Extend a test case to check whether the permanent state files changes
when a TPM2_PCR_Read() is executed. The state file change would cause
timeouts inside VMs when an fsync() is used that fully synchronzies the
state of the TPM 2 with the data on disk. The issue has been resolved in
more recent versions of libtpms (master and branches). The updated
libtpms is required if fsync() for files and directories is to be enabled.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
We cannot currently fsync on the TPM's state file and the dir since this
takes too long and commands in a VM may time out. The reason for this is
that the TPM 2 code occasionally writes the permanent state out even on
commands like TPM2_PCR_Extend that must not take a long time.
See explanation for this in the libtpms PR https://github.com/stefanberger/libtpms/pull/274 .
We will re-enable this feature in 'a while' once the updated libtpms
version has been made more widely available.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Fix issue #591 by initializing the variables swtpm_has_tpm2 and
swtpm_has_tpm12.
swtpm_setup.c:1178:31: note: 'swtpm_has_tpm2' was declared here
gboolean swtpm_has_tpm12, swtpm_has_tpm2;
^~~~~~~~~~~~~~
swtpm_setup.c:1019:5: error: 'swtpm_has_tpm12' may be used uninitialized in this function [-Werror=maybe-uninitialized]
printf("{ \"type\": \"swtpm_setup\", "
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"\"features\": [ %s%s\"cmdarg-keyfile-fd\", \"cmdarg-pwdfile-fd\", \"tpm12-not-need-root\""
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
It is possible to start swtpm with this command line even though
neither storage nor communication channels have been provided.
./src/swtpm/swtpm socket --flags not-need-init,startup-clear
Since sending a startup message to the TPM will cause it to
want to store permanent state, we have to handle the case when
no storage backend was given and therefore the backend_uri
is NULL.
Previously the above command line caused a NULL pointer exception
but now handles this case with the following output:
swtpm: SWTPM_NVRAM_Init: Missing backend URI.
swtpm: Error: Could not initialize libtpms.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Rather than having the CA certificates, that are created on the fly,
expire in 10 years, have them not expire at all.
Also create TPM certificates that don't expire and extend a test
case for this.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Have swtpm-create-user-config-files run swtpm_setup with the new
--create-config-files option and possible parameters.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement support for skipping over creating the files
if any one of the config files already exist.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Implement the option --create-config-files to create config files
for swtpm_setup and swtpm-localca for a user account. The files will
be created under the $XDG_CONFIG_HOME or $HOME/.config directories.
This option supports optional arguments 'overwrite' to allow overwriting
existing config files as well as the optional argument 'root' to create
config files under root's home directory. Both options can be passed
by separating them with a ','.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Adapted from tpm-udev [0] which handles that, but it is not really a
hard-requirement for swtpm and TSS_USER is configurable after all
(even if that is mostly used for the test system).
So, create that user and group if it does not exists to avoid errors
and failing installation.
[0]: https://salsa.debian.org/debian/tpm-udev/-/blob/master/debian/tpm-udev.postinst
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Currently `trousers` is listed as (hard) Dependency, but it does not
seems to be required for quite a few usecases, e.g., ours where we
mainly using swtpm for providing a tpm to VMs.
With trousers in Debian one gets an additional pain point: it comes
with rather dated and in some cirumstances failing by mistake init
script [0] that can throw errors when setting up during installation
and thus fail the whole installation of swtpm as Debian policy for
`Depends` hits:
> A package will not be configured unless all of the packages listed
> in its Depends field have been correctly configured
-- [1]
Declaring dependencies for things are not a hard requirement means
that a user will be required to install more dependencies than
actually needed.
Just documenting that as fact why I investigated in the
hard-requirement on trousers in the first place, not an actual
justification - it's a packaging bug after all.
So downgrade the dependency to "Suggests", as it seems a reasonable
level when checking its documented meaning:
> This is used to declare that one package may be more useful with
> one or more others. Using this field tells the packaging system and
> the user that the listed packages are related to this one and can
> perhaps enhance its usefulness, but that installing this one without
> them is perfectly reasonable.
-- [1]
[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895201
[1]: https://www.debian.org/doc/debian-policy/ch-relationships.html
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Display the --print-states capability in the --print-capabilites
output as cmdarg-print-states.
Document availability in the man page.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cygwin internally uses the Windows API call FlushViewOfFile that
seems to not like to be called with an excessive number of bytes.
Instead, call it with length = 0 so that 'the file is flushed from
the base address to the end of the mapping' and then msync() succeeds.
Source:
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-flushviewoffile
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use the pidfile filename rather than the fd because Cygwin for example
does not seem to support passed file descriptors and also OpenBSD
does not pass some test cases because of this.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The header file endian.h does not exists everywhere, so we have to
use system_dependencies.h to get something similar on all systems.
Some compilers, such as gcc on FreeBSD, are picky about unused
function parameters, so we have to decorate the unused ones
with SWTPM_ATTR_UNUSED.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
The header file fs/linux.h only exists on Linux but we can also
use sys/mount.h, which also exists on Cygwin and the BSDs.
Only support block devices if BLKGETSIZE64 is defined.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Abstract away implementation specific code for handling TPM state in
swtpm_setup. The current code for handling directories is moved to
'swtpm_backend_dir.c'.
Where possible, the input argument is simply passed verbatim as
'backend-uri' to swtpm.
No functional change intended, aside from supporting 'dir://' as
optional prefix. The checks for lock-file accessibility are moved to
check_access(), but that shouldn't affect anything AFAICT.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
This avoids issues with state backends where we don't have a convenient
directory for a pidfile available.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
...and use delete_swtpm_statefiles instead. This function iterates the
folder instead of just deleting one file, but since it is already called
before the init call guarded here, it can only affect files created by
this run anyway.
