What will follow soon are updates to vtpmd, vtpm_manager, xm, xl, mini-os, and new vtpm and vtpm manager stub domains. The first patch I''d like to submit upgrades vtpmd to version 0.7.4 This patch does the following: -add checks to configure to check for cmake (required by berlios 0.7.4) -removes all of the 0.5.1 patches -adds a single patch for 0.7.4 -cleans up the makefile, should work for parallel make (avoiding version.h discussion from august 2012) -builds vtpmd to use berlios 0.7.4 -Remoed the tpm_emualtor build option. berlios itself provides a kernel module if you want to use it in dom0 to emulate the physical tpm. Signed of by: Matthew Fioravante matthew.fioravante@jhuapl.edu diff --git a/tools/configure.ac b/tools/configure.ac --- a/tools/configure.ac +++ b/tools/configure.ac @@ -67,6 +67,7 @@ AC_ARG_VAR([CURL], [Path to curl-config tool]) AC_ARG_VAR([XML], [Path to xml2-config tool]) AC_ARG_VAR([BASH], [Path to bash shell]) AC_ARG_VAR([XGETTEXT], [Path to xgetttext tool]) +AC_ARG_VAR([CMAKE], [Path to cmake binary]) dnl as86, ld86, bcc and iasl are only present in x86* systems case "$host_cpu" in @@ -108,6 +109,9 @@ AS_IF([test "x$pythontools" = "xy"], [ AX_CHECK_PYTHON_VERSION([2], [3]) AX_CHECK_PYTHON_DEVEL() ]) +AS_IF([test "x$vtpm" = "xy"], [ + AX_PATH_PROG_OR_FAIL([CMAKE], [cmake]) +]) AX_PATH_PROG_OR_FAIL([XGETTEXT], [xgettext]) AX_PATH_PROG_OR_FAIL([AS86], [as86]) AX_PATH_PROG_OR_FAIL([LD86], [ld86]) diff --git a/tools/vtpm/Makefile b/tools/vtpm/Makefile --- a/tools/vtpm/Makefile +++ b/tools/vtpm/Makefile @@ -1,19 +1,15 @@ XEN_ROOT = $(CURDIR)/../.. +include $(XEN_ROOT)/tools/Rules.mk -# Base definitions and rules -include $(XEN_ROOT)/tools/vtpm/Rules.mk - -# Dir name for emulator (as dom0 tpm driver) -TPM_EMULATOR_DIR = tpm_emulator # Dir name for vtpm instance VTPM_DIR = vtpm -ORIG_DIR = orig # Emulator tarball name -TPM_EMULATOR_NAME = tpm_emulator-0.5.1 +TPM_EMULATOR_URL = http://download.berlios.de/tpm-emulator +TPM_EMULATOR_NAME = tpm_emulator-0.7.4 TPM_EMULATOR_TARFILE = $(TPM_EMULATOR_NAME).tar.gz -GMP_HEADER = /usr/include/gmp.h +VTPM_PATCH = vtpm-0.7.4.patch .PHONY: all all: build @@ -23,51 +19,34 @@ build: build_sub .PHONY: install install: build - $(MAKE) -C $(VTPM_DIR) $@ + $(INSTALL_PROG) -m 0755 $(VTPM_DIR)/build/tpmd/unix/tpmd $(DESTDIR)$(BINDIR)/vtpmd .PHONY: clean clean: - @if [ -d $(TPM_EMULATOR_DIR) ]; \ - then $(MAKE) -C $(TPM_EMULATOR_DIR) clean; \ - fi - @if [ -d $(VTPM_DIR) ]; \ - then $(MAKE) -C $(VTPM_DIR) clean; \ + @-if [ -d $(VTPM_DIR)/build ]; \ + then $(MAKE) -C $(VTPM_DIR)/build clean; \ fi .PHONY: mrproper mrproper: - rm -f $(TPM_EMULATOR_TARFILE) tpm_emulator.patch.old vtpm.patch.old - rm -rf $(TPM_EMULATOR_DIR) $(VTPM_DIR) $(ORIG_DIR) + rm -f $(TPM_EMULATOR_TARFILE) + rm -rf $(VTPM_DIR) $(ORIG_DIR) # Download Swiss emulator $(TPM_EMULATOR_TARFILE): - wget http://download.berlios.de/tpm-emulator/$(TPM_EMULATOR_TARFILE) + wget $(TPM_EMULATOR_URL)/$(TPM_EMULATOR_TARFILE) # Create vtpm dirs -$(VTPM_DIR)/tpmd/tpmd: $(TPM_EMULATOR_TARFILE) vtpm-0.5.1.patch +$(VTPM_DIR)/build: $(TPM_EMULATOR_TARFILE) $(VTPM_PATCH) rm -rf $(VTPM_DIR) tar -xzf $(TPM_EMULATOR_TARFILE) mv $(TPM_EMULATOR_NAME) $(VTPM_DIR) - set -e; cd $(VTPM_DIR); \ - patch -p1 < ../vtpm-0.5.1.patch; \ - patch -p1 < ../vtpm-0.5.1-LDLIBS.patch - -orig: $(TPM_EMULATOR_TARFILE) - mkdir $(ORIG_DIR); - set -e; cd $(ORIG_DIR); \ - tar -xzf ../$(TPM_EMULATOR_TARFILE); - -updatepatches: clean orig - find $(VTPM_DIR) -name "*.orig" -print | xargs rm -f; - mv vtpm.patch vtpm.patch.old; - diff -uprN $(TPM_EMULATOR_DIR) $(VTPM_DIR) > vtpm.patch || true; + patch -p1 < ../$(VTPM_PATCH); \ + mkdir build; cd build; cmake -DCMAKE_INSTALL_PREFIX=${PREFIX} .. + touch $@ .PHONY: build_sub -build_sub: $(VTPM_DIR)/tpmd/tpmd - set -e; if [ -e $(GMP_HEADER) ]; then \ - $(MAKE) -C $(VTPM_DIR); \ - else \ - echo "=== Unable to build VTPMs. libgmp could not be found."; \ - fi - +build_sub: $(VTPM_DIR)/build + set -e; \ + cd $<; $(MAKE) tpmd diff --git a/tools/vtpm/Rules.mk b/tools/vtpm/Rules.mk --- a/tools/vtpm/Rules.mk +++ /dev/null @@ -1,26 +0,0 @@ -# Base definitions and rules (XEN_ROOT must be defined in including Makefile) -include $(XEN_ROOT)/tools/Rules.mk - -# -# Tool definitions -# - -# General compiler flags -CFLAGS = -Werror -g3 - -# Generic project files -HDRS = $(wildcard *.h) -SRCS = $(wildcard *.c) -OBJS = $(patsubst %.c,%.o,$(SRCS)) - -# Generic (non-header) dependencies -$(SRCS): Makefile $(XEN_ROOT)/tools/Rules.mk $(XEN_ROOT)/tools/vtpm/Rules.mk - -$(OBJS): $(SRCS) - --include $(DEPS) - -BUILD_EMULATOR = y - -# Make sure these are just rules -.PHONY : all build install clean diff --git a/tools/vtpm/tpm_emulator.patch b/tools/vtpm/tpm_emulator.patch --- a/tools/vtpm/tpm_emulator.patch +++ /dev/null @@ -1,1919 +0,0 @@ -diff -uprN orig/tpm_emulator-0.4/AUTHORS tpm_emulator/AUTHORS ---- orig/tpm_emulator-0.4/AUTHORS 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/AUTHORS 2006-07-24 14:35:35.000000000 -0700 -@@ -1,2 +1,3 @@ - Mario Strasser <mast@gmx.net> - Heiko Stamer <stamer@gaos.org> [DAA] -+INTEL Corp <> [Dropped to Ring3] -diff -uprN orig/tpm_emulator-0.4/ChangeLog tpm_emulator/ChangeLog ---- orig/tpm_emulator-0.4/ChangeLog 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/ChangeLog 2006-07-24 14:35:35.000000000 -0700 -@@ -1,3 +1,6 @@ -+????-??-?? Intel Corp -+ * Moved module out of kernel to run as a ring 3 app -+ - 2006-06-23 Mario Strasser <mast@gmx.net> - * tpm_startup.c: behaviour of ST_CLEAR and storage of - persistent data adapted -diff -uprN orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c tpm_emulator/crypto/gmp_kernel_wrapper.c ---- orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/crypto/gmp_kernel_wrapper.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -24,15 +25,10 @@ int __gmp_junk; - void __attribute__ ((regparm(0))) __gmp_assert_fail(const char *filename, - int linenum, const char *expr) - { -- panic(KERN_CRIT TPM_MODULE_NAME "%s:%d: GNU MP assertion failed: %s\n", -+ error("%s:%d: GNU MP assertion failed: %s\n", - filename, linenum, expr); - } - --void __attribute__ ((regparm(0))) abort(void) --{ -- panic(KERN_CRIT TPM_MODULE_NAME "GNU MP abort() was called\n"); --} -- - /* overwrite GNU MP random functions (used by mpz/millerrabin.c) */ - - void __attribute__ ((regparm(0))) gmp_randinit(gmp_randstate_t rstate, -@@ -77,20 +73,19 @@ void __attribute__ ((regparm(0))) mpz_ur - - void __attribute__ ((regparm(0))) *kernel_allocate(size_t size) - { -- void *ret = (void*)kmalloc(size, GFP_KERNEL); -- if (!ret) panic(KERN_CRIT TPM_MODULE_NAME -- "GMP: cannot allocate memory (size=%u)\n", size); -+ void *ret = (void*)malloc(size); -+ if (!ret) error("GMP: cannot allocate memory (size=%Zu)\n", size); - return ret; - } - - void __attribute__ ((regparm(0))) *kernel_reallocate(void *oldptr, - size_t old_size, size_t new_size) - { -- void *ret = (void*)kmalloc(new_size, GFP_KERNEL); -- if (!ret) panic(KERN_CRIT TPM_MODULE_NAME "GMP: Cannot reallocate memory " -- "(old_size=%u new_size=%u)\n", old_size, new_size); -+ void *ret = (void*)malloc(new_size); -+ if (!ret) error("GMP: Cannot reallocate memory " -+ "(old_size=%Zu new_size=%Zu)\n", old_size, new_size); - memcpy(ret, oldptr, old_size); -- kfree(oldptr); -+ free(oldptr); - return ret; - } - -@@ -99,7 +94,7 @@ void __attribute__ ((regparm(0))) kernel - /* overwrite used memory */ - if (blk_ptr != NULL) { - memset(blk_ptr, 0, blk_size); -- kfree(blk_ptr); -+ free(blk_ptr); - } - } - -diff -uprN orig/tpm_emulator-0.4/crypto/rsa.c tpm_emulator/crypto/rsa.c ---- orig/tpm_emulator-0.4/crypto/rsa.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/crypto/rsa.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -381,7 +382,7 @@ static int encode_message(int type, uint - msg[0] = 0x00; - get_random_bytes(&msg[1], SHA1_DIGEST_LENGTH); - sha1_init(&ctx); -- sha1_update(&ctx, "TCPA", 4); -+ sha1_update(&ctx, (uint8_t *) "TCPA", 4); - sha1_final(&ctx, &msg[1 + SHA1_DIGEST_LENGTH]); - memset(&msg[1 + 2 * SHA1_DIGEST_LENGTH], 0x00, - msg_len - data_len - 2 * SHA1_DIGEST_LENGTH - 2); -@@ -429,7 +430,7 @@ static int decode_message(int type, uint - mask_generation(&msg[1], SHA1_DIGEST_LENGTH, - &msg[1 + SHA1_DIGEST_LENGTH], msg_len - SHA1_DIGEST_LENGTH - 1); - sha1_init(&ctx); -- sha1_update(&ctx, "TCPA", 4); -+ sha1_update(&ctx, (uint8_t *) "TCPA", 4); - sha1_final(&ctx, &msg[1]); - if (memcmp(&msg[1], &msg[1 + SHA1_DIGEST_LENGTH], - SHA1_DIGEST_LENGTH) != 0) return -1; -diff -uprN orig/tpm_emulator-0.4/linux_module.c tpm_emulator/linux_module.c ---- orig/tpm_emulator-0.4/linux_module.