Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-02-05 14:12:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
1,373 Commits 24 Branches 39 Tags 5.3 MiB
C 62.5%
Shell 34.8%
Makefile 1.1%
M4 1.1%
Python 0.4%
Other 0.1%
9b3add22ac
Go to file
Stefan Berger 9b3add22ac swtpm: If necessary send TPM2_Shutdown() before TPMLIB_Terminate() 
If necessary send a TPM2_Shutdown() command to libtpms before processing
CMD_INIT. However, this is only necessary for a TPM 2 and only if the
TPM2_Shutdown command has not been sent by the client (VM TPM driver) as
the last command as it should do under normal circumstances, for example
upon graceful VM shutdown.

This fixes a bug where abrupt VM resets may trigger the TPM 2's dictionary
attack lockout logic due to the TPM 2 not having received a TPM2_Shutdown
command before it was reset using CMD_INIT for example. An OS driver is
typically supposed to send a TPM2_Shutdown to the TPM 2 but an abrupt VM
reset prevents it.

There are 3 control commands where this needs to be done since they
call TPMLIB_Terminate():

- CMD_STOP:
   This command is typically called before setting the state blobs of the
   TPM or before configuring the buffer size [QEMU, test cases].

- CMD_INIT:
   This command is called for resetting and initializing the TPM 2.

- CMD_SHUTDOWN:
   This command is called for a graceful shutdown of the TPM 2.

There are no negative side effects to be expected if TPM2_Shutdown()
is sent before any of these. Also, since none of these are sent before
the state of the TPM is marshalled (for migration for example) migrated
state will not have a TPM2_Shutdown() applied to it (accidentally).

Edk2 sends a sequence of TPM2_Shutdown(SU_STATE) + TPM2_GetRandom()
before suspend-to-ram. Upon wake up a CMD_INIT is sent to the TPM to
reset it, which in this case now requires a TPM2_Shutdown(SU_STATE)
to be sent to the TPM 2 so that certain TPM 2 state is available
again upon resume. To avoid invaliding the SU_STATE, first send a
TPM2_Shutdown(SU_STATE) in *all cases* and only if this fails send a
TPM2_Shutdown(SU_CLEAR). This way the internal state is preserved and
the VM (or user) are expected to use TPM2_Startup(SU_CLEAR) when
staring up the TPM 2 and no previous state needs to be resumed.

Note: The VM's firmware is trusted to use SU_CLEAR under normal circum-
stances and SU_STATE upon resume. So it wouldn't restore the state if
it wasn't needed.

Note: The TPM 2 spec describes the command as follows:

"This command is used to prepare the TPM for a power cycle. The
shutdownType parameter indicates how the subsequent TPM2_Startup() will be
processed.[...]
This command saves TPM state but does not change the state other than the
internal indication that the context has been saved. The TPM shall
continue to accept commands. If a subsequent command changes TPM state
saved by this command, then the effect of this command is nullified. The
TPM MAY nullify this command for any subsequent command rather than check
whether the command changed state saved by this command. If this command
is nullified and if no TPM2_Shutdown() occurs before the next
TPM2_Startup(), then the next TPM2_Startup() shall be
TPM2_Startup(CLEAR)."

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2087538
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2022-08-18 09:50:16 -04:00
.github/ISSUE_TEMPLATE Update bug_report.md 2021-10-02 11:18:02 -04:00
debian debian: Add swtpm apparmor profile 2022-05-05 20:58:30 -04:00
include build-sys: Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin) 2022-04-04 11:45:36 -04:00
man swtpm: If necessary send TPM2_Shutdown() before TPMLIB_Terminate() 2022-08-18 09:50:16 -04:00
samples swtpm_setup: Write active_pcr_banks into swtpm_setup.conf 2021-10-29 15:36:35 -04:00
src swtpm: If necessary send TPM2_Shutdown() before TPMLIB_Terminate() 2022-08-18 09:50:16 -04:00
tests tests: Remove dump of logfile at end of test 2022-08-11 15:02:25 -04:00
.gitignore gitignore: Ignore created files in man/man5/ 2022-06-28 07:55:20 -04:00
.travis.yml Travis: Remove python3-twisted package from being installed 2021-09-20 07:25:53 -04:00
autogen.sh build-sys: Create m4 directory on older systems 2018-12-15 10:06:03 -05:00
CHANGES CHANGES: Add more documentation for changes in 0.7.0 2021-11-09 10:49:45 -05:00
configure.ac configure: check for bash 2022-07-12 13:47:36 -04:00
COPYING initial check-in 2014-12-05 11:16:03 -05:00
DCO1.1.txt Replace the CLA with the DCO, simply requiring a Signed-off-by: 2016-12-21 11:11:48 -05:00
INSTALL docs: Update INSTALL document 2021-07-21 09:04:24 -04:00
LICENSE swtpm: Replace the CUSE TPM with the new implementation 2015-12-07 15:01:57 -05:00
Makefile.am build-sys: Move regex to test PCR banks into configure script 2021-11-08 09:03:44 -05:00
README docu: Cut down the README to its minimum 2018-09-24 17:48:41 -04:00
run_tests tests: Run all tests again in run_test 2020-04-07 17:14:10 -04:00
swtpm.spec Move *.conf and *.options to man5 2021-11-22 18:30:17 -05:00
swtpm.spec.in Move *.conf and *.options to man5 2021-11-22 18:30:17 -05:00
TODO Adding RHEL/Centos status info 2016-06-26 20:03:43 -04:00

README 

SWTPM - Software TPM Emulator
      David Safford safford@us.ibm.com
      Stefan Berger stefanb@us.ibm.com

The SWTPM package provides TPM emulators with different front-end interfaces
to libtpms. TPM emulators provide socket interfaces (TCP/IP and Unix) and
the Linux CUSE interface for the creation of multiple native /dev/vtpm* devices.

The SWTPM package also provides several tools for using the TPM emulator,
creating certificates for a TPM, and simulating the manufacturing of
a TPM by creating a TPM's EK and platform certificates etc. Please read 
the READMEs in the individual tool's directory under src/.

Please consult the Wiki for information about swtpm:

   https://github.com/stefanberger/swtpm/wiki