Note that delete_state had slightly different return semantics, but it
doesn't matter, as the return value is ignored here anyway (best effort
cleanup).
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
Adapt save_load_state tests to include coverage of the "linear file"
backend mode. "tpm2" is save/load is tested with both a regular file and
a loop device to excercise the blockdev mmap code.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
Implements a second abstraction layer as an NVRAM storage backend: The
"linear" backend stores data in a simple format that can contain
multiple files (multiple TPM states and numbers) in one linear address
space. This can then be mapped to files or other "block-device-like"
interfaces using nvram_linear_file_ops implementations.
A simple one using mmap is provided with the URI type "file://".
Does not support any locking at the moment, users must ensure exclusive
access themselves.
Signed-off-by: Stefan Reiter <stefan@pimaker.at>
The key is freed using 'gnutls_privkey_deinit(pkcs11key)', yet the
following memory leaks show up that are most likely in the pkcs11 module.
Skip the test if ASAN is being used to avoid the test failure.
Direct leak of 55080 byte(s) in 1 object(s) allocated from:
#0 0x7fdabb152af7 in calloc (/lib64/libasan.so.6+0xaeaf7)
#1 0x7fdab6b737c6 in C_Initialize (/usr/lib64/pkcs11/libtpm2_pkcs11.so+0x147c6)
#2 0x7fdab9a5f8a9 in initialize_module_inlock_reentrant (/lib64/libp11-kit.so.0+0x2b8a9)
#3 0x7fdab9a5fc88 in managed_C_Initialize (/lib64/libp11-kit.so.0+0x2bc88)
#4 0x7fdab9a66018 in p11_kit_modules_initialize (/lib64/libp11-kit.so.0+0x32018)
#5 0x7fdab9a66778 in p11_kit_modules_load_and_initialize (/lib64/libp11-kit.so.0+0x32778)
#6 0x7fdabab10dc5 in auto_load (/lib64/libgnutls.so.30+0x9cdc5)
#7 0x7fdabab12656 in gnutls_pkcs11_init (/lib64/libgnutls.so.30+0x9e656)
#8 0x7fdabab12779 in _gnutls_pkcs11_check_init (/lib64/libgnutls.so.30+0x9e779)
#9 0x7fdabab1af1f in gnutls_pkcs11_privkey_import_url (/lib64/libgnutls.so.30+0xa6f1f)
#10 0x7fdabaaee0e3 in gnutls_privkey_import_url (/lib64/libgnutls.so.30+0x7a0e3)
#11 0x40abee in main /home/stefanb/dev/swtpm/src/swtpm_cert/ek-cert.c:1399
#12 0x7fdab9f5ab74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
#13 0x40366d in _start (/home/stefanb/dev/swtpm/src/swtpm_cert/swtpm_cert+0x40366d)
Indirect leak of 8208 byte(s) in 1 object(s) allocated from:
#0 0x7fdabb152af7 in calloc (/lib64/libasan.so.6+0xaeaf7)
#1 0x7fdab6b736f9 in C_Initialize (/usr/lib64/pkcs11/libtpm2_pkcs11.so+0x146f9)
#2 0x7fdab9a5f8a9 in initialize_module_inlock_reentrant (/lib64/libp11-kit.so.0+0x2b8a9)
#3 0x7fdab9a5fc88 in managed_C_Initialize (/lib64/libp11-kit.so.0+0x2bc88)
#4 0x7fdab9a66018 in p11_kit_modules_initialize (/lib64/libp11-kit.so.0+0x32018)
#5 0x7fdab9a66778 in p11_kit_modules_load_and_initialize (/lib64/libp11-kit.so.0+0x32778)
#6 0x7fdabab10dc5 in auto_load (/lib64/libgnutls.so.30+0x9cdc5)
#7 0x7fdabab12656 in gnutls_pkcs11_init (/lib64/libgnutls.so.30+0x9e656)
#8 0x7fdabab12779 in _gnutls_pkcs11_check_init (/lib64/libgnutls.so.30+0x9e779)
#9 0x7fdabab1af1f in gnutls_pkcs11_privkey_import_url (/lib64/libgnutls.so.30+0xa6f1f)
#10 0x7fdabaaee0e3 in gnutls_privkey_import_url (/lib64/libgnutls.so.30+0x7a0e3)
#11 0x40abee in main /home/stefanb/dev/swtpm/src/swtpm_cert/ek-cert.c:1399
#12 0x7fdab9f5ab74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
#13 0x40366d in _start (/home/stefanb/dev/swtpm/src/swtpm_cert/swtpm_cert+0x40366d)
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only recent libvirt versions have the patch for the AppArmor profile for
libvirt to allow fsync after opening a directory for reading. Rather
than failing hard on the open-directory-for-reading error, log it once
and continue and do not try it again after.
This patch addresses the problems seen on Ubuntu related to an older
version of libvirt without the AppArmor profile update.
- issue #484
- issue #549
- issue #559
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Only recent libvirt versions have the patch for the AppArmor profile
for libvirt to allow fsync on dir and directory. Rather than failing
hard on this error, log it once and continue and do not try fsync
again after.
This patch addresses the problems seen on Ubuntu related to an older
version of libvirt without the AppArmor profile update.
- issue #484
- issue #549
- issue #559
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
FreeBSD may return errno EINVAL beside ENOENT once there are no more
entries in a directory to walk over. It claims that readdir() follows
the getdirentries() return codes, which do include EINVAL but not
ENOENT. But ENOENT is also being used.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use return rather than exit() when returning from main so that g_autofree'd
variables can be freed.
This resolves issue #568 that occurs with clang only.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Use return rather than exit() when returning from main so that g_autofree'd
variables can be freed.
This resolves issue #568 that occurs with clang only.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
