Implement allow-set-locality for CUSE TPM and extend the existing
locality test case with commands that try to write the SetLocality
comamnd to the device.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement support for --locality allow-set-locality option that
is primarily useful in cases when the VTPM proxy access is enabled
by file descriptor passing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add options for locality handling so that commands in locality
4 for example are rejected per command line parameter. This is
useful when the vTPM is used with containers.
Also implement the custom TPM/TPM2_SetLocality command to allow
the Linux vTPM proxy driver to set the locality in which subsequent
TPM commands will be executed.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the missing check of return code from handle_server_options
to check for negative value like all the other checks also do.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use logprintf wherever possible. While the logging is not set up,
print error messages to stderr and prefix them with 'swtpm: '. After
the logging has been set up all error messages go into the log file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use a buffer for printing in TPM_PrintAll. Emit the buffer
upon a new line. This prepares for printing every line with
a prefix.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add MAIN_LOOP_FLAG_READALL for non SOCK_STREAM client sockets. This allows
reading all socket data once.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
swtpm server is closing the client data connection after serving a single
request, which shall not happen. Hence added MAIN_LOOP_FLAG_KEEP_CONNECTION
mainloop flag to keep the client data connection alive, till client is alive.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
New option '--ctrl clientfd=<fd>' is added to the control socket parameters.
The passed 'fd' is used as control channel client-fd and treated as single
client mode.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Initialize variables in ctrlchannel_return_state so that all error cases
are properly handled.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Set the default log level to 1 so that console output is shown.
This can be turned off with --log level=0
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Following the example in the Appendix A.1 of the TCG EK Credential
Profile Spec Version 2.0, a ASN.1 SET is supposed to be created for
each one of the items. This patch fixes the format.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Use the GNUTLS 3.5 function gnutls_x509_crt_set_subject_alt_othername
to set the TP<M and platform manufacturer info since the other function
does not accept binary data.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Skip the CUSE TPM related tests if the CUSE kernel module is not
available. Return similar error messages for both CUSE and VTPM proxy
module if they are not available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Wait for the chardev the VTPM proxy device creates to actually appear.
In some cases the exec statement opening the file would otherwise
create a file /dev/tpm0 for example and subsequently tests then ended
up failing.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Expose the logging level to the command line by extending the
log option with a level parameter.
Extend the man swtpm man page with the level parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Introduce a log level for the logging functions. The log level
is defined by the number of spaces used for indentation. Adapt
the log functions to only log when the number of leading spaces
in a string is appropriate for logging.
Call the log function of libtpms to set the file descriptor to
log to, the log level, and log line prefix.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Fix the missing mentioning of the bindaddr and ifname parameters for
the --server option on the help screen.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
