The "version" field can be used to decide when capabilities are
supported/reported and give some library build details.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
A version was selected early for TPMLIB_GetInfo() to succeed in
--print-capabilities. TPM 1.2 is the default version, but can now be
disabled in libtpms.
Ignore the error when the version is unsupported by libtpms and skip
reporting the GetInfo related details.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Fix the handler for control channel command CMD_SET_DATAFD so that
it ORs new bits onto mlp->flags instead of overwriting its value.
This was causing loss of flags previously set during command-line
argument parsing, which resulted in user-provided options (e.g.
--terminate) to be permanently ignored if command CMD_SET_DATAFD
was at any point received on the control channel.
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Write the EK certificate files into the directory specified as parameter
to the --write-ek-cert-files option.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Pass an optional key_description parameter through the APIs to be able to
get the a human readable key description, such as 'rsa2048' or 'secp384r1'
of the key that was created.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Move code from setpm_setup into new function check_directory_access
that checks for existence of directory and access to it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add MY_CFLAGS, CFLAGS, and MY_LDFLAGS to all Makefile.am's so that they
can be defined during configure time as well as CFLAGS added during
build time. LDFLAGS were already handled correctly during build-time.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid the following warning use MY_ as a prefix for the offending
variables that have AM_ as a prefix:
configure.ac:587: warning: macro 'AM_CFLAGS' not found in library
configure.ac:590: warning: macro 'AM_LDFLAGS' not found in library
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
- Move swtpm_localca's sources out of samples/ (where they no longer
belong now that swtpm_localca is a binary) to src/swtpm_localca/.
- Tests now call the swtpm_localca binary directly at the location
where it was built, as they do with all other compiled programs.
- Simplify samples/swtpm-localca.in and delete swtpm-localca.2inst,
removing the now-unnecessary logic to selectively call swtpm_localca
from different locations (samples/ when running tests vs. /usr/bin/
post-installation).
Signed-off-by: Nick Chevsky <nchevsky@users.noreply.github.com>
Since commit 502cb1129a -D_FORTIFY_SOURCE=2 is passed to the gcc
command line resulting in memcpy() becoming a macro on Cygwin, which
then causes the following compiler errors due to the anonymous arrays
being used:
swtpm.c: In function ‘swtpm_tpm2_createprimary_ek_rsa’:
swtpm.c:686:26: error: macro "memcpy" passed 34 arguments, but takes just 3
686 | }, authpolicy_len);
| ^
In file included from /usr/include/string.h:180,
from swtpm.c:15:
/usr/include/ssp/string.h:97: note: macro "memcpy" defined here
97 | #define memcpy(dst, src, len) __ssp_bos_check3(memcpy, dst, src, len)
|
swtpm.c:682:9: error: statement with no effect [-Werror=unused-value]
682 | memcpy(authpolicy, (unsigned char []){
| ^~~~~~
swtpm.c:698:26: error: macro "memcpy" passed 50 arguments, but takes just 3
698 | }, authpolicy_len);
| ^
The solution is to surround the anonymous array definitions with '( )'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add fsync(2) before rename(2) for temp file to ensure data reaches disk
and for directory which containing state file to ensure directory entry
also reaches disk.
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com>
Some of the code comes from libtpms, where various methods are named
"TPM_Something". The swtpm version of these methods are named
"SWTPM_Something". However, certain debug/log messages and comments were
updated accordingly to reflect that.
This is a cosmetic change that fixes that.
Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
Cygwin's regex implementation doesn't seem to understand '\\s'
but needs [[:space:]] instead to properly skip over spaces.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses the following gcc-11 compiler issues:
In file included from /usr/include/glib-2.0/glib.h:114,
from swtpm_setup_utils.c:14:
swtpm_setup_utils.c: In function 'get_config_value':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'tmp' may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
swtpm_setup_utils.c:36:31: note: 'tmp' was declared here
36 | g_autofree gchar *tmp;
| ^~~
swtpm.c: In function 'swtpm_start':
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: 'pidfile_file' may be used uninitialized in this function [-Werror=maybe-uninitialized]
28 | g_free (*pp);
| ^~~~~~~~~~~~
swtpm.c:54:23: note: 'pidfile_file' was declared here
54 | g_autofree gchar *pidfile_file;
| ^~~~~~~~~~~~
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This is a 1:1 rewrite of swtpm_localca in 'C' as a final step to get
rid of the python dependency. It addresses issue #437.
Tested on: Cygwin, Fedora 33, Ubuntu Xenial & Bionic, FreeBSD,
DragonFlyBSD, OpenBSD (i386), Mac, Debian (recent), Centos-8,
CentOS (recent), Alpine (recent), OpenSUSE (recent),
Fedora 28 PPC Big Endian
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This is a 1:1 rewrite of swtpm_setup in 'C' as a first step to get
rid of the python dependency. It addresses issue #437.
Tested on: Cygwin, Fedora 33, Ubuntu Xenial & Bionic, FreeBSD,
DragonFlyBSD, OpenBSD (i386), Mac, Debian (recent), Centos-8,
CentOS (recent), Alpine (recent), OpenSUSE (recent)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Some of the wording in the help screen was odd, so rephrase it.
Fix the default owner and SRK passwords for the TPM 1.2 case.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix some typos. The value for TPM2_ALG_SHA3_512 was wrong but also is
currently not used since libtpms does not support it yet.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Initialize the key structure before loading the key into it. This
resolves an issue raised by Coverity, but doesn't seem to be really
necessary.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
These types have been renamed in libtasn1 version 3.0 (released 2012-10-28).
The most recent libtasn1 version 4.17.0 (released 2021-05-13) now prints
deprecation warnings that are made fatal by -Werror:
ek-cert.c:76:13: error: 'ASN1_ARRAY_TYPE' macro is deprecated, use 'asn1_static_node' instead. [-Werror]
76 | extern const ASN1_ARRAY_TYPE tpm_asn1_tab[];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[...]
The new types were introduced almost ten years ago, so they should be pretty
universally available by now.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Write a note in swtpm_setup's help screen and man page that the usage
of --allow-signing will lead to a non-standard EK. Be more precise in the
man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Start using timeouts when communicating with swtpm over Unix sockets so
that swtpm_ioctl does not just hang when it cannot communicate with swtpm
such as establishing a connection or reading results. This is because swtpm
listens to nlye one control channel connections.
This patch addresses an aspect of the problem reported in issue #415
but may also starting hiding bugs if certain operations are done in
the wrong order, as was the case in libvirt (6.10 & 7.0).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We need to probe for the support socketpair() domain. On Linux only
socket.AF_UNIX is support and on Cygwin AF_INET works.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following issue:
$ ./src/swtpm/swtpm chardev --print-capabilities --tpm2
swtpm: Error: Missing character device or file descriptor
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch adds support for partial reads to the CUSE swtpm.
We introduce a ptm_read_offset variable that holds the offset where to read
from next. It is reset every time a command has been processed as part of a
write() so that subsequent read()s start reading from offset 0. It is
advanced by the number of bytes that were read.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Asan reports this error for the CUSE TPM. The file_ops_lock was accidentally
duplicated in a code move of threadpool related code out of cuse_tpm.c
This patch removes the unused file_ops_lock from threadpool.c to resolve
the ASAN issue.