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/linux_module.c 1969-12-31 16:00:00.000000000 -0800 -@@ -1,195 +0,0 @@ --/* Software-Based Trusted Platform Module (TPM) Emulator for Linux -- * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -- * -- * This module is free software; you can redistribute it and/or modify -- * it under the terms of the GNU General Public License as published -- * by the Free Software Foundation; either version 2 of the License, -- * or (at your option) any later version. -- * -- * This module is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- * GNU General Public License for more details. -- * -- * $Id: linux_module.c 91 2006-03-13 13:51:41Z mast $ -- */ -- --#include <linux/module.h> --#include <linux/kernel.h> --#include <linux/init.h> --#include <linux/miscdevice.h> --#include <linux/poll.h> --#include "linux_module.h" --#include "tpm/tpm_emulator.h" -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Mario Strasser <mast@gmx.net>"); --MODULE_DESCRIPTION("Trusted Platform Module (TPM) Emulator"); --MODULE_SUPPORTED_DEVICE(TPM_DEVICE_NAME); -- --/* module startup parameters */ --char *startup = "save"; --module_param(startup, charp, 0444); --MODULE_PARM_DESC(startup, " Sets the startup mode of the TPM. " -- "Possible values are ''clear'', ''save'' (default) and ''deactivated."); --char *storage_file = "/var/tpm/tpm_emulator-1.2.0.2"; --module_param(storage_file, charp, 0644); --MODULE_PARM_DESC(storage_file, " Sets the persistent-data storage " -- "file of the TPM."); -- --/* TPM lock */ --static struct semaphore tpm_mutex; -- --/* TPM command response */ --static struct { -- uint8_t *data; -- uint32_t size; --} tpm_response; -- --/* module state */ --#define STATE_IS_OPEN 0 --static uint32_t module_state; --static struct timespec old_time; -- --static int tpm_open(struct inode *inode, struct file *file) --{ -- debug("%s()", __FUNCTION__); -- if (test_and_set_bit(STATE_IS_OPEN, (void*)&module_state)) return -EBUSY; -- return 0; --} -- --static int tpm_release(struct inode *inode, struct file *file) --{ -- debug("%s()", __FUNCTION__); -- clear_bit(STATE_IS_OPEN, (void*)&module_state); -- down(&tpm_mutex); -- if (tpm_response.data != NULL) { -- kfree(tpm_response.data); -- tpm_response.data = NULL; -- } -- up(&tpm_mutex); -- return 0; --} -- --static ssize_t tpm_read(struct file *file, char *buf, size_t count, loff_t *ppos) --{ -- debug("%s(%d)", __FUNCTION__, count); -- down(&tpm_mutex); -- if (tpm_response.data != NULL) { -- count = min(count, (size_t)tpm_response.size - (size_t)*ppos); -- count -= copy_to_user(buf, &tpm_response.data[*ppos], count); -- *ppos += count; -- if ((size_t)tpm_response.size == (size_t)*ppos) { -- kfree(tpm_response.data); -- tpm_response.data = NULL; -- } -- } else { -- count = 0; -- } -- up(&tpm_mutex); -- return count; --} -- --static ssize_t tpm_write(struct file *file, const char *buf, size_t count, loff_t *ppos) --{ -- debug("%s(%d)", __FUNCTION__, count); -- down(&tpm_mutex); -- *ppos = 0; -- if (tpm_response.data != NULL) kfree(tpm_response.data); -- if (tpm_handle_command(buf, count, &tpm_response.data, -- &tpm_response.size) != 0) { -- count = -EILSEQ; -- tpm_response.data = NULL; -- } -- up(&tpm_mutex); -- return count; --} -- --#define TPMIOC_CANCEL _IO(''T'', 0x00) --#define TPMIOC_TRANSMIT _IO(''T'', 0x01) -- --static int tpm_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) --{ -- debug("%s(%d, %p)", __FUNCTION__, cmd, (char*)arg); -- if (cmd == TPMIOC_TRANSMIT) { -- uint32_t count = ntohl(*(uint32_t*)(arg + 2)); -- down(&tpm_mutex); -- if (tpm_response.data != NULL) kfree(tpm_response.data); -- if (tpm_handle_command((char*)arg, count, &tpm_response.data, -- &tpm_response.size) == 0) { -- tpm_response.size -= copy_to_user((char*)arg, tpm_response.data, -- tpm_response.size); -- kfree(tpm_response.data); -- tpm_response.data = NULL; -- } else { -- tpm_response.size = 0; -- tpm_response.data = NULL; -- } -- up(&tpm_mutex); -- return tpm_response.size; -- } -- return -1; --} -- --struct file_operations fops = { -- .owner = THIS_MODULE, -- .open = tpm_open, -- .release = tpm_release, -- .read = tpm_read, -- .write = tpm_write, -- .ioctl = tpm_ioctl, --}; -- --static struct miscdevice tpm_dev = { -- .minor = TPM_DEVICE_MINOR, -- .name = TPM_DEVICE_NAME, -- .fops = &fops, --}; -- --int __init init_tpm_module(void) --{ -- int res = misc_register(&tpm_dev); -- if (res != 0) { -- error("misc_register() failed for minor %d\n", TPM_DEVICE_MINOR); -- return res; -- } -- /* initialize variables */ -- sema_init(&tpm_mutex, 1); -- module_state = 0; -- tpm_response.data = NULL; -- old_time = current_kernel_time(); -- /* initialize TPM emulator */ -- if (!strcmp(startup, "clear")) { -- tpm_emulator_init(1); -- } else if (!strcmp(startup, "save")) { -- tpm_emulator_init(2); -- } else if (!strcmp(startup, "deactivated")) { -- tpm_emulator_init(3); -- } else { -- error("invalid startup mode ''%s''; must be ''clear'', " -- "''save'' (default) or ''deactivated", startup); -- misc_deregister(&tpm_dev); -- return -EINVAL; -- } -- return 0; --} -- --void __exit cleanup_tpm_module(void) --{ -- tpm_emulator_shutdown(); -- misc_deregister(&tpm_dev); -- if (tpm_response.data != NULL) kfree(tpm_response.data); --} -- --module_init(init_tpm_module); --module_exit(cleanup_tpm_module); -- --uint64_t tpm_get_ticks(void) --{ -- struct timespec new_time = current_kernel_time(); -- uint64_t ticks = (uint64_t)(new_time.tv_sec - old_time.tv_sec) * 1000000 -- + (new_time.tv_nsec - old_time.tv_nsec) / 1000; -- old_time = new_time; -- return (ticks > 0) ? ticks : 1; --} -- -diff -uprN orig/tpm_emulator-0.4/linux_module.h tpm_emulator/linux_module.h ---- orig/tpm_emulator-0.4/linux_module.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/linux_module.h 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -17,54 +18,62 @@ - #ifndef _LINUX_MODULE_H_ - #define _LINUX_MODULE_H_ - --#include <linux/version.h> --#include <linux/kernel.h> --#include <linux/slab.h> -+#include <malloc.h> -+#include <stdint.h> -+#include <stdio.h> -+#include <string.h> - #include <linux/types.h> --#include <linux/string.h> --#include <linux/random.h> --#include <linux/time.h> --#include <asm/byteorder.h> - --/* module settings */ -+#include <endian.h> -+#define __BYTEORDER_HAS_U64__ -+#ifdef LITTLE_ENDIAN -+ #include <linux/byteorder/little_endian.h> -+#else -+ #include <linux/byteorder/big_endian.h> -+#endif - -+/* module settings */ -+#define min(A,B) ((A)<(B)?(A):(B)) -+#ifndef STR - #define STR(s) __STR__(s) - #define __STR__(s) #s -+#endif - #include "tpm_version.h" - - #define TPM_DEVICE_MINOR 224 - #define TPM_DEVICE_NAME "tpm" - #define TPM_MODULE_NAME "tpm_emulator" - --/* debug and log output functions */ -- - #ifdef DEBUG --#define debug(fmt, ...) printk(KERN_DEBUG "%s %s:%d: Debug: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) - #else - #define debug(fmt, ...) - #endif --#define info(fmt, ...) printk(KERN_INFO "%s %s:%d: Info: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) --#define error(fmt, ...) printk(KERN_ERR "%s %s:%d: Error: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) --#define alert(fmt, ...) printk(KERN_ALERT "%s %s:%d: Alert: " fmt "\n", \ -- TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__) -+#define info(fmt, ...) printf("TPMD: %s:%d: Info: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) -+#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) -+#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \ -+ __FILE__, __LINE__, ## __VA_ARGS__) - - /* memory allocation */ - - static inline void *tpm_malloc(size_t size) - { -- return kmalloc(size, GFP_KERNEL); -+ return malloc(size); - } - - static inline void tpm_free(const void *ptr) - { -- if (ptr != NULL) kfree(ptr); -+ if (ptr != NULL) free( (void *) ptr); - } - - /* random numbers */ - -+//FIXME; -+void get_random_bytes(void *buf, int nbytes); -+ - static inline void tpm_get_random_bytes(void *buf, int nbytes) - { - get_random_bytes(buf, nbytes); -@@ -84,9 +93,9 @@ uint64_t tpm_get_ticks(void); - #define CPU_TO_LE16(x) __cpu_to_le16(x) - - #define BE64_TO_CPU(x) __be64_to_cpu(x) --#define LE64_TO_CPU(x) __be64_to_cpu(x) -+#define LE64_TO_CPU(x) __le64_to_cpu(x) - #define BE32_TO_CPU(x) __be32_to_cpu(x) --#define LE32_TO_CPU(x) __be32_to_cpu(x) -+#define LE32_TO_CPU(x) __le32_to_cpu(x) - #define BE16_TO_CPU(x) __be16_to_cpu(x) - #define LE16_TO_CPU(x) __le16_to_cpu(x) - -diff -uprN