Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-23 03:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,439 Commits 24 Branches 39 Tags 7 MiB
stable-0.8
Commit Graph

1439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Berger
0224c76d68 cleanup in tpm_ioctl.h 
Do some cleanups in tpm_ioctl.h

Signed-off-by; Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-28 06:50:04 -04:00
Stefan Berger
ad976d1a2e Add copyright stanza where missing; update date 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-26 20:52:40 -04:00
Stefan Berger
bd98690a4a Add ioctl to get configuration flags about keys in use 
Add an ioctl that lets an application retrieve which keys are in use by the
TPM, i.e., file encryption or migration key

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-26 07:30:38 -04:00
Stefan Berger
8236603be8 tests: add volatilestate.bin to EXTRA_DIST 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-25 15:46:04 -04:00
Stefan Berger
1680c41d9e swtpm: Add a command line option for a migration key 
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-25 11:18:44 -04:00
Stefan Berger
082533af22 swtpm: Have crypto functions use a key as parameter 
Have the crypto functions use a key as a parameter rather than having them
operate on a specific fixed key.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-25 11:12:23 -04:00
Stefan Berger
81264f7356 swtpm: break apart key parsing function 
Break the key parsing function apart into a common parsing function
and one specific to the file encryption key.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-25 11:12:23 -04:00
Stefan Berger
bed4894cd7 swtpm: prepend a header in front of all blobs retrieved from the TPM 
Prepend a header in front of all blobs retrieved from the TPM.
Write flags into this header indicating whether the blob is
encrypted.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-25 11:12:23 -04:00
Stefan Berger
4dfb26d9b4 tests: do not let test_resume_volatile touch files in git 
Have test_resume_volatile create a temporary dir and copy test files to it
that may be modified during the test run.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-24 21:37:11 -04:00
Stefan Berger
b902468900 swtpm: integrity protect the encrypt TPM state 
Integrity protect the TPM state when it is written in entrypted form.
libtpms state (for TPM1.2) is also integrity protecting the blobs, but
we better determine the integrity of the decrypted data on the layer
above it.
 2015-05-19 16:35:08 -04:00
Stefan Berger
fdbc203585 swtpm: more precise error message if setuid doesn't work 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-16 17:59:39 -04:00
Stefan Berger
af0ef0205a swtpm: assign value to saveptr used in strtok_r 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:59:16 -04:00
Stefan Berger
c6ba40fc53 swtpm: Ignore the return value of a write op before closing connection 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:54:45 -04:00
Stefan Berger
0a7e8d236d swtpm_setup: Annotate that we pass argv to execv intentionately 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:51:16 -04:00
Stefan Berger
74e53a6268 swtpm: No need to compare locality with negative values 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:48:20 -04:00
Stefan Berger
0268ef45d2 swtpm: change type of len from size_t to ssize_t 
Change the type of the len variable from size_t to ssize_t for
comparison against neg. values to work.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:48:20 -04:00
Stefan Berger
414e0e8960 swtpm_ioclt: no need to compare locality with values < 0 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:48:11 -04:00
Stefan Berger
38a9453322 swtpm_cert: change variable type from unsigned char to char 
Change variable type of val1 and val2 from unsigned char to char for
the comparison with neg. numbers to work.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:24:27 -04:00
Stefan Berger
3df8cbf91b swtpm_cuse: no need to compare uint8_t locality with < 0. 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:20:16 -04:00
Stefan Berger
da521f048b swtpm: replace size_t with ssize_t for variable taking read() return value 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:18:23 -04:00
Stefan Berger
fddbb58d48 swtpm: Check file descriptor >= 0 before closing 
Check the file descriptor for >= 0 before closing it. Hopefully
this makes Coverity happy.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:09:05 -04:00
Stefan Berger
9e89ffa12d swtpm_bios: Remove UNIXIO socket related code since not used 
We do not support UNIXIO sockets for communicatin with the swtpm
yet, so remove this.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 14:04:03 -04:00
Stefan Berger
0dba8f77eb tests: add test case that certificate is created automatically 
Add a test case that ensures that swtpm-localca automatically
creates a signing key and issuer cert if none is available.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-12 09:35:55 -04:00
Stefan Berger
