Skip to content

Commit

Permalink
cuse: Move display of help screen into function
Browse files Browse the repository at this point in the history 
Move the display of the help screen into its own function to be able
to usage fprintf with the help screen as format string to avoid static
analyzer warnings.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
  • Loading branch information
@stefanberger
stefanberger committed Oct 8, 2024
1 parent 7b2ee0e commit f29b870
Showing 1 changed file with 78 additions and 75 deletions.
153 changes: 78 additions & 75 deletions src/swtpm/cuse_tpm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,85 +210,88 @@ typedef struct TPM_Response_Header {

/*********************************** data *************************************/

static const char *usage =
"usage: %s %s [options]\n"
"\n"
"The following options are supported:\n"
"\n"
"-n NAME|--name=NAME : device name (mandatory)\n"
"-M MAJ|--maj=MAJ : device major number\n"
"-m MIN|--min=MIN : device minor number\n"
"--key file=<path>|fd=<fd>[,mode=aes-cbc|aes-256-cbc][,format=hex|binary][,remove=[true|false]]\n"
" : use an AES key for the encryption of the TPM's state\n"
" files; use the given mode for the block encryption;\n"
" the key is to be provided as a hex string or in binary\n"
" format; the keyfile can be automatically removed using\n"
" the remove parameter\n"
"--key pwdfile=<path>|pwdfd=<fd>[,mode=aes-cbc|aes-256-cbc][,remove=[true|false]][,kdf=sha512|pbkdf2]\n"
" : provide a passphrase in a file; the AES key will be\n"
" derived from this passphrase; default kdf is PBKDF2\n"
"--locality [reject-locality-4][,allow-set-locality]\n"
" : reject-locality-4: reject any command in locality 4\n"
" allow-set-locality: accept SetLocality command\n"
"--migration-key file=<path>|fd=<fd>[,mode=aes-cbc|aes-256-cbc][,format=hex|binary][,remove=[true|false]]\n"
" : use an AES key for the encryption of the TPM's state\n"
" when it is retrieved from the TPM via ioctls;\n"
" Setting this key ensures that the TPM's state will always\n"
" be encrypted when migrated\n"
"--migration-key pwdfile=<path>|pwdfd=<fd>[,mode=aes-cbc|aes-256-cbc][,remove=[true|false]][,kdf=sha512|pbkdf2]\n"
" : provide a passphrase in a file; the AES key will be\n"
" derived from this passphrase; default kdf is PBKDF2\n"
"--log file=<path>|fd=<filedescriptor>[,level=n][,prefix=<prefix>][,truncate]\n"
" : write the TPM's log into the given file rather than\n"
" to the console; provide '-' for path to avoid logging\n"
" log level 5 and higher will enable libtpms logging;\n"
" all logged output will be prefixed with prefix;\n"
" the log file can be reset (truncate)\n"
"--pid file=<path>|fd=<filedescriptor>\n"
" : write the process ID into the given file\n"
"--tpmstate dir=<dir>[,mode=0...]|backend-uri=<uri>\n"
" : set the directory or uri where the TPM's state will be written\n"
" into; the TPM_PATH environment variable can be used\n"
" instead of dir option;\n"
" mode allows a user to set the file mode bits of the state\n"
" files; the default mode is 0640;\n"
"--flags [not-need-init][,startup-clear|startup-state|startup-deactivated|startup-none][,disable-auto-shutdown]\n"
" : not-need-init: commands can be sent without needing to\n"
" send an INIT via control channel;\n"
" startup-...: send Startup command with this type;\n"
" disable-auto-shutdown disables automatic sending of\n"
" TPM2_Shutdown before TPM 2 reset or swtpm termination;\n"
"-r|--runas <user> : after creating the CUSE device, change to the given\n"
" user\n"
"-R|--chroot <path> : chroot to the given directory at startup\n"
"--tpm2 : choose TPM2 functionality\n"
static void usage(FILE *file, const char *prgname, const char *iface)
{
fprintf(file,
"usage: %s %s [options]\n"
"\n"
"The following options are supported:\n"
"\n"
"-n NAME|--name=NAME : device name (mandatory)\n"
"-M MAJ|--maj=MAJ : device major number\n"
"-m MIN|--min=MIN : device minor number\n"
"--key file=<path>|fd=<fd>[,mode=aes-cbc|aes-256-cbc][,format=hex|binary][,remove=[true|false]]\n"
" : use an AES key for the encryption of the TPM's state\n"
" files; use the given mode for the block encryption;\n"
" the key is to be provided as a hex string or in binary\n"
" format; the keyfile can be automatically removed using\n"
" the remove parameter\n"
"--key pwdfile=<path>|pwdfd=<fd>[,mode=aes-cbc|aes-256-cbc][,remove=[true|false]][,kdf=sha512|pbkdf2]\n"
" : provide a passphrase in a file; the AES key will be\n"
" derived from this passphrase; default kdf is PBKDF2\n"
"--locality [reject-locality-4][,allow-set-locality]\n"
" : reject-locality-4: reject any command in locality 4\n"
" allow-set-locality: accept SetLocality command\n"
"--migration-key file=<path>|fd=<fd>[,mode=aes-cbc|aes-256-cbc][,format=hex|binary][,remove=[true|false]]\n"
" : use an AES key for the encryption of the TPM's state\n"
" when it is retrieved from the TPM via ioctls;\n"
" Setting this key ensures that the TPM's state will always\n"
" be encrypted when migrated\n"
"--migration-key pwdfile=<path>|pwdfd=<fd>[,mode=aes-cbc|aes-256-cbc][,remove=[true|false]][,kdf=sha512|pbkdf2]\n"
" : provide a passphrase in a file; the AES key will be\n"
" derived from this passphrase; default kdf is PBKDF2\n"
"--log file=<path>|fd=<filedescriptor>[,level=n][,prefix=<prefix>][,truncate]\n"
" : write the TPM's log into the given file rather than\n"
" to the console; provide '-' for path to avoid logging\n"
" log level 5 and higher will enable libtpms logging;\n"
" all logged output will be prefixed with prefix;\n"
" the log file can be reset (truncate)\n"
"--pid file=<path>|fd=<filedescriptor>\n"
" : write the process ID into the given file\n"
"--tpmstate dir=<dir>[,mode=0...]|backend-uri=<uri>\n"
" : set the directory or uri where the TPM's state will be written\n"
" into; the TPM_PATH environment variable can be used\n"
" instead of dir option;\n"
" mode allows a user to set the file mode bits of the state\n"
" files; the default mode is 0640;\n"
"--flags [not-need-init][,startup-clear|startup-state|startup-deactivated|startup-none][,disable-auto-shutdown]\n"
" : not-need-init: commands can be sent without needing to\n"
" send an INIT via control channel;\n"
" startup-...: send Startup command with this type;\n"
" disable-auto-shutdown disables automatic sending of\n"
" TPM2_Shutdown before TPM 2 reset or swtpm termination;\n"
"-r|--runas <user> : after creating the CUSE device, change to the given\n"
" user\n"
"-R|--chroot <path> : chroot to the given directory at startup\n"
"--tpm2 : choose TPM2 functionality\n"
#ifdef WITH_SECCOMP
# ifndef SCMP_ACT_LOG
"--seccomp action=none|kill\n"
"--seccomp action=none|kill\n"
# else
"--seccomp action=none|kill|log\n"
"--seccomp action=none|kill|log\n"
# endif
" : Choose the action of the seccomp profile when a\n"
" blacklisted syscall is executed; default is kill\n"
" : Choose the action of the seccomp profile when a\n"
" blacklisted syscall is executed; default is kill\n"
#endif
"--migration [incoming][,release-lock-outgoing]\n"
" : Incoming migration defers locking of storage backend\n"
" until the TPM state is received; release-lock-outgoing\n"
" releases the storage lock on outgoing migration\n"
"--print-capabilities : print capabilities and terminate\n"
"--print-states : print existing TPM states and terminate\n"
"--profile name=<name>|profile=<json-profile>|file=<filename>|fd=<fd>[,remove-disabled=check|fips-host]\n"
" : Set a profile on the TPM 2\n"
" remove-disabled: On the 'custom' profile remove algorithms\n"
" disabled by FIPS mode in OpenSSL; use 'check' to test the\n"
" algorithms first\n"
"--print-profiles\n"
" : print all profiles supported by libtpms\n"
"--print-info <info flags>\n"
" : print information about the TPM and profiles and exit\n"
"-h|--help : display this help screen and terminate\n"
"\n";

