bit variable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Extend the swtpm_bios tool with an option to give up physical presence.
Have the TPM error codes reflected in the exit error of 128.
Add a test case for the tool.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a control channel for the 'chardev' swtpm that implements
a minimal set of control messages for now.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the hardcodes tss user and group and to configure with
--with-tss-user=tss --with-tss-group=tss to set the tss user
and group to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for the --tpmstate dir=<dir> command line parameter.
It will be used instead of the TPM_PATH, unless it is not set.
Adapt two test cases for the new parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for --pid file=<pidfile> command line parameter support.
The swtpm_cuse and swtpm now write their process IDs (pids) into
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the extension of PATH to the local dir('.') from swtpm_setup.sh
and adapt test cases accordingly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support the read/write interface and POSIX API calls for transfer of
TPM state blobs.
Extend the swtpm_ioctl program to support this as well. Use the
environment variable SWTPM_IOCTL_BUFFERSIZE to set the size of the
buffer to use and enable the read/write interface in this (test)
program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For being able to test the transfer of larger state blobs, extend the existing
test case with creating a large NVRAM location that becomes part of the permanent
state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the explicit saving of volatile state before saving the volatile
state blob to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add an ioctl that lets an application retrieve which keys are in use by the
TPM, i.e., file encryption or migration key
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have test_resume_volatile create a temporary dir and copy test files to it
that may be modified during the test run.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Integrity protect the TPM state when it is written in entrypted form.
libtpms state (for TPM1.2) is also integrity protecting the blobs, but
we better determine the integrity of the decrypted data on the layer
above it.
Add a test case that ensures that swtpm-localca automatically
creates a signing key and issuer cert if none is available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Rather than only using the ioctl to reset the TPM Establishment
bit in a given locality, also use the TPM_ResetEstablishmentBit
command for it in some test cases.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add new ioctls to get and set the 3 different types of state blobs
from and to the CUSE TPM. Add test cases for testing the new ioctl's
on a CUSE TPM that stores the state encrypted and on a CUSE TPM that
stores it non-encrypted.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Create uniqe names for the /dev/vtpm* so that tests can run in parallel.
Also separate the state directories of the TPMs into individual temporary
dirs.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