orig/tpm_emulator-0.4/Makefile tpm_emulator/Makefile ---- orig/tpm_emulator-0.4/Makefile 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/Makefile 2006-07-24 14:35:35.000000000 -0700 -@@ -1,24 +1,40 @@ - # Software-Based Trusted Platform Module (TPM) Emulator for Linux - # Copyright (C) 2004 Mario Strasser <mast@gmx.net> -+# Copyright (C) 2006 INTEL Corp. - # - # $Id: Makefile 115 2006-06-23 10:36:44Z mast $ - --# kernel settings --KERNEL_RELEASE := $(shell uname -r) --KERNEL_BUILD := /lib/modules/$(KERNEL_RELEASE)/build --MOD_SUBDIR := misc -+COMPILE_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/) - - # module settings --MODULE_NAME := tpm_emulator -+BIN := tpm_emulator - VERSION_MAJOR := 0 - VERSION_MINOR := 4 - VERSION_BUILD := $(shell date +"%s") - --# enable/disable DEBUG messages --EXTRA_CFLAGS += -Wall -DDEBUG -g -+# Installation program and options -+INSTALL = install -+INSTALL_PROG = $(INSTALL) -m0755 -+INSTALL_DIR = $(INSTALL) -d -m0755 -+ -+# Xen tools installation directory -+TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin -+ -+CC := gcc -+CFLAGS += -g -Wall $(INCLUDE) -DDEBUG -+CFLAGS += -I. -Itpm -+ -+# Is the simulator running in it''s own vm? -+#CFLAGS += -DVTPM_MULTI_VM -+ -+ifeq ($(COMPILE_ARCH),x86_64) -+LIBDIR = lib64 -+else -+LIBDIR = lib -+endif - - # GNU MP configuration --GMP_LIB := /usr/lib/libgmp.a -+GMP_LIB := /usr/$(LIBDIR)/libgmp.a - GMP_HEADER := /usr/include/gmp.h - - # sources and objects -@@ -27,38 +43,32 @@ DIRS := . crypto tpm - SRCS := $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.c)) - OBJS := $(patsubst %.c, %.o, $(SRCS)) - SRCS += $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.h)) --DISTSRC := ./README ./AUTHORS ./ChangeLog ./Makefile $(SRCS) --DISTDIR := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR) - --obj-m := $(MODULE_NAME).o --$(MODULE_NAME)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a -+obj-m := $(BIN) -+$(BIN)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a - - EXTRA_CFLAGS += -I$(src) -I$(src)/crypto -I$(src)/tpm - - # do not print "Entering directory ..." - MAKEFLAGS += --no-print-directory - --all: $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version -- @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules -+all: $(BIN) - --install: -- @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules_install -- test -d /var/tpm || mkdir /var/tpm -- test -c /dev/tpm || mknod /dev/tpm c 10 224 -- chmod 666 /dev/tpm -- depmod -a -+$(BIN): $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version $(SRCS) $(OBJS) -+ $(CC) $(CFLAGS) $(OBJS) $(src)/crypto/libgmp.a -o $(BIN) -+ -+%.o: %.c -+ $(CC) $(CFLAGS) -c $< -o $@ -+ -+install: $(BIN) -+ $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) -+ @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi - - clean: -- @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) clean -- rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a -+ rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS) - --dist: $(DISTSRC) -- rm -rf $(DISTDIR) -- mkdir $(DISTDIR) -- cp --parents $(DISTSRC) $(DISTDIR)/ -- rm -f $(DISTDIR)/crypto/gmp.h -- tar -chzf $(DISTDIR).tar.gz $(DISTDIR) -- rm -rf $(DISTDIR) -+mrproper: clean -+ rm -f $(BIN) tpm_version.h - - $(src)/crypto/libgmp.a: - test -f $(src)/crypto/libgmp.a || ln -s $(GMP_LIB) $(src)/crypto/libgmp.a -@@ -88,4 +98,3 @@ version: - @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h - - .PHONY: all install clean dist gmp version -- -diff -uprN orig/tpm_emulator-0.4/README tpm_emulator/README ---- orig/tpm_emulator-0.4/README 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/README 2006-07-24 14:35:35.000000000 -0700 -@@ -13,7 +13,8 @@ $Id: README 113 2006-06-18 12:38:13Z hst - Copyright - -------------------------------------------------------------------------- - Copyright (C) 2004 Mario Strasser <mast@gmx.net> and Swiss Federal --Institute of Technology (ETH) Zurich. -+ Institute of Technology (ETH) Zurich. -+Copyright (C) 2005 INTEL Corp - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -43,6 +44,12 @@ Example: - GMP_LIB := /usr/lib/libgmp.a - GMP_HEADER := /usr/include/gmp.h - -+GNU MP Library on 64 bit Systems -+-------------------------------------------------------------------------- -+Some 64-bit kernels have problems with importing the user-space gmp -+library (/usr/lib*/libgmp.a) into kernel space. These kernels will require -+that the gmp library be recompiled for kernel space with -mcmodel=kernel. -+ - Installation - -------------------------------------------------------------------------- - The compilation and installation process uses the build environment for -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_capability.c tpm_emulator/tpm/tpm_capability.c ---- orig/tpm_emulator-0.4/tpm/tpm_capability.c 2006-06-23 19:37:07.000000000 +0900 -+++ tpm_emulator/tpm/tpm_capability.c 2007-12-28 22:50:19.000000000 +0900 -@@ -701,7 +701,10 @@ TPM_RESULT TPM_GetCapabilityOwner(TPM_VE - TPM_RESULT res; - - info("TPM_GetCapabilityOwner()"); -- -+ -+ if (!tpmData.permanent.flags.owned) { -+ return TPM_NOSRK; -+ } - /* Verify owner authorization */ - res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER); - if (res != TPM_SUCCESS) return res; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c tpm_emulator/tpm/tpm_cmd_handler.c ---- orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c 2006-06-23 19:37:07.000000000 +0900 -+++ tpm_emulator/tpm/tpm_cmd_handler.c 2007-09-12 20:23:00.000000000 +0900 -@@ -565,7 +565,7 @@ static TPM_RESULT execute_TPM_Seal(TPM_R - if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle) - || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth) - || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize) -- || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) -+ || (pcrInfoSize >0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)) - || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize) - || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize) - || len != 0) return TPM_BAD_PARAMETER; -@@ -798,7 +798,7 @@ static TPM_RESULT execute_TPM_Sealx(TPM_ - if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle) - || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth) - || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize) -- || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo) -+ || (pcrInfoSize > 0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)) - || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize) - || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize) - || len != 0) return TPM_BAD_PARAMETER; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_credentials.c tpm_emulator/tpm/tpm_credentials.c ---- orig/tpm_emulator-0.4/tpm/tpm_credentials.c 2006-06-23 19:37:07.000000000 +0900 -+++ tpm_emulator/tpm/tpm_credentials.c 2007-09-12 20:23:30.000000000 +0900 -@@ -47,20 +47,20 @@ int tpm_compute_pubkey_checksum(TPM_NONC - - TPM_RESULT tpm_get_pubek(TPM_PUBKEY *pubEndorsementKey) - { -- UINT32 key_length; -+ size_t key_length; - if (!tpmData.permanent.data.endorsementKey.size) return TPM_NO_ENDORSEMENT; - /* setup TPM_PUBKEY structure */ -- key_length = tpmData.permanent.data.endorsementKey.size; -- pubEndorsementKey->pubKey.keyLength = key_length >> 3; -+ pubEndorsementKey->pubKey.keyLength tpmData.permanent.data.endorsementKey.size >> 3; - pubEndorsementKey->pubKey.key tpm_malloc(pubEndorsementKey->pubKey.keyLength); - if (pubEndorsementKey->pubKey.key == NULL) return TPM_FAIL; - rsa_export_modulus(&tpmData.permanent.data.endorsementKey, -- pubEndorsementKey->pubKey.key, -- &pubEndorsementKey->pubKey.keyLength); -+ pubEndorsementKey->pubKey.key, -+ &key_length); -+ pubEndorsementKey->pubKey.keyLength = key_length; - pubEndorsementKey->algorithmParms.algorithmID = TPM_ALG_RSA; - pubEndorsementKey->algorithmParms.encScheme TPM_ES_RSAESOAEP_SHA1_MGF1; - pubEndorsementKey->algorithmParms.sigScheme = TPM_SS_NONE; -- pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length; -+ pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length << 3; - pubEndorsementKey->algorithmParms.parms.rsa.numPrimes = 2; - pubEndorsementKey->algorithmParms.parms.rsa.exponentSize = 0; - pubEndorsementKey->algorithmParms.parms.rsa.exponent = NULL; -@@ -175,6 +175,7 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_ - { - TPM_RESULT res; - TPM_KEY_DATA *srk = &tpmData.permanent.data.srk; -+ size_t key_length; - info("TPM_OwnerReadInternalPub()"); - /* verify authorization */ - res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, TPM_KH_OWNER); -@@ -186,7 +187,8 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_ - publicPortion->pubKey.key tpm_malloc(publicPortion->pubKey.keyLength); - if (publicPortion->pubKey.key == NULL) return TPM_FAIL; - rsa_export_modulus(&srk->key, publicPortion->pubKey.key, -- &publicPortion->pubKey.keyLength); -+ &key_length); -+ publicPortion->pubKey.keyLength = key_length; - publicPortion->algorithmParms.algorithmID = TPM_ALG_RSA; - publicPortion->algorithmParms.encScheme = srk->encScheme; - publicPortion->algorithmParms.sigScheme = srk->sigScheme; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_crypto.c tpm_emulator/tpm/tpm_crypto.c ---- orig/tpm_emulator-0.4/tpm/tpm_crypto.