Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce structure for PTM_GET_CAPABILITY #929

Merged
merged 4 commits into from
Oct 11, 2024
Merged

Introduce structure for PTM_GET_CAPABILITY #929

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
69f5adb
swtpm: Define a structure to return PTM_GET_CAPABILITY result
stefanberger Oct 11, 2024
a4a8215
swtpm: Use ptm_cap_n to build PTM_GET_CAPABILITY response
stefanberger Oct 11, 2024
df6a125
swtpm_ioctl: Use ptm_cap_n for non-CUSE PTM_GET_CAPABILITY response
stefanberger Oct 11, 2024
05acc03
swtpm: Print message in case error response is too long
stefanberger Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion include/swtpm/tpm_ioctl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,16 @@

typedef uint32_t ptm_res;

/* PTM_GET_CAPABILITY: Get supported capabilities (ioctl's) */
struct ptm_cap_n {
union {
struct {
ptm_res tpm_result; /* will always be TPM_SUCCESS (0) */
uint32_t caps;
} resp; /* response */
} u;
};

/* PTM_GET_TPMESTABLISHED: get the establishment bit */
struct ptm_est {
union {
Expand Down Expand Up @@ -250,7 +260,8 @@ struct ptm_lockstorage {
} u;
};

typedef uint64_t ptm_cap;
typedef uint64_t ptm_cap; /* CUSE-only; use ptm_cap_n otherwise */
typedef struct ptm_cap_n ptm_cap_n;
typedef struct ptm_est ptm_est;
typedef struct ptm_reset_est ptm_reset_est;
typedef struct ptm_loc ptm_loc;
Expand Down
14 changes: 14 additions & 0 deletions man/man3/swtpm_ioctls.pod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,20 @@ The PTM_LOCK_STORAGE ioctl or CMD_LOCK_STORAGE command is supported.

=back

=item B<PTM_GET_CAPABILITY / CMD_GET_CAPABILITY, ptm_cap_n>

The ptm_cap_n data structure can be used for non-CUSE swtpm and
looks as follows:

struct ptm_cap_n {
union {
struct {
ptm_res tpm_result; /* will always be TPM_SUCCESS (0) */
uint32_t caps;
} resp; /* response */
} u;
};

=item B<PTM_INIT / CMD_INIT, ptm_init>

This ioctl must be used to initialize the TPM. It must be sent to the
Expand Down
19 changes: 14 additions & 5 deletions src/swtpm/ctrlchannel.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -438,9 +438,9 @@ static ssize_t ctrlchannel_recv_cmd(int fd,
return recvd;
}

static uint64_t get_ptm_caps_supported(TPMLIB_TPMVersion tpmversion)
static uint32_t get_ptm_caps_supported(TPMLIB_TPMVersion tpmversion)
{
uint64_t caps =
uint32_t caps =
PTM_CAP_INIT
| PTM_CAP_SHUTDOWN
| PTM_CAP_GET_TPMESTABLISHED
Expand Down Expand Up @@ -509,7 +509,7 @@ int ctrlchannel_process_fd(int fd,
int *data_fd = NULL;

/* Write-only */
ptm_cap *ptm_caps = (ptm_cap *)&output.body;
ptm_cap_n *ptm_caps_n = (ptm_cap_n *)&output.body;
ptm_res *res_p = (ptm_res *)&output.body;
ptm_est *te = (ptm_est *)&output.body;
ptm_getconfig *pgc = (ptm_getconfig *)&output.body;
Expand Down Expand Up @@ -552,9 +552,11 @@ int ctrlchannel_process_fd(int fd,

switch (be32toh(input.cmd)) {
case CMD_GET_CAPABILITY:
*ptm_caps = htobe64(get_ptm_caps_supported(mlp->tpmversion));
/* must always succeed */
ptm_caps_n->u.resp.tpm_result = htobe32(TPM_SUCCESS);
ptm_caps_n->u.resp.caps = htobe32(get_ptm_caps_supported(mlp->tpmversion));

out_len = sizeof(*ptm_caps);
out_len = sizeof(*ptm_caps_n);
break;

case CMD_INIT:
Expand Down Expand Up @@ -917,6 +919,13 @@ int ctrlchannel_process_fd(int fd,
send_resp:
SWTPM_PrintAll(" Ctrl Rsp:", " ", output.body, min(out_len, 1024));

/* all error responses must only be 4 bytes long */
if (*res_p != htobe32(TPM_SUCCESS) && out_len != 4) {
logprintf(STDERR_FILENO, "Error: Response too long for cmd=0x%x : %u\n",
be32toh(input.cmd), out_len);
out_len = sizeof(ptm_res);
}

n = write_full(fd, output.body, out_len);
if (n < 0) {
logprintf(STDERR_FILENO,
Expand Down
14 changes: 9 additions & 5 deletions src/swtpm_ioctl/tpm_ioctl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@
#define devtoh32(is_chardev, x) (is_chardev ? x : be32toh(x))
#define htodev32(is_chardev, x) (is_chardev ? x : htobe32(x))

#define devtoh64(is_chardev, x) (is_chardev ? x : be64toh(x))
#define htodev64(is_chardev, x) (is_chardev ? x : htobe64(x))

/* for OpenBSD */
Expand Down Expand Up @@ -926,6 +925,7 @@ int main(int argc, char *argv[])
ptm_reset_est reset_est;
ptm_loc loc;
ptm_cap cap;
ptm_cap_n cap_n;
ptm_res res;
ptm_init init;
ptm_getconfig cfg;
Expand Down Expand Up @@ -1120,17 +1120,21 @@ int main(int argc, char *argv[])
}

if (!strcmp(command, "-c")) {
uint32_t caps;
n = ctrlcmd(fd, PTM_GET_CAPABILITY, &cap, 0, sizeof(cap));
if (n < 0) {
fprintf(stderr,
"Could not execute PTM_GET_CAPABILITY: "
"%s\n", strerror(errno));
goto exit;
}
/* no tpm_result here */
printf("ptm capability is 0x%" PRIx64 "\n",
(uint64_t)devtoh64(is_chardev, cap));

if (is_chardev) {
caps = (uint32_t)cap;
} else {
memcpy(&cap_n, &cap, sizeof(cap_n));
caps = be32toh(cap_n.u.resp.caps);
}
printf("ptm capability is 0x%x\n", caps);
} else if (!strcmp(command, "-i")) {
init.u.req.init_flags = htodev32(is_chardev,
PTM_INIT_FLAG_DELETE_VOLATILE);
Expand Down