=================================================================
==545493==ERROR: AddressSanitizer: odr-violation (0x000000419340):
[1] size=8 'file_ops_lock' cuse_tpm.c:112:8
[2] size=8 'file_ops_lock' threadpool.c:55:8
These globals were registered at these points:
[1]:
#0 0x14f6c27f3cc8 (/lib64/libasan.so.6+0x37cc8)
#1 0x40c2c3 in _sub_I_00099_1 (/home/stefanb/tmp/swtpm/src/swtpm/.libs/lt-swtpm+0x40c2c3)
#2 0x40c31c in __libc_csu_init (/home/stefanb/tmp/swtpm/src/swtpm/.libs/lt-swtpm+0x40c31c)
[2]:
#0 0x14f6c27f3cc8 (/lib64/libasan.so.6+0x37cc8)
#1 0x14f6c27aad1a in _sub_I_00099_1 (/home/stefanb/tmp/swtpm/src/swtpm/.libs/libswtpm_libtpms.so.0+0x25d1a)
#2 0x14f6c31dc7b1 in call_init.part.0 (/lib64/ld-linux-x86-64.so.2+0x117b1)
==545493==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
SUMMARY: AddressSanitizer: odr-violation: global 'file_ops_lock' at cuse_tpm.c:112:8
==545493==ABORTING
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not bother trying to keep pidfilefd open in case fd = pidfilefd,
but close it unconditionally. If writing the pidfile fails, the process
terminates anyway, besides that we only ever need to write to the
pidfile once, which is happening in this function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following compilation issue/bug:
ctrlchannel.c: In function ‘ctrlchannel_process_fd’:
ctrlchannel.c:694:13: error: array subscript ‘ptm_hdata[0]’ is partly outside array bounds of ‘struct output[1]’ [-Werror=array-bounds]
694 | data->u.resp.tpm_result = htobe32(res);
| ^~
ctrlchannel.c:486:7: note: while referencing ‘output’
486 | } output;
| ^~~~~~
Sending hashes to the TPM is not currently used in any major
application, so this bug should not affect much.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Older ARM processors need more time to create the initial CA keys
and then the key for the TPM. So we increase the timeout to 30s.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when accessing
the statefile and make sure we do not follow symlinks using O_NOFOLLOW.
The modification does not allow an attacker to create a symbolic link
with the name of the temporary file (TMP2-00.permall for TPM 2) and
have this point to a valueable file and swtpm ends up overwriting the
file. The success of the attack depends on the attacker having access
to the TPM's state directory (--tpmstate dir=...).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Use the open() call rather than the fopen() call when creating a pidfile.
Also prevent us from following symbolic links when opening the pidfile for
writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses CVE-2020-28407.
Prevent us from following symliks when we open the lockfile
for writing.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Lift the code that sets up the vtpm proxy device out of the main
function and put it into its own function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To force the installation of the python programs add a python-install
target. This solves an installation issue with non-standard prefix,
like not using /usr or /usr/local, as may be the case on OS X (Apple)
when using homebrew. It leaves the 'make distcheck' working, which also
uses a non-standard prefix and where we don't want to install the tools
due to issues with removing them afterwards where pip3 cannot be used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To support writing state files atomically we first write into
a temporary file and then rename it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To avoid clashes with libtpms print functions, prefix the print function
in swtpm with SWTPM_ rather than TPM_. This may matter on older systems
where libtpms could call into swtpm's TPM_PrintAll function due to it
having the same name as libtpms's function.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
During the rewrite the additonal "/.config/" got dropped from the
path when using ${HOME} for locating he default config file.
Re-add it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Distributions often have their own guidelines regarding installation of Python
modules (e.g. Arch Linux mandates using --optimize=1 for setup.py install,
which the Makefile in this project does not do). Add an option
"--disable-python-installation" (disabled by default) to allow skipping the
Python installation process entirely so that distributions can take care of
this process manually in their preferred way.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Clang complains if eiher one of those linker flags are used during compilation:
clang-9: error: -Wl,-z,relro: 'linker' input unused [-Werror,-Wunused-command-line-argument]
clang-9: error: -Wl,-z,now: 'linker' input unused [-Werror,-Wunused-command-line-argument]
This patch applies those flags only when linking.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get rid of the 'c' code that only changed the user and add for support of
the --runas option to change to a different user in the python part.
To get 'make distcheck' to work I needed to name the swtpm_setup python
script with the suffix .in so that it gets copied to the build directory
as swtpm_setup. We need to change execute permissions on this file after
copying.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch over to the new python implementation of swtpm_setup. We need to
also adjust test cases that involved the tcsd that otherwise fail for
various reasons. For in-place testing we need to adjust the PYTHONPATH
and PATH so that swtpm_setup.py can be found and so that swtpm_setup.py
then finds swtpm if it is not explicitly passed as parameter.
Adjust the man page for swtpm_setup to reflect the changes.
We now can run swtpm_setup as any user. However, libvirt still runs it
as tss:tss (for example), which is then creating the signing key as tss:tss
as well. Ideally libvirt would run it as tss:root or any other combination
since the tss group may be used for user wanting to access /dev/tpmrm0 for
example. We at least change the directory ownership of /var/lib/swtpm-localca
to tss:root and keep the world out of this directory.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Rewrite swtpm_setup.sh in python. Use a permanent connection from the
tool to swtpm via passing file descriptors of a unix socketpair. Implement
all functionality in python so that we don't rely on trousers and tpm-tools
for swtpm_setup. This now allows any user to setup a TPM 1.2 whereas before
it had to be root or the tss user.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
BSD's sed does not print \n as newline, so we have to split the string
into different lines using tr.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add build targets selinux-install and selinux-uninstall to install
and uninstall the SELinux policy rules at a given priority. The
priority defeaults to 400, which works fine on Fedora.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Get rid of using eval when calling $create_certs_tool and only use
eval for resolving variables from the config file.
We only want variable substitution for entries from configuration
files, so escape all other special shell characters that may be
making it onto the command line so that no subshells are opened
and no redirection to files can occurr.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Change the file and directory ownership of tcsd related files only if it
is absolutely needed. It is not needed if we are running as user TCSD_USER
in group TCSD_GROUP because then the files were created with the needed
owner and group. This avoids problems when trying to change file ownership
when invoked by libvirt where we do not have the capabilities to change
file ownership even as root.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
When the TSS_USER != TSS_GROUP, e.g., user 'root' and group 'tss', then
tcsd requires that the access mode bits on the $TCSD_CONFIG file are set
to 0640, otherwise we get this error:
TCSD ERROR: TCSD config file (/tmp/tmp.Yd4LIF7mCE) must be mode 0640
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Redirect stdout and stderr from tcsd into a file and if tcsd reported
an error copy the error into the logfile. This makes debugging tcsd
related issues, such as ownership or access mode issues, easier.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch fixes the following linker issue reported for Gentoo in
issue #280.
ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to EVP_sha512
ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to PKCS5_PBKDF2_HMAC
ld.lld: error: /var/tmp/portage/app-crypt/swtpm-0.3.1-r1/work/swtpm-0.3.1/src/swtpm/.libs/libswtpm_libtpms.so: undefined reference to SHA512
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Extend the --print-capabilities option to also report supported RSA
key sizes. Only the TPM 2 may support anything else than 2048 bit RSA
keys, so we only consult 'swtpm socket --tpm2 --print-capabilities'
and grep for 2048 and 3072 key sizes and report them.
If nothing is found, nothing is reported, as before, and 2048 bit RSA
keys should be assumed.
'swtpm_setup --tpm2 --print-capabilities' may now show the following:
{
"type": "swtpm_setup",
"features": [
"cmdarg-keyfile-fd",
"cmdarg-pwdfile-fd",
"tpm2-rsa-keysize-2048",
"tpm2-rsa-keysize-3072"
]
}
Also adjust a test case to use a regular expression for matching
against an expected string that may nor may not have rsa-keysize
verbs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Construct RSA key size capability strings from libtpms TPMLIB_GetInfo()
string so that we can easily show which RSA key sizes are supported by
the TPM 2 implementation. If none are advertised, 1024 & 2048 can be
assumed to be supported.