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_crypto.c 2006-07-24 14:35:35.000000000 -0700 -@@ -182,7 +182,8 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE - TPM_KEY_DATA *cert, *key; - sha1_ctx_t sha1_ctx; - BYTE *buf, *p; -- UINT32 length; -+ UINT32 length32; -+ size_t length; - info("TPM_CertifyKey()"); - /* get keys */ - cert = tpm_get_key(certHandle); -@@ -264,14 +265,15 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE - /* compute the digest of the CERTIFY_INFO[2] structure and sign it */ - length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); - p = buf = tpm_malloc(length); -+ length32=(UINT32) length; - if (buf == NULL -- || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) { -+ || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) { - free_TPM_KEY_PARMS(certifyInfo->algorithmParms); - return TPM_FAIL; - } - length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); - sha1_init(&sha1_ctx); -- sha1_update(&sha1_ctx, buf, length); -+ sha1_update(&sha1_ctx, buf, (size_t) length); - sha1_final(&sha1_ctx, buf); - res = tpm_sign(cert, auth1, FALSE, buf, SHA1_DIGEST_LENGTH, outData, outDataSize); - tpm_free(buf); -@@ -292,7 +294,8 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL - TPM_KEY_DATA *cert, *key; - sha1_ctx_t sha1_ctx; - BYTE *buf, *p; -- UINT32 length; -+ size_t length; -+ UINT32 length32; - info("TPM_CertifyKey2()"); - /* get keys */ - cert = tpm_get_key(certHandle); -@@ -362,8 +365,9 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL - /* compute the digest of the CERTIFY_INFO[2] structure and sign it */ - length = sizeof_TPM_CERTIFY_INFO((*certifyInfo)); - p = buf = tpm_malloc(length); -+ length32 = (UINT32) length; - if (buf == NULL -- || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) { -+ || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) { - free_TPM_KEY_PARMS(certifyInfo->algorithmParms); - return TPM_FAIL; - } -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_daa.c tpm_emulator/tpm/tpm_daa.c ---- orig/tpm_emulator-0.4/tpm/tpm_daa.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_daa.c 2006-07-24 14:35:35.000000000 -0700 -@@ -716,14 +716,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -805,14 +805,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -1489,14 +1489,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -1712,14 +1712,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -1793,14 +1793,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -2918,14 +2918,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -3143,7 +3143,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, - sizeof(session->DAA_session.DAA_digest)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_update(&sha1, inputData1, inputSize1); - sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest); - } -@@ -3172,7 +3172,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, - sizeof(session->DAA_session.DAA_digest)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE*) "\x00", 1); - rsa_export_modulus(&aikData->key, scratch, &size); - sha1_update(&sha1, scratch, size); - sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest); -@@ -3229,14 +3229,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -@@ -3309,14 +3309,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x00", 1); -+ sha1_update(&sha1, (BYTE *) "\x00", 1); - sha1_final(&sha1, scratch); - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, - sizeof(session->DAA_tpmSpecific.DAA_rekey)); - sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, - sizeof(session->DAA_tpmSpecific.DAA_count)); -- sha1_update(&sha1, "\x01", 1); -+ sha1_update(&sha1, (BYTE *) "\x01", 1); - sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH); - mpz_init(f), mpz_init(q); - mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch); -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_data.c tpm_emulator/tpm/tpm_data.c ---- orig/tpm_emulator-0.4/tpm/tpm_data.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_data.c 2006-07-24 14:35:35.000000000 -0700 -@@ -40,6 +40,7 @@ static inline void init_pcr_attr(int pcr - void tpm_init_data(void) - { - /* endorsement key */ -+#ifndef TPM_GENERATE_EK - uint8_t ek_n[] = "\xa8\xdb\xa9\x42\xa8\xf3\xb8\x06\x85\x90\x76\x93\xad\xf7" - "\x74\xec\x3f\xd3\x3d\x9d\xe8\x2e\xff\x15\xed\x0e\xce\x5f\x93" - "\x92\xeb\xd1\x96\x2b\x72\x18\x81\x79\x12\x9d\x9c\x40\xd7\x1a" -@@ -77,6 +78,8 @@ void tpm_init_data(void) - "\xd1\xc0\x8b\x5b\xa2\x2e\xa7\x15\xca\x50\x75\x10\x48\x9c\x2b" - "\x18\xb9\x67\x8f\x5d\x64\xc3\x28\x9f\x2f\x16\x2f\x08\xda\x47" - "\xec\x86\x43\x0c\x80\x99\x07\x34\x0f"; -+#endif -+ - int i; - /* reset all data to NULL, FALSE or 0 */ - memset(&tpmData, 0, sizeof(tpmData)); -@@ -152,44 +155,43 @@ void tpm_release_data(void) - - #ifdef TPM_STORE_TO_FILE - --#include <linux/fs.h> --#include <linux/unistd.h> --#include <asm/uaccess.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <unistd.h> - - #define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." STR(VERSION_MINOR) - - static int write_to_file(uint8_t *data, size_t data_length) - { - int res; -- struct file *fp; -- mm_segment_t old_fs = get_fs(); -- fp = filp_open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -- if (IS_ERR(fp)) return -1; -- set_fs(get_ds()); -- res = fp->f_op->write(fp, data, data_length, &fp->f_pos); -- set_fs(old_fs); -- filp_close(fp, NULL); -+ int fp; -+ fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -+ res = write(fp, data, data_length); -+ close(fp); - return (res == data_length) ? 0 : -1; - } - - static int read_from_file(uint8_t **data, size_t *data_length) - { - int res; -- struct file *fp; -- mm_segment_t old_fs = get_fs(); -- fp = filp_open(TPM_STORAGE_FILE, O_RDONLY, 0); -- if (IS_ERR(fp)) return -1; -- *data_length = (size_t)fp->f_dentry->d_inode->i_size; -- /* *data_length = i_size_read(fp->f_dentry->d_inode); */ -+ int fp, file_status; -+ struct stat file_info; -+ fp = open(TPM_STORAGE_FILE, O_RDONLY, 0); -+ file_status = fstat(fp, &file_info); -+ if (file_status < 0) { -+ close(fp); -+ return -1; -+ } -+ -+ *data_length = file_info.st_size; - *data = tpm_malloc(*data_length); - if (*data == NULL) { -- filp_close(fp, NULL); -+ close(fp); - return -1; - } -- set_fs(get_ds()); -- res = fp->f_op->read(fp, *data, *data_length, &fp->f_pos); -- set_fs(old_fs); -- filp_close(fp, NULL); -+ res = read(fp, *data, *data_length); -+ close(fp); - if (res != *data_length) { - tpm_free(*data); - return -1; -@@ -216,23 +218,30 @@ static int read_from_file(uint8_t **data - int tpm_store_permanent_data(void) - { - uint8_t *buf, *ptr; -- size_t buf_length, len; -+ UINT32 buf_length, len; - - /* marshal data */ -- buf_length = len = sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags) -- + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) + 2 -- + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data); -+ buf_length = len = 4 + sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags) -+ + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) -+ + sizeof_TPM_STANY_FLAGS(tpmData.stany.flags) + 2 -+ + sizeof_TPM_STCLEAR_DATA(tpmData.stclear.data) -+ + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data) -+ + sizeof_TPM_STANY_DATA(tpmData.stany.data); - buf = ptr = tpm_malloc(buf_length); - if (buf == NULL - || tpm_marshal_TPM_VERSION(&ptr, &len, &tpmData.permanent.data.version) - || tpm_marshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags) - || tpm_marshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags) -+ || tpm_marshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags) - || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.selfTestSucceeded) - || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.owned) -- || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) { -+ || tpm_marshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data) -+ || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data) -+ || tpm_marshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) { - tpm_free(buf); - return -1; - } -+ - if (write_to_file(buf, buf_length - len)) { - tpm_free(buf); - return -1; -@@ -244,31 +253,36 @@ int tpm_store_permanent_data(void) - int tpm_restore_permanent_data(void) - { - uint8_t *buf, *ptr; -- size_t buf_length, len; -+ size_t buf_length; -+ UINT32 len; - TPM_VERSION ver; - - /* read data */ - if (read_from_file(&buf, &buf_length)) return -1; - ptr = buf; -- len = buf_length; -+ len = (uint32_t) buf_length; - /* unmarshal data */ - if (tpm_unmarshal_TPM_VERSION(&ptr, &len, &ver) - || memcmp(&ver, &tpmData.permanent.data.version, sizeof(TPM_VERSION)) - || tpm_unmarshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags) - || tpm_unmarshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags) -+ || tpm_unmarshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags) - || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.selfTestSucceeded) - || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.owned) -- || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) { -+ || tpm_unmarshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data) -+ || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data) -+ || tpm_unmarshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) { - tpm_free(buf); - return -1; - } -+ - tpm_free(buf); - return 0; - } - - int tpm_erase_permanent_data(void) - { -- int res = write_to_file("", 0); -+ int res = write_to_file((uint8_t *) "", 0); - return res; - } - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_deprecated.c tpm_emulator/tpm/tpm_deprecated.c ---- orig/tpm_emulator-0.4/tpm/tpm_deprecated.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_deprecated.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -50,7 +51,7 @@ TPM_RESULT TPM_SaveKeyContext(TPM_KEY_HA - BYTE *ptr; - UINT32 len; - info("TPM_SaveKeyContext()"); -- res = TPM_SaveContext(keyHandle, TPM_RT_KEY, "SaveKeyContext..", -+ res = TPM_SaveContext(keyHandle, TPM_RT_KEY, (BYTE*)"SaveKeyContext..", - keyContextSize, &contextBlob); - if (res != TPM_SUCCESS) return res; - len = *keyContextSize; -@@ -82,7 +83,7 @@ TPM_RESULT TPM_SaveAuthContext(TPM_AUTHH - BYTE *ptr; - UINT32 len; - info("TPM_SaveAuthContext()"); -- res = TPM_SaveContext(authHandle, TPM_RT_KEY, "SaveAuthContext.", -+ res = TPM_SaveContext(authHandle, TPM_RT_KEY, (BYTE*)"SaveAuthContext.", - authContextSize, &contextBlob); - if (res != TPM_SUCCESS) return res; - len = *authContextSize; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_emulator.h tpm_emulator/tpm/tpm_emulator.h ---- orig/tpm_emulator-0.4/tpm/tpm_emulator.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_emulator.h 2006-07-24 14:35:35.000000000 -0700 -@@ -1,5 +1,6 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -22,7 +23,8 @@ - /* TPM configuration */ - #define TPM_STORE_TO_FILE 1 - #undef TPM_STRONG_PERSISTENCE --#undef TPM_GENERATE_EK -+//#undef TPM_GENERATE_EK -+#define TPM_GENERATE_EK - #undef TPM_GENERATE_SEED_DAA - - #define TPM_MANUFACTURER 0x4554485A /* ''ETHZ'' */ -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.c tpm_emulator/tpm/tpm_marshalling.c ---- orig/tpm_emulator-0.4/tpm/tpm_marshalling.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_marshalling.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1312,7 +1312,7 @@ int tpm_unmarshal_TPM_STANY_FLAGS(BYTE * - - int tpm_marshal_RSA(BYTE **ptr, UINT32 *length, rsa_private_key_t *v) - { -- UINT32 m_len, e_len, q_len; -+ size_t m_len, e_len, q_len; - if (*length < sizeof_RSA((*v))) return -1; - if (v->size > 0) { - rsa_export_modulus(v, &(*ptr)[6], &m_len); -@@ -1460,6 +1460,66 @@ int tpm_unmarshal_TPM_PERMANENT_DATA(BYT - return 0; - } - -+int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v) -+{ -+ if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag) -+ || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceKey) -+ || tpm_marshal_TPM_COUNT_ID(ptr, length, v->countID) ) return -1; -+ -+ return 0; -+} -+ -+int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v) -+{ -+ if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag) -+ || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceKey) -+ || tpm_unmarshal_TPM_COUNT_ID(ptr, length, &v->countID) ) return -1; -+ -+ return 0; -+} -+ -+int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v) -+{ -+ UINT32 i; -+ if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag) -+ || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceSession) -+ || tpm_marshal_TPM_DIGEST(ptr, length, &v->auditDigest) -+ || tpm_marshal_BOOL(ptr, length, v->auditSession) -+ || tpm_marshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks) -+ || tpm_marshal_UINT32(ptr, length, v->contextCount) -+ || tpm_marshal_UINT32_ARRAY(ptr, length, v->contextList, TPM_MAX_SESSION_LIST)) return -1; -+ for (i = 0; i < TPM_MAX_SESSIONS; i++) { -+ if (tpm_marshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1; -+ } -+ for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) { -+ if (tpm_marshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) return -1; -+ } -+ if (tpm_marshal_TPM_TRANSHANDLE(ptr, length, v->transExclusive)) return -1; -+ -+ return 0; -+} -+ -+int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v) -+{ -+ UINT32 i; -+ if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag) -+ || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceSession) -+ || tpm_unmarshal_TPM_DIGEST(ptr, length, &v->auditDigest) -+ || tpm_unmarshal_BOOL(ptr, length, &v->auditSession) -+ || tpm_unmarshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks) -+ || tpm_unmarshal_UINT32(ptr, length, &v->contextCount) -+ || tpm_unmarshal_UINT32_ARRAY(ptr, length, v->contextList, TPM_MAX_SESSION_LIST)) return -1; -+ for (i = 0; i < TPM_MAX_SESSIONS; i++) { -+ if (tpm_unmarshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1; -+ } -+ for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) { -+ if (tpm_unmarshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) return -1; -+ } -+ if (tpm_unmarshal_TPM_TRANSHANDLE(ptr, length, &v->transExclusive)) return -1; -+ -+ return 0; -+} -+ - int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v) - { - if (tpm_marshal_BYTE(ptr, length, v->type) -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.h tpm_emulator/tpm/tpm_marshalling.h ---- orig/tpm_emulator-0.4/tpm/tpm_marshalling.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_marshalling.h 2006-07-24 14:35:35.000000000 -0700 -@@ -432,6 +432,12 @@ int tpm_unmarshal_TPM_KEY_DATA(BYTE **pt - int tpm_marshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, TPM_PERMANENT_DATA *); - int tpm_unmarshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, TPM_PERMANENT_DATA *); - -+int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v); -+int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA *v); -+ -+int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v); -+int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v); -+ - int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v); - int tpm_unmarshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA *v); - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_owner.c tpm_emulator/tpm/tpm_owner.c ---- orig/tpm_emulator-0.4/tpm/tpm_owner.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_owner.c 2006-07-24 14:35:35.000000000 -0700 -@@ -108,7 +108,7 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO - TPM_RESULT res; - rsa_private_key_t *ek = &tpmData.permanent.data.endorsementKey; - TPM_KEY_DATA *srk = &tpmData.permanent.data.srk; -- UINT32 buf_size = ek->size >> 3; -+ size_t buf_size = ek->size >> 3, key_length; - BYTE buf[buf_size]; - - info("TPM_TakeOwnership()"); -@@ -173,7 +173,8 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO - return TPM_FAIL; - } - rsa_export_modulus(&srk->key, srkPub->pubKey.key, -- &srkPub->pubKey.keyLength); -+ &key_length); -+ srkPub->pubKey.keyLength = (UINT32) key_length; - /* setup tpmProof and set state to owned */ - tpm_get_random_bytes(tpmData.permanent.data.tpmProof.nonce, - sizeof(tpmData.permanent.data.tpmProof.nonce)); -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_startup.c tpm_emulator/tpm/tpm_startup.c ---- orig/tpm_emulator-0.4/tpm/tpm_startup.