"--migration [incoming][,release-lock-outgoing]\n"
" : Incoming migration defers locking of storage backend\n"
" until the TPM state is received; release-lock-outgoing\n"
" releases the storage lock on outgoing migration\n"
"--print-capabilities : print capabilities and terminate\n"
"--print-states : print existing TPM states and terminate\n"
"--profile name=<name>|profile=<json-profile>|file=<filename>|fd=<fd>[,remove-disabled=check|fips-host]\n"
" : Set a profile on the TPM 2\n"
" remove-disabled: On the 'custom' profile remove algorithms\n"
" disabled by FIPS mode in OpenSSL; use 'check' to test the\n"
" algorithms first\n"
"--print-profiles\n"
" : print all profiles supported by libtpms\n"
"--print-info <info flags>\n"
" : print information about the TPM and profiles and exit\n"
"-h|--help : display this help screen and terminate\n"
"\n",
prgname, iface);
}
static TPM_RESULT
ptm_io_getlocality(TPM_MODIFIER_INDICATOR *loc,
uint32_t tpmnum SWTPM_ATTR_UNUSED)
Expand Down Expand Up @@ -1748,7 +1751,7 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
param.profiledata = optarg;
break;
case 'h': /* help */
fprintf(stdout, usage, prgname, iface);
usage(stdout, prgname, iface);
goto exit;
case 'a':
printcapabilities = true;
Expand Down

0 comments on commit f29b870

Please sign in to comment.