'swtpm socket --tpm2 --print-capabilities' may now print the following:
{
"type": "swtpm",
"features": [
"tpm-send-command-header",
"flags-opt-startup",
"cmdarg-seccomp",
"cmdarg-key-fd",
"cmdarg-pwd-fd",
"no-tpm12-tools",
"rsa-keysize-1024",
"rsa-keysize-2048",
"rsa-keysize-3072"
]
}
We need to adapt the related test case to use a regular expression since
the rsa-keysize-xyz strings may or may not be there depending on libtpms
version.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If the host is missing tcsd (trousers) or the tpm-tools, swtpm_setup
will now report the 'no-tpm12-tools' verb like this:
> swtpm_setup --print-capabilities | jq
{
"type": "swtpm_setup",
"features": [
"cmdarg-keyfile-fd",
"cmdarg-pwdfile-fd",
"no-tpm12-tools"
]
}
The only TPM 1.2 setup parameter that requires interaction with
the TPM 1.2 that can be pass is then '--createek'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The ECC storage primary key was mistakently created in the endorsement
hierarchy but should be in the owner hierarchy. This patch corrects this
to have this key created in the owner hierarchy (like the RSA key),
thus using 0x40 00 00 01.
This only mattered if one used --create-spk and --ecc together.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Return the result of the called function rather than 0.
Fixes: d65f5ae1 ("swtpm_setup: Create RSA 2048 and ECC NIST P256 keys and certs")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove tpm2_stirrandom, which we should not need to run on a newly
created TPM 2.
Also remove tpm2_changeeps which was called twice when creating two
EKs, thus invalidating a previous EK that may have been created.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Switch to NIST P384 curves for the storage primary key as well as the 2nd EK.
The EK part now complies with the following specification:
TCG PC Client Platform TPM Profile Specification for TPM 2.0
Version 1.04
Revision 37
February 3, 2020
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Following "TCG PC Client Platform TPM Profile Specification for
TPM 2.0, version 1.04, Rev 37" create and RSA and an ECC NIST P256
key now. We will upgrade the ECC NIST key to P384 in the next
step.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Pass the ECC curve id and hash algorithm and the ECC_NONCE to the
function creating the ECC keys rather than hard coding them. Rename
the functions that create the NIST_P256 ECC keys to have _nist_p256
suffix in the name.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Rather than passing the offset of the 2nd part of an ecc key pass
the length of the key and calculate the 2nd offset using the length.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Leave a not about what version of template was used for the
RSA and ECC EK keys before updating them now.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement support for passing the curve id via the --curve-id
option. Default assumes secp256r1. secp384r1 is also supported.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Handle the default cases, which shouldn't ever be reachable, and set
the tocopy to '0' so that no unitialized variable gets copied.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
It's not necessary anymore to #include <seccomp.h> from the main programs.
Once removed, it also fixes the build on SuSE where seccomp.h is in
seccomp/seccomp.h and we didn't use the LIBSECCOMP_CFLAGS for swtpm.c etc.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Compilation on cygwin reports the following issue:
In file included from key.c:43:
key.c: In function ‘key_stream_to_bin’:
key.c:135:26: error: array subscript has type ‘char’ [-Werror=char-subscripts]
135 | !isspace(input[digits]) &&
| ~~~~~^~~~~~~~
key.c:143:40: error: array subscript has type ‘char’ [-Werror=char-subscripts]
143 | if (input[digits] && !isspace(input[digits]))
| ~~~~~^~~~~~~~
Address the issue using an explicit cast of char to int.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Remove some commented code and some code that isn't executed any
differently for the user id that's running it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
To make swtpm_setup.sh work on Travis on Bionic we need to
explicitly set TCSD_TCP_DEVICE_HOSTAME=127.0.0.1 since lookup
of localhost (with the API the tcsd is using) does not work.