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_startup.c 2006-07-24 14:35:35.000000000 -0700 -@@ -41,26 +41,29 @@ void TPM_Init(TPM_STARTUP_TYPE startupTy - TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE startupType) - { - int i; -+ int restore_fail; - info("TPM_Startup(%d)", startupType); - if (tpmData.stany.flags.postInitialise == FALSE) return TPM_INVALID_POSTINIT; -- /* reset STANY_FLAGS */ -- SET_TO_ZERO(&tpmData.stany.flags); -- tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS; -- /* reset STANY_DATA (invalidates ALL sessions) */ -- SET_TO_ZERO(&tpmData.stany.data); -- tpmData.stany.data.tag = TPM_TAG_STANY_DATA; -- /* init session-context nonce */ -- SET_TO_RAND(&tpmData.stany.data.contextNonceSession); -+ -+ /* try and restore state to get EK, SRK, etc */ -+ restore_fail = tpm_restore_permanent_data(); -+ - /* set data and flags according to the given startup type */ - if (startupType == TPM_ST_CLEAR) { -- /* if available, restore permanent data */ -- tpm_restore_permanent_data(); -+ /* reset STANY_FLAGS */ -+ SET_TO_ZERO(&tpmData.stany.flags); -+ tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS; -+ /* reset STANY_DATA (invalidates ALL sessions) */ -+ SET_TO_ZERO(&tpmData.stany.data); -+ tpmData.stany.data.tag = TPM_TAG_STANY_DATA; -+ /* init session-context nonce */ -+ SET_TO_RAND(&tpmData.stany.data.contextNonceSession); - /* reset PCR values */ - for (i = 0; i < TPM_NUM_PCR; i++) { -- if (tpmData.permanent.data.pcrAttrib[i].pcrReset) -- SET_TO_ZERO(tpmData.permanent.data.pcrValue[i].digest); -+ if (!tpmData.permanent.data.pcrAttrib[i].pcrReset) -+ SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest); - else -- SET_TO_0xFF(tpmData.permanent.data.pcrValue[i].digest); -+ SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest); - } - /* reset STCLEAR_FLAGS */ - SET_TO_ZERO(&tpmData.stclear.flags); -@@ -79,7 +82,8 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE - /* init key-context nonce */ - SET_TO_RAND(&tpmData.stclear.data.contextNonceKey); - } else if (startupType == TPM_ST_STATE) { -- if (tpm_restore_permanent_data()) { -+ /* restore must have been successful for TPM_ST_STATE */ -+ if (restore_fail) { - error("restoring permanent data failed"); - tpmData.permanent.data.testResult "tpm_restore_permanent_data() failed"; - tpmData.permanent.flags.selfTestSucceeded = FALSE; -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_storage.c tpm_emulator/tpm/tpm_storage.c ---- orig/tpm_emulator-0.4/tpm/tpm_storage.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_storage.c 2006-07-24 14:35:35.000000000 -0700 -@@ -58,6 +58,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke - BYTE *enc, UINT32 *enc_size) - { - UINT32 len; -+ size_t enc_size32 = *enc_size; - BYTE *buf, *ptr; - rsa_public_key_t pub_key; - int scheme; -@@ -72,7 +73,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke - if (buf == NULL - || tpm_marshal_TPM_SEALED_DATA(&ptr, &len, seal) - || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_SEALED_DATA((*seal)), -- enc, enc_size)) { -+ enc, &enc_size32)) { - tpm_free(buf); - rsa_release_public_key(&pub_key); - return -1; -@@ -85,7 +86,8 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke - int decrypt_sealed_data(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, - TPM_SEALED_DATA *seal, BYTE **buf) - { -- UINT32 len; -+ size_t len; -+ UINT32 len32; - BYTE *ptr; - int scheme; - switch (key->encScheme) { -@@ -96,8 +98,12 @@ int decrypt_sealed_data(TPM_KEY_DATA *ke - len = enc_size; - *buf = ptr = tpm_malloc(len); - if (*buf == NULL -- || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) -- || tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len, seal)) { -+ || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ){ -+ tpm_free(*buf); -+ return -1; -+ } -+ len32 = len; -+ if (tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len32, seal)) { - tpm_free(*buf); - return -1; - } -@@ -240,11 +246,12 @@ TPM_RESULT TPM_Unseal(TPM_KEY_HANDLE par - - TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE keyHandle, UINT32 inDataSize, - BYTE *inData, TPM_AUTH *auth1, -- UINT32 *outDataSize, BYTE **outData) -+ UINT32 *outDataSize32, BYTE **outData) - { - TPM_RESULT res; - TPM_KEY_DATA *key; - int scheme; -+ size_t outDataSize; - - info("TPM_UnBind()"); - /* get key */ -@@ -262,8 +269,8 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key - /* the size of the input data muss be greater than zero */ - if (inDataSize == 0) return TPM_BAD_PARAMETER; - /* decrypt data */ -- *outDataSize = inDataSize; -- *outData = tpm_malloc(*outDataSize); -+ outDataSize = inDataSize; -+ *outData = tpm_malloc(outDataSize); - if (*outData == NULL) return TPM_NOSPACE; - switch (key->encScheme) { - case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break; -@@ -271,20 +278,21 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key - default: tpm_free(*outData); return TPM_DECRYPT_ERROR; - } - if (rsa_decrypt(&key->key, scheme, inData, inDataSize, -- *outData, outDataSize)) { -+ *outData, &outDataSize)) { - tpm_free(*outData); - return TPM_DECRYPT_ERROR; - } - /* verify data if it is of type TPM_BOUND_DATA */ - if (key->encScheme == TPM_ES_RSAESOAEP_SHA1_MGF1 - || key->keyUsage != TPM_KEY_LEGACY) { -- if (*outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { -+ if (outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) { - tpm_free(*outData); - return TPM_DECRYPT_ERROR; - } -- *outDataSize -= 5; -- memmove(*outData, &(*outData)[5], *outDataSize); -+ outDataSize -= 5; -+ memmove(*outData, &(*outData)[5], outDataSize); - } -+ *outDataSize32 = (UINT32) outDataSize; - return TPM_SUCCESS; - } - -@@ -334,12 +342,13 @@ int compute_pubkey_digest(TPM_PUBKEY *ke - } - - int encrypt_private_key(TPM_KEY_DATA *key, TPM_STORE_ASYMKEY *store, -- BYTE *enc, UINT32 *enc_size) -+ BYTE *enc, UINT32 *enc_size32) - { - UINT32 len; - BYTE *buf, *ptr; - rsa_public_key_t pub_key; - int scheme; -+ size_t enc_size; - switch (key->encScheme) { - case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break; - case TPM_ES_RSAESPKCSv15: scheme = RSA_ES_PKCSV15; break; -@@ -351,11 +360,12 @@ int encrypt_private_key(TPM_KEY_DATA *ke - if (buf == NULL - || tpm_marshal_TPM_STORE_ASYMKEY(&ptr, &len, store) - || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_STORE_ASYMKEY((*store)), -- enc, enc_size)) { -+ enc, &enc_size)) { - tpm_free(buf); - rsa_release_public_key(&pub_key); - return -1; - } -+ *enc_size32 = (UINT32) enc_size; - tpm_free(buf); - rsa_release_public_key(&pub_key); - return 0; -@@ -364,7 +374,8 @@ int encrypt_private_key(TPM_KEY_DATA *ke - int decrypt_private_key(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, - TPM_STORE_ASYMKEY *store, BYTE **buf) - { -- UINT32 len; -+ UINT32 len32; -+ size_t len; - BYTE *ptr; - int scheme; - switch (key->encScheme) { -@@ -375,8 +386,12 @@ int decrypt_private_key(TPM_KEY_DATA *ke - len = enc_size; - *buf = ptr = tpm_malloc(len); - if (*buf == NULL -- || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) -- || tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len, store)) { -+ || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ) { -+ tpm_free(*buf); -+ return -1; -+ } -+ len32 = (UINT32) len; -+ if (tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len32, store)) { - tpm_free(*buf); - return -1; - } -@@ -394,7 +409,7 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN - TPM_SESSION_DATA *session; - TPM_STORE_ASYMKEY store; - rsa_private_key_t rsa; -- UINT32 key_length; -+ size_t key_length; - - info("TPM_CreateWrapKey()"); - /* get parent key */ -@@ -450,11 +465,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN - } - } - /* generate key and store it */ -- key_length = keyInfo->algorithmParms.parms.rsa.keyLength; -- if (rsa_generate_key(&rsa, key_length)) return TPM_FAIL; -- wrappedKey->pubKey.keyLength = key_length >> 3; -+ if (rsa_generate_key(&rsa, keyInfo->algorithmParms.parms.rsa.keyLength)) -+ return TPM_FAIL; -+ wrappedKey->pubKey.keyLength keyInfo->algorithmParms.parms.rsa.keyLength >> 3; - wrappedKey->pubKey.key = tpm_malloc(wrappedKey->pubKey.keyLength); -- store.privKey.keyLength = key_length >> 4; -+ store.privKey.keyLength keyInfo->algorithmParms.parms.rsa.keyLength >> 4; - store.privKey.key = tpm_malloc(store.privKey.keyLength); - wrappedKey->encDataSize = parent->key.size >> 3; - wrappedKey->encData = tpm_malloc(wrappedKey->encDataSize); -@@ -466,9 +481,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN - tpm_free(wrappedKey->encData); - return TPM_NOSPACE; - } -- rsa_export_modulus(&rsa, wrappedKey->pubKey.key, -- &wrappedKey->pubKey.keyLength); -- rsa_export_prime1(&rsa, store.privKey.key, &store.privKey.keyLength); -+ rsa_export_modulus(&rsa, wrappedKey->pubKey.key, -+ &key_length); -+ wrappedKey->pubKey.keyLength = (UINT32) key_length; -+ rsa_export_prime1(&rsa, store.privKey.key, &key_length); -+ store.privKey.keyLength = (UINT32) key_length; - rsa_release_private_key(&rsa); - /* compute the digest of the wrapped key (without encData) */ - if (compute_key_digest(wrappedKey, &store.pubDataDigest)) { -@@ -602,6 +619,7 @@ TPM_RESULT TPM_LoadKey2(TPM_KEY_HANDLE p - - int tpm_setup_key_parms(TPM_KEY_DATA *key, TPM_KEY_PARMS *parms) - { -+ size_t key_length; - parms->algorithmID = TPM_ALG_RSA; - parms->encScheme = key->encScheme; - parms->sigScheme = key->sigScheme; -@@ -611,7 +629,8 @@ int tpm_setup_key_parms(TPM_KEY_DATA *ke - parms->parms.rsa.exponent = tpm_malloc(parms->parms.rsa.exponentSize); - if (parms->parms.rsa.exponent == NULL) return -1; - rsa_export_exponent(&key->key, parms->parms.rsa.exponent, -- &parms->parms.rsa.exponentSize); -+ &key_length); -+ parms->parms.rsa.exponentSize = (UINT32) key_length; - parms->parmSize = 12 + parms->parms.rsa.exponentSize; - return 0; - } -@@ -622,6 +641,7 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE - TPM_RESULT res; - TPM_KEY_DATA *key; - TPM_DIGEST digest; -+ size_t key_length; - info("TPM_GetPubKey()"); - /* get key */ - if (keyHandle == TPM_KH_SRK -@@ -650,8 +670,8 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE - pubKey->pubKey.keyLength = key->key.size >> 3; - pubKey->pubKey.key = tpm_malloc(pubKey->pubKey.keyLength); - if (pubKey->pubKey.key == NULL) return TPM_NOSPACE; -- rsa_export_modulus(&key->key, pubKey->pubKey.key, -- &pubKey->pubKey.keyLength); -+ rsa_export_modulus(&key->key, pubKey->pubKey.key, &key_length); -+ pubKey->pubKey.keyLength = (UINT32) key_length; - if (tpm_setup_key_parms(key, &pubKey->algorithmParms) != 0) { - error("TPM_GetPubKey(): tpm_setup_key_parms() failed."); - tpm_free(pubKey->pubKey.key); -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_structures.h tpm_emulator/tpm/tpm_structures.h ---- orig/tpm_emulator-0.4/tpm/tpm_structures.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_structures.h 2006-07-24 14:35:35.000000000 -0700 -@@ -1958,6 +1958,7 @@ typedef struct tdTPM_DAA_ISSUER { - TPM_DIGEST DAA_digest_gamma; - BYTE DAA_generic_q[26]; - } TPM_DAA_ISSUER; -+#define sizeof_TPM_DAA_ISSUER(s) (2 + (20 * 6) + 26 ) - - /* - * TPM_DAA_TPM ([TPM_Part2], Section 22.4) -@@ -1973,6 +1974,7 @@ typedef struct tdTPM_DAA_TPM { - TPM_DIGEST DAA_rekey; - UINT32 DAA_count; - } TPM_DAA_TPM; -+#define sizeof_TPM_DAA_TPM(s) (2 + (4 * 20) + 4) - - /* - * TPM_DAA_CONTEXT ([TPM_Part2], Section 22.5) -@@ -1987,6 +1989,7 @@ typedef struct tdTPM_DAA_CONTEXT { - BYTE DAA_scratch[256]; - BYTE DAA_stage; - } TPM_DAA_CONTEXT; -+#define sizeof_TPM_DAA_CONTEXT(s) (2 + (3 * 20) + 256 + 1) - - /* - * TPM_DAA_JOINDATA ([TPM_Part2], Section 22.6) -@@ -1998,6 +2001,7 @@ typedef struct tdTPM_DAA_JOINDATA { - BYTE DAA_join_u1[138]; - TPM_DIGEST DAA_digest_n0; - } TPM_DAA_JOINDATA; -+#define sizeof_TPM_DAA_JOINDATA(s) (1 + 1 + 20) - - /* - * TPM_DAA_BLOB ([TPM_Part2], Section 22.8) -@@ -2202,6 +2206,7 @@ typedef struct tdTPM_STCLEAR_DATA { - //UINT32 ownerReference; - //BOOL disableResetLock; - } TPM_STCLEAR_DATA; -+#define sizeof_TPM_STCLEAR_DATA(s) (2 + 20 + 4) - - /* - * TPM_SESSION_DATA -@@ -2238,6 +2243,11 @@ typedef struct tdTPM_DAA_SESSION_DATA { - TPM_DAA_JOINDATA DAA_joinSession; - TPM_HANDLE handle; - } TPM_DAA_SESSION_DATA; -+#define sizeof_TPM_DAA_SESSION_DATA(s) ( 1 \ -+ + sizeof_TPM_DAA_ISSUER(s.DAA_issuerSettings) \ -+ + sizeof_TPM_DAA_TPM(s.DAA_tpmSpecific) \ -+ + sizeof_TPM_DAA_CONTEXT(s.DAA_session) \ -+ + sizeof_TPM_DAA_JOINDATA(s.DAA_joinSession) + 4) - - /* - * TPM_STANY_DATA ([TPM_Part2], Section 7.6) -@@ -2262,6 +2272,11 @@ typedef struct tdTPM_STANY_DATA { - TPM_DAAHANDLE currentDAA; - TPM_TRANSHANDLE transExclusive; - } TPM_STANY_DATA; -+#define sizeof_TPM_STANY_DATA(s) (2 + 20 + 20 + 1 \ -+ + sizeof_TPM_CURRENT_TICKS(s.currentTicks) \ -+ + 4 + (4 * TPM_MAX_SESSION_LIST) \ -+ + (sizeof_TPM_SESSION_DATA(s.sessions[0]) * TPM_MAX_SESSION_LIST) \ -+ + (sizeof_TPM_DAA_SESSION_DATA(s.sessionsDAA[0]) * TPM_MAX_SESSIONS_DAA) + 4) - - /* - * TPM_DATA -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_testing.c tpm_emulator/tpm/tpm_testing.c ---- orig/tpm_emulator-0.4/tpm/tpm_testing.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_testing.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -95,24 +96,24 @@ static int tpm_test_sha1(void) - struct { - uint8_t *data; uint32_t repetitions; uint8_t *digest; - } test_cases[] = {{ -- "abc", 1, -- "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" -+ (uint8_t*)"abc", 1, -+ (uint8_t*)"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" - }, { -- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -- "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" -+ (uint8_t*)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, -+ (uint8_t*)"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" - }, { -- "a", 1000000, -- "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" -+ (uint8_t*)"a", 1000000, -+ (uint8_t*)"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" - }, { -- "0123456701234567012345670123456701234567012345670123456701234567", 10, -- "\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52" -+ (uint8_t*)"0123456701234567012345670123456701234567012345670123456701234567", 10, -+ (uint8_t*)"\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52" - }}; - - debug("tpm_test_sha1()"); - for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { - sha1_init(&ctx); - for (j = 0; j < test_cases[i].repetitions; j++) -- sha1_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); -+ sha1_update(&ctx, test_cases[i].data, strlen((char*)test_cases[i].data)); - sha1_final(&ctx, digest); - if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return -1; - } -@@ -128,41 +129,41 @@ static int tpm_test_hmac(void) - struct { - uint8_t *key, key_len, *data, data_len, *digest; - } test_cases[] = {{ -- "\x0b", 20, "Hi There", 8, -- "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00" -+ (uint8_t*)"\x0b", 20, (uint8_t*)"Hi There", 8, -+ (uint8_t*)"\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00" - }, { -- "Jefe", 4, "what do ya want for nothing?", 28, -- "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79" -+ (uint8_t*)"Jefe", 4, (uint8_t*)"what do ya want for nothing?", 28, -+ (uint8_t*)"\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79" - }, { -- "\xaa", 20, "\xdd", 50, -- "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3" -+ (uint8_t*)"\xaa", 20, (uint8_t*)"\xdd", 50, -+ (uint8_t*)"\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3" - }, { -- "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" -- "\x15\x16\x17\x18\x19", 25, "\xcd", 50, -- "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda" -+ (uint8_t*)"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" -+ "\x15\x16\x17\x18\x19", 25, (uint8_t*)"\xcd", 50, -+ (uint8_t*)"\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda" - }, { -- "\x0c", 20, "Test With Truncation", 20, -- "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04" -+ (uint8_t*)"\x0c", 20, (uint8_t*)"Test With Truncation", 20, -+ (uint8_t*)"\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04" - }, { -- "\xaa", 80, "Test Using Larger Than Block-Size Key - Hash Key First", 54, -- "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12" -+ (uint8_t*)"\xaa", 80, (uint8_t*)"Test Using Larger Than Block-Size Key - Hash Key First", 54, -+ (uint8_t*)"\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12" - }, { -- "\xaa", 80, -- "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73, -- "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91" -+ (uint8_t*)"\xaa", 80, -+ (uint8_t*)"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 73, -+ (uint8_t*)"\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91" - }}; - - debug("tpm_test_hmac()"); - for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) { -- if (strlen(test_cases[i].key) < test_cases[i].key_len) { -+ if (strlen((char*)test_cases[i].key) < test_cases[i].key_len) { - uint8_t key[test_cases[i].key_len]; - memset(key, test_cases[i].key[0], test_cases[i].key_len); - hmac_init(&ctx, key, test_cases[i].key_len); - } else { - hmac_init(&ctx, test_cases[i].key, test_cases[i].key_len); - } -- for (j = 0; j < test_cases[i].data_len; j +strlen(test_cases[i].data)) { -- hmac_update(&ctx, test_cases[i].data, strlen(test_cases[i].data)); -+ for (j = 0; j < test_cases[i].data_len; j +strlen((char*)test_cases[i].data)) { -+ hmac_update(&ctx, test_cases[i].data, strlen((char*)test_cases[i].data)); - } - hmac_final(&ctx, digest); - if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return -1; -@@ -173,9 +174,9 @@ static int tpm_test_hmac(void) - static int tpm_test_rsa_EK(void) - { - int res = 0; -- char *data = "RSA PKCS #1 v1.5 Test-String"; -+ uint8_t *data = (uint8_t*)"RSA PKCS #1 v1.5 Test-String"; - uint8_t buf[256]; -- size_t buf_len, data_len = strlen(data); -+ size_t buf_len, data_len = strlen((char*)data); - rsa_private_key_t priv_key; - rsa_public_key_t pub_key; - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_ticks.c tpm_emulator/tpm/tpm_ticks.c ---- orig/tpm_emulator-0.4/tpm/tpm_ticks.