The Ubuntu (PPA) build system executes the build on an environment that
has problems with seccomp profiles. It does not allow us to run the test
suite with swtpm applying its seccomp profile since it fails with a
'bad system call' error. To work around this we introduce the env. variable
SWTPM_TEST_SECCOMP_OPT that we can set to "--seccomp action=none" to avoid
having swtpm apply it seccomp profile.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fedora policy seems to be to use python3 explicitly for the hashbang
rather than python, which could be either python2 or python3. So convert
it to python3. Also adapt configure.ac to require python3 executable.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
We quetry the swtpm for TPM specification info that goes into the
certificate for the EK.
Update the test cases that now see more capabilties being returned
by the swtpm.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Implement a command for setting and querying the buffer size the
TPM implementation (libtpms) is using. The setting of the
buffersize allows to reduce the size of the buffer to a size
that the interface can support so that these two sizes match
and the TPM will not produce larger responses than what the
interface can support.
Extend swtpm_ioctl with an option to set the buffersize.
Adapt the existing tests to reflect the newly supported command.
Implement a new test for getting/setting of the buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
As objected by QEMU upstream developers to use two different sockets for
starting/using of swtpm, This commit adds support for passing unix domain
socket over control channel.
The summary of the changes include:
- Defined new control command CMD_SET_DATAFD, using this clients can send data
socket.
- set mlp.fd and mlp.flags outside of the mainloop
- updated the testcases
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Add the missing PTM_CAP_GET_CONFIG to the returned flags.
Fix the order of the flags on the way.
Fix the test cases that test for the flags.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
New option '--ctrl clientfd=<fd>' is added to the control socket parameters.
The passed 'fd' is used as control channel client-fd and treated as single
client mode.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
