Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Depends on tss2-esys >= 2.4 #632

Closed
dkobras opened this issue Dec 4, 2020 · 4 comments · Fixed by #662
Closed

Depends on tss2-esys >= 2.4 #632

dkobras opened this issue Dec 4, 2020 · 4 comments · Fixed by #662

Comments

@dkobras
Copy link
Contributor

dkobras commented Dec 4, 2020

Since the call to Esys_TR_GetTpmHandle() was added to tpm_deserialize_handle() in commit 5b379c0d3996152dfd6f9633b59c2e04e461e038, compiling src/lib/tpm.c fails with versions of tss2-esys before 2.4, whereas the documentation and the configure checks still specify a minimum version of 2.0.

Looking at the code, the function is only used if tpm_deserialize_handle() is called with a non-zero tpmHandle argument. At the moment, this is only true for the call in backend_fapi.c. In other words, rather than just bumping the minimum required version, we might also refactor the code to only include the function call when building with FAPI support, and leave minimum requirements for non-FAPI builds at their currently documented versions.

I'm happy to provide a patch either way, but would appreciate to hear your preference on handling this situation.

(We care about this issue because we'd like to roll out tpm2-pkcs11 on machines running Ubuntu's current LTS release 20.04, which already seems to package sufficiently recent versions for all dependencies, apart from tss2-esys 2.4. Not having to upgrade distro-provided libs would save us a lot of effort.)
@williamcroberts
Copy link
Member

Yeah I prefer things to work with the smallest version possible, so I would take that patch to require a lower version when disabling FAPI backend.

dkobras added a commit to dkobras/tpm2-pkcs11 that referenced this issue Feb 24, 2021
@dkobras
Relax tss2-esys versioned deps for non-FAPI builds
ec0f297 
Commit 5b379c0 introduced a call to Esys_TR_GetTpmHandle() into a common code
path.  This function was only added to tss2-esys in version 2.4, and isn't
readily available in packaged distributions, yet. Only the FAPI backend actually
makes use of the function. Hence, move the call from generic code to the backend
itself, in order to restrict the versioned dependency on tss2-esys >= 2.4 to
FAPI-enabled builds. This change facilitates standard builds of tpm2-pkcs11 on
current distributions.

Fixes: tpm2-software#632

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
@dkobras dkobras mentioned this issue Feb 24, 2021
Merged
dkobras added a commit to dkobras/tpm2-pkcs11 that referenced this issue Feb 24, 2021
@dkobras
Relax tss2-esys versioned deps for non-FAPI builds
c1f916e 
Commit 5b379c0 introduced a call to Esys_TR_GetTpmHandle() into a common code
path.  This function was only added to tss2-esys in version 2.4, and isn't
readily available in packaged distributions, yet. Only the FAPI backend actually
makes use of the function. Hence, move the call from generic code to the backend
itself, in order to restrict the versioned dependency on tss2-esys >= 2.4 to
FAPI-enabled builds. This change facilitates standard builds of tpm2-pkcs11 on
current distributions.

Fixes: tpm2-software#632

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
dkobras added a commit to dkobras/tpm2-pkcs11 that referenced this issue Feb 24, 2021
@dkobras
Relax tss2-esys versioned deps for non-FAPI builds
3bda397 
Commit 5b379c0 introduced a call to Esys_TR_GetTpmHandle() into a common code
path.  This function was only added to tss2-esys in version 2.4, and isn't
readily available in packaged distributions, yet. Only the FAPI backend actually
makes use of the function. Hence, move the call from generic code to the backend
itself, in order to restrict the versioned dependency on tss2-esys >= 2.4 to
FAPI-enabled builds. This change facilitates standard builds of tpm2-pkcs11 on
current distributions.

Fixes: tpm2-software#632

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
dkobras added a commit to dkobras/tpm2-pkcs11 that referenced this issue Feb 24, 2021
@dkobras
Relax tss2-esys versioned deps for non-FAPI builds
2a74726 
Commit 5b379c0 introduced a call to Esys_TR_GetTpmHandle() into a common code
path.  This function was only added to tss2-esys in version 2.4, and isn't
readily available in packaged distributions, yet. Only the FAPI backend actually
makes use of the function. Hence, move the call from generic code to the backend
itself, in order to restrict the versioned dependency on tss2-esys >= 2.4 to
FAPI-enabled builds. This change facilitates standard builds of tpm2-pkcs11 on
current distributions.

Fixes: tpm2-software#632

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
dkobras added a commit to dkobras/tpm2-pkcs11 that referenced this issue Feb 24, 2021
@dkobras
Relax tss2-esys versioned deps for non-FAPI builds
488788f 
Commit 5b379c0 introduced a call to Esys_TR_GetTpmHandle() into a common code
path.  This function was only added to tss2-esys in version 2.4, and isn't
readily available in packaged distributions, yet. Only the FAPI backend
actually makes use of the function. Hence, splice out the call to a separate
function that can be conditionally included. (No matching stub is added for
tss2-esys < 2.4, so dependency errors can be caught already at compile time.)
This change restricts the versioned dependency on tss2-esys >= 2.4 to
FAPI-enabled builds, and thus facilitates standard builds of tpm2-pkcs11 on
current distributions.

Fixes: tpm2-software#632

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
@dkobras
Copy link
Contributor Author

dkobras commented Feb 24, 2021

I finally got around to look into this. I'm not 100% happy with #662, and would have preferred to restrict the 2.4-only call to backend_fapi.c itself, but this not only went against current abstractions in the code, but also created a mess with the mock-up functions for the unit tests. Hence, I went with plan B that does the job without adding too much complexity. With this change, building a working tpm2-pkcs11 module on a current Ubuntu LTS with only packaged dependencies is back to a simple ./configure && make.

williamcroberts pushed a commit that referenced this issue Feb 24, 2021
@dkobras
Relax tss2-esys versioned deps for non-FAPI builds
78df782 
Commit 5b379c0 introduced a call to Esys_TR_GetTpmHandle() into a common code
path.  This function was only added to tss2-esys in version 2.4, and isn't
readily available in packaged distributions, yet. Only the FAPI backend
actually makes use of the function. Hence, splice out the call to a separate
function that can be conditionally included. (No matching stub is added for
tss2-esys < 2.4, so dependency errors can be caught already at compile time.)
This change restricts the versioned dependency on tss2-esys >= 2.4 to
FAPI-enabled builds, and thus facilitates standard builds of tpm2-pkcs11 on
current distributions.

Fixes: #632

Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
@williamcroberts
Copy link
Member

@dkobras I'm assuming you'd like a release off of master for a fix release to just package?

@dkobras
Copy link
Contributor Author

dkobras commented Feb 25, 2021

@dkobras I'm assuming you'd like a release off of master for a fix release to just package?

Thanks! Internally, we've already had a workaround in place. So we're in no hurry, and can just drop our patch once the fix is included in a regular release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Relax tss2-esys versioned deps for non-FAPI builds dkobras/tpm2-pkcs11
2 participants
@williamcroberts @dkobras