e387a34eab swtpm_ioctl: Move code for loading TPM stateblobs to own function 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-11 06:42:27 -04:00
Stefan Berger
eafb7054d8 swtpm_ioctl: Move code for saving TPM stateblobs to own function 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-11 06:41:42 -04:00
Stefan Berger
5ef047fedf swtpm_ioctl: move hashing code into own function 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-10 10:28:57 -04:00
Stefan Berger
6b7aefa9c2 swtpm: cleanup and commented ptm_ioctl 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-09 08:44:11 -04:00
Stefan Berger
6d7d0dd5e6 swtpm_ioctl: source formatting 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-09 08:41:04 -04:00
Stefan Berger
57ac11eaf8 Enable certificate creation by default 
Modify swtpm_setup.conf to enable the creation of certifcates by default.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-05 11:05:38 -04:00
Stefan Berger
5ee4ea1f99 build: need at least tpm-tools 1.3.8-6 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 07:35:23 -04:00
Stefan Berger
cdbfb7be1a swtpm_setup: Print error in case 'eval' fails on file permissions etc. 
Also have the log function print out all parameters.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 01:27:48 -04:00
Stefan Berger
a1004f8caa build: set proper rights on swtpm-localca script when installing 
Signed-off-by: Stefan  Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 01:07:28 -04:00
Stefan Berger
3cb54a5d35 build: install /var/lib/swtpm-localca with proper owner 
Install /var/lib/swtpm-localca so that tss can access it.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 00:31:44 -04:00
Stefan Berger
798694516e swtpm_setup: fix variable name typo 
Fix a typo in a variable name.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 02:58:17 -04:00
Stefan Berger
58145689b0 samples: automatically create signing key and issuer cert 
Automatically create the signing key and a self-signed issuer
certificate if the state dir has to be created.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 02:52:08 -04:00
Stefan Berger
7ad7df96ba sample: rename swtpm_localca dir to swtpm-localca 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 00:36:23 -04:00
root
070d313cb3 samples: rename swtpm-localca.sh to swtpm-localca 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-04 00:26:14 -04:00
Stefan Berger
d379cbb4a4 test: Use TPM_ResetEstablishmentBit command in some tests 
Rather than only using the ioctl to reset the TPM Establishment
bit in a given locality, also use the TPM_ResetEstablishmentBit
command for it in some test cases.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-02 09:19:46 -04:00
Stefan Berger
a4b00166dd tests: Fix test case output 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-05-01 16:25:54 -04:00
Stefan Berger
0722cffd12 tests: Extends test_volatilestate with checks on establishment bit 
Extend the testcase test_volatilestate with check on the TPM
establishment bit and that it is saved across volatile save/load
operations.
 2015-05-01 12:24:39 -04:00
Stefan Berger
9fb43c7a98 test: Terminate swtpm in case testcase is aborted 
Send a SIGTERM to the swtpm in case the testcase is aborted.
 2015-04-28 20:16:47 -04:00
Stefan Berger
cb5dc4e92c Require kernel-modules-extra package 
The cuse module is found in the kernel-modules-extra package.
 2015-04-02 06:44:38 -04:00
Stefan Berger
1140f4c656 tests: bail out if modprobe cuse fails 
Terminate the test case immediately if modprobe cuse fails.
 2015-04-02 06:43:39 -04:00
Stefan Berger
4bee90cbc7 Adjust blob size to a size that should work for all architectures 
PPC64 seems to not work with 8k blob sizes, but 7k worked.
To be on the safe size, we set the size so that the requests
and responses are below a 4k page size.
 2015-04-01 22:45:57 -04:00
Stefan Berger
48abfbb1c0 Expect tool is required 
Check for the expect tool in configure.
Require the expect tool in the spec file.
 2015-04-01 22:39:17 -04:00
Stefan Berger
58548ac677 swtpm: document some more code 
Add documentation to the include file and some functions in  the source
code files.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>jo
 2015-03-30 10:06:49 -04:00
Stefan Berger
337247ef6c swtpm: add documentation to options source code 
Add documentation to the options source code and introduce an explicit
default value to return in case an option was not found while parsing.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
 2015-03-30 07:24:08 -04:00
Stefan Berger
292fc83f3e swtpm_cuse: automatically remove volatile state after retireval 
Automatically remove the volatile state file after retrieval.
 2015-03-19 15:44:22 -04:00
Stefan Berger
950040f03c swtpm_cuse: implement STOP ioctl 
Implement a STOP ioctl in the swtpm and swtpm_ioctl client.
Modify test cases to used swtpm_ioctl --stop.
 2015-03-16 11:50:03 -04:00
Stefan Berger
33e241b562 swtpm_ioctl: if blob cannot be found TPM_NON_FATAL is returned 
It's not a fatal error if a blob is not returned and the CUSE TPM replies
with TPM_NON_FATAL error code.
 2015-03-16 11:19:44 -04:00