It doesn't negatively affect any other use case, so no problem
setting it.
Also replace localhost in the bash tcp device path with 127.0.0.1.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
'swtpm chardev --vptm-proxy' currently requires a '--flag startup-xyz'
to be passed since otherwise the need_init_cmd variable would not be
set to false and swtpm would terminate after sending the startup
command. To maintain backwards compatibility we have to always
set the need_init_cmd variable to false for the --vtpm-proxy case
and must not require a startup flag to be passed.
Roll back one of the test case to not use the startup flag.
Fixes: e6bc4bdf0 ('swtpm: Enable sending startup commands ...')
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The vtpm proxy device requires that the TPM be 'Startup' otherwise it
fails sending the first command to it and will send the 'Startup'
(SU_CLEAR/TPM_ST_CLEAR) itself while adding a log entry. We want to
avoid the kernel log entry.
Add options to the existing --flags option that allows one to start
up the TPM 1.2 or TPM 2.0 with the startup types 'clear', 'state'
and 'deactivate' (TPM 1.2 only). Extend the --print-capabilities to
advertise the availability of these options with the string
'flags-opt-startup'.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for the --print-capabilities option to display newly
added capabilities. Adpat the man page and related test case.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Allow passing signing key and parent key via files and file descriptors
and environment variables. Adapt a test case to exercise this new
functionality.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This patch addresses several issues found with shellcheck. In particular
it now enables variables with spaces in them, such as file paths that
contain spaces.
Adjust one of the accompanying test cases to use spaces in the path.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Block the SIGPIPE so that a failing write() can return an EPIPE
rather than killing the process with a SIGPIPE.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Block the SIGPIPE so that a failing write() can return an EPIPE
rather than killing the process with a SIGPIPE.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only accept new client connection on the control channel if we
currently do not have a client on the control channel.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm_setup will fail once libtpms starts supporting other PCR
hash banks than sha1, sha256, sha384, sha512, and sm3-256. So,
this patch allows to choose active PCR banks of the SHA3 series.
Further, unknown hash banks will not fail the tool anymore when
it tries to determine which hash banks are supported by the TPM
since it will then add the hex number of the hash algorithm to
the collection of supported hashes.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Search for the SWTPM_EXE / SWTPM_IOCTL executable using 'type -P' to
determine whether it is an executable rather than assuming a full path
is given on which we can check -x.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
swtpm_setup.sh uses file descriptor 100 for 'exec 100 <> ...'.
So we have to make sure that the file descriptor inherited from
the caller of swtpm_setup does not overlap with a reserved range
to be used by swtpm_setup.sh, which we declare to be [100..109].
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix a cut and paste error in the error message output and be more
verbose in log about encryption when using file descriptors.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The --print-capabilities is missing in the 'swtpm chardev' help screen
but the code is there to interpret the command line flag. This patch
adds the missing lines to the help screen.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the gnutls_x509_crt_get_subject_key_id() API call to get the subject
key ID of the signer's certificate rather than gnutls_x509_crt_get_key_id().
The latter returns the same result most of the time but there are instances
when this is not the case and the returned result is wrong.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The OIDs for the TPM 1.2 and TPM 2 platform data
are different (though have the same name in the spec).
Adapt them for the TPM 2 case.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We have to use writev_full() when --vtpm-proxy is used since writev()
does not seem to work and we get an EIO error. writev_full() uses write(),
so we can use it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement read_eintr() to read into a buffer and handle EINTR on
the way.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Implement write_full and writev_full that handle partial writes.
Implement writev_full using write_full since handling partial writes
with iovec's can become quite complicated.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Extend swtpm_setup with the --print-capabilities option which
prints a JSON object describing supported features.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
rm on NetBsd prints out an error message when trying to remove a file
with an empty filename. Avoid this situation by checking for non-empty
filenames first.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement support for printing newly added capabilities, such as
being able to read the key and password from a file descriptor.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
