Since the device can be passed using --tpm-device <device>, we now
mark the last parameter, which can also be the device, as optional.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not bother trying to keep pidfilefd open in case fd = pidfilefd,
but close it unconditionally. If writing the pidfile fails, the process
terminates anyway, besides that we only ever need to write to the
pidfile once, which is happening in this function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following compilation issue/bug:
ctrlchannel.c: In function ‘ctrlchannel_process_fd’:
ctrlchannel.c:694:13: error: array subscript ‘ptm_hdata[0]’ is partly outside array bounds of ‘struct output[1]’ [-Werror=array-bounds]
694 | data->u.resp.tpm_result = htobe32(res);
| ^~
ctrlchannel.c:486:7: note: while referencing ‘output’
486 | } output;
| ^~~~~~
Sending hashes to the TPM is not currently used in any major
application, so this bug should not affect much.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older ARM processors need more time to create the initial CA keys
and then the key for the TPM. So we increase the timeout to 30s.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when accessing
the statefile and make sure we do not follow symlinks using O_NOFOLLOW.
The modification does not allow an attacker to create a symbolic link
with the name of the temporary file (TMP2-00.permall for TPM 2) and
have this point to a valueable file and swtpm ends up overwriting the
file. The success of the attack depends on the attacker having access
to the TPM's state directory (--tpmstate dir=...).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when creating a pidfile.
Also prevent us from following symbolic links when opening the pidfile for
writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Prevent us from following symliks when we open the lockfile
for writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Due to recent changes in tcsd, it doesn't accept 'tss:tss 0600' anymore
for the tcsd config file but we need to use 'root:tss 0640' for it.
So far only Fedora seems to be affected. It now depends on whether tcsd
has been patched what ownership is required. So we try first the old
configuration and then the new one.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Lift the code that sets up the vtpm proxy device out of the main
function and put it into its own function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Since the config files created by the swtpm-create-user-config-files
script will shadow those typically installed in /etc, we now require the
option --root if 'root' runs this script so that root is aware what he is
doing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
$ dpkg-buildpackage -us -uc
dpkg-buildpackage: info: source package swtpm
dpkg-buildpackage: info: source version 0.5.0-1
dpkg-buildpackage: info: source distribution RELEASED
dpkg-buildpackage: info: source changed by Stefan Berger <stefanb@linux.ibm.com>
dpkg-source: error: can't build with source format '3.0 (native)':
native package version may not have a revision
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Also fix an error in the man page on the way. 'startup-deactivated'
can only be used with a TPM 1.2, not a TPM 2.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To force the installation of the python programs add a python-install
target. This solves an installation issue with non-standard prefix,
like not using /usr or /usr/local, as may be the case on OS X (Apple)
when using homebrew. It leaves the 'make distcheck' working, which also
uses a non-standard prefix and where we don't want to install the tools
due to issues with removing them afterwards where pip3 cannot be used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the path to swtpm-localca to avoid this type of
error because of swtpm_localca_conf having been created in another
directory. This error occurred whan running
sudo bash -c "make -j32 distcheck"
Traceback (most recent call last):
File "/home/stefanb/tmp/swtpm/swtpm-0.5.0/samples/swtpm-localca", line 5, in <
from py_swtpm_localca.swtpm_localca import main
File "/home/stefanb/tmp/swtpm/swtpm-0.5.0/samples/py_swtpm_localca/swtpm_local
from py_swtpm_localca.swtpm_localca_conf import SYSCONFDIR
ModuleNotFoundError: No module named 'py_swtpm_localca.swtpm_localca_conf'
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To support writing state files atomically we first write into
a temporary file and then rename it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some distros (openSUSE) have deprecated the 'net-tools' package,
so we allow for 'ss' as an alternative tool from the
iproute/iproute2 package. This is only relevant for test cases.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid clashes with libtpms print functions, prefix the print function
in swtpm with SWTPM_ rather than TPM_. This may matter on older systems
where libtpms could call into swtpm's TPM_PrintAll function due to it
having the same name as libtpms's function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When creating the user config files, fall back to using ${HOME}/.config
if XDG_CONFIG_HOME is not set on a system.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Start tpm2-abrmd for the test case 'test_tpm2_samples_create_tpmca' rather than
expecting it to be already running.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Pass the CA's private key password via the template file. Remove recently
added old GnuTLS support. Extend man page with a paragraph about short-
comings of certtool that doesn't seem to allow private key password being
passed either as environment variable or template file.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older versions of GnuTLS need --password on the command line while
newer versions require GNUTLS_PIN to be set to pass the password.
So, this patch accomodates older versions of GnuTLS.
Older version of GnuTLS seem to NOT be able to handle a CA private
key needing a password and a signing key needing a password when
creating the intermediate CA. So this case of 2 passwords will
always fail.
The value of the local CA is not so high that passing passwords on
the command line would be an issue. Later on when using the CA the
password are set via environment variables, so not visible to other
users.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for pkcs11 module environment variables to the config file.
These variables may have the following format:
env:VARNAME=VALUE
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the man pages with further locations for the options and config
files in ${XDG_CONFIG_HOME} or ${HOME}/.confg.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