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_ticks.c 2006-07-24 14:35:35.000000000 -0700 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -39,9 +40,7 @@ TPM_RESULT TPM_SetTickType(TPM_TICKTYPE - TPM_RESULT TPM_GetTicks(TPM_CURRENT_TICKS *currentTime) - { - info("TPM_GetTicks()"); -- memcpy(currentTime, &tpmData.stany.data.currentTicks, -- sizeof(TPM_CURRENT_TICKS)); -- return TPM_SUCCESS; -+ return TPM_DISABLED_CMD; - } - - TPM_RESULT TPM_TickStampBlob(TPM_KEY_HANDLE keyHandle, TPM_NONCE *antiReplay, -@@ -49,64 +48,11 @@ TPM_RESULT TPM_TickStampBlob(TPM_KEY_HAN - TPM_CURRENT_TICKS *currentTicks, - UINT32 *sigSize, BYTE **sig) - { -- TPM_RESULT res; -- TPM_KEY_DATA *key; -- BYTE *info, *p; -- UINT32 info_length, length; - info("TPM_TickStampBlob()"); -- /* get key */ -- key = tpm_get_key(keyHandle); -- if (key == NULL) return TPM_INVALID_KEYHANDLE; -- /* verify authorization */ -- res = tpm_verify_auth(auth1, key->usageAuth, keyHandle); -- if (res != TPM_SUCCESS) return res; -- if (key->keyUsage != TPM_KEY_SIGNING && key->keyUsage != TPM_KEY_LEGACY -- && key->keyUsage != TPM_KEY_IDENTITY) return TPM_INVALID_KEYUSAGE; -- /* get current ticks */ -- TPM_GetTicks(currentTicks); -- /* sign data using signature scheme PKCS1_SHA1 and TPM_SIGN_INFO container */ -- *sigSize = key->key.size >> 3; -- *sig = tpm_malloc(*sigSize); -- if (*sig == NULL) return TPM_FAIL; -- /* setup TPM_SIGN_INFO structure */ -- info_length = 30 + sizeof(TPM_DIGEST) + sizeof_TPM_CURRENT_TICKS(currentTicks); -- info = tpm_malloc(info_length); -- if (info == NULL) { -- tpm_free(*sig); -- return TPM_FAIL; -- } -- memcpy(&info[0], "\x05\x00TSTP", 6); -- memcpy(&info[6], antiReplay->nonce, 20); -- *(UINT32*)&info[26] = CPU_TO_BE32(20 -- + sizeof_TPM_CURRENT_TICKS(currentTicks)); -- memcpy(&info[30], digestToStamp->digest, sizeof(TPM_DIGEST)); -- p = &info[30 + sizeof(TPM_DIGEST)]; -- length = sizeof_TPM_CURRENT_TICKS(currentTicks); -- if (tpm_marshal_TPM_CURRENT_TICKS(&p, &length, currentTicks) -- || rsa_sign(&key->key, RSA_SSA_PKCS1_SHA1, info, info_length, *sig)) { -- tpm_free(*sig); -- tpm_free(info); -- return TPM_FAIL; -- } -- return TPM_SUCCESS; -+ return TPM_DISABLED_CMD; - } - - void tpm_update_ticks(void) - { -- if (tpmData.stany.data.currentTicks.tag == 0) { -- tpmData.stany.data.currentTicks.tag = TPM_TAG_CURRENT_TICKS; -- tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks(); --/* removed since v1.2 rev 94 -- tpmData.stany.data.currentTicks.tickType tpmData.permanent.data.tickType; --*/ -- tpm_get_random_bytes(tpmData.stany.data.currentTicks.tickNonce.nonce, -- sizeof(TPM_NONCE)); -- tpmData.stany.data.currentTicks.tickRate = 1; --/* removed since v1.2 rev 94 -- tpmData.stany.data.currentTicks.tickSecurity = TICK_SEC_NO_CHECK; --*/ -- } else { -- tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks(); -- } - } - -diff -uprN orig/tpm_emulator-0.4/tpm/tpm_transport.c tpm_emulator/tpm/tpm_transport.c ---- orig/tpm_emulator-0.4/tpm/tpm_transport.c 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm/tpm_transport.c 2006-07-24 14:35:35.000000000 -0700 -@@ -189,7 +189,7 @@ static void decrypt_wrapped_command(BYTE - sha1_init(&sha1); - sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce)); - sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce)); -- sha1_update(&sha1, "in", 2); -+ sha1_update(&sha1, (BYTE*)"in", 2); - sha1_update(&sha1, secret, sizeof(TPM_SECRET)); - j = CPU_TO_BE32(i); - sha1_update(&sha1, (BYTE*)&j, 4); -@@ -211,7 +211,7 @@ static void encrypt_wrapped_command(BYTE - sha1_init(&sha1); - sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce)); - sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce)); -- sha1_update(&sha1, "out", 3); -+ sha1_update(&sha1, (BYTE*)"out", 3); - sha1_update(&sha1, secret, sizeof(TPM_SECRET)); - j = CPU_TO_BE32(i); - sha1_update(&sha1, (BYTE*)&j, 4); -diff -uprN orig/tpm_emulator-0.4/tpmd.c tpm_emulator/tpmd.c ---- orig/tpm_emulator-0.4/tpmd.c 1969-12-31 16:00:00.000000000 -0800 -+++ tpm_emulator/tpmd.c 2006-07-24 14:35:35.000000000 -0700 -@@ -0,0 +1,156 @@ -+/* Software-Based Trusted Platform Module (TPM) Emulator for Linux -+ * Copyright (C) 2005 INTEL Corp -+ * -+ * This module is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published -+ * by the Free Software Foundation; either version 2 of the License, -+ * or (at your option) any later version. -+ * -+ * This module is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ */ -+ -+#include <stdio.h> -+#include <stdlib.h> -+#include <unistd.h> -+#include <string.h> -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <sys/time.h> -+ -+#include "tpm_emulator.h" -+ -+#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo" -+#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo" -+ -+#define BUFFER_SIZE 2048 -+ -+static int devurandom=0; -+ -+void get_random_bytes(void *buf, int nbytes) { -+ -+ if (devurandom == 0) { -+ devurandom = open("/dev/urandom", O_RDONLY); -+ } -+ -+ if (read(devurandom, buf, nbytes) != nbytes) { -+ printf("Can''t get random number.\n"); -+ exit(-1); -+ } -+} -+ -+uint64_t tpm_get_ticks(void) -+{ -+ //struct timeval tv; -+ //int gettimeofday(&tv, struct timezone *tz); -+ return 0; -+} -+ -+int main(int argc, char **argv) -+{ -+ uint8_t in[BUFFER_SIZE], *out; -+ uint32_t out_size; -+ int in_size, written; -+ int i; -+ struct stat file_info; -+ -+ int tpm_tx_fh=-1, tpm_rx_fh=-1; -+ if (argc < 2) { -+ printf("Usage: tpmd clear|save|deactivated\n" ); -+ return -1; -+ } -+ -+ /* initialize TPM emulator */ -+ if (!strcmp(argv[1], "clear")) { -+ printf("Initializing tpm: %s\n", argv[1]); -+ tpm_emulator_init(1); -+ } else if (!strcmp(argv[1], "save")) { -+ printf("Initializing tpm: %s\n", argv[1]); -+ tpm_emulator_init(2); -+ } else if (!strcmp(argv[1], "deactivated")) { -+ printf("Initializing tpm: %s\n", argv[1]); -+ tpm_emulator_init(3); -+ } else { -+ printf("invalid startup mode ''%s''; must be ''clear'', " -+ "''save'' (default) or ''deactivated", argv[1]); -+ return -1; -+ } -+ -+ if ( stat(TPM_RX_FNAME, &file_info) == -1) { -+ if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) { -+ printf("Failed to create fifo %s.\n", TPM_RX_FNAME); -+ return -1; -+ } -+ } -+ -+ if ( stat(TPM_TX_FNAME, &file_info) == -1) { -+ if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) { -+ printf("Failed to create fifo %s.\n", TPM_TX_FNAME); -+ return -1; -+ } -+ } -+ -+ while (1) { -+abort_command: -+ if (tpm_rx_fh < 0) { -+ tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY); -+ } -+ -+ if (tpm_rx_fh < 0) { -+ printf("ERROR: failed to open devices to listen to guest.\n"); -+ return -1; -+ } -+ -+ if (tpm_tx_fh < 0) { -+ tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY); -+ } -+ -+ if (tpm_tx_fh < 0) { -+ printf("ERROR: failed to open devices to respond to guest.\n"); -+ return -1; -+ } -+ -+ in_size = read(tpm_rx_fh, in, BUFFER_SIZE); -+ if (in_size < 6) { // Magic size of minium TPM command -+ printf("Recv[%d] to small: 0x", in_size); -+ if (in_size <= 0) { -+ close(tpm_rx_fh); -+ tpm_rx_fh = -1; -+ goto abort_command; -+ } -+ } else { -+ printf("Recv[%d]: 0x", in_size); -+ for (i=0; i< in_size; i++) -+ printf("%x ", in[i]); -+ printf("\n"); -+ } -+ -+ -+ if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { -+ printf("ERROR: Handler Failed.\n"); -+ } -+ -+ written = write(tpm_tx_fh, out, out_size); -+ -+ if (written != out_size ) { -+ printf("ERROR: Part of response not written %d/%d.\nAttempt: ", written, out_size); -+ } else { -+ printf("Sent[%Zu]: ", out_size); -+ } -+ for (i=0; i< out_size; i++) -+ printf("%x ", out[i]); -+ printf("\n"); -+ tpm_free(out); -+ -+ } // loop -+ -+ tpm_emulator_shutdown(); -+ -+ close(tpm_tx_fh); -+ close(tpm_rx_fh); -+ -+} -Binary files orig/tpm_emulator-0.4/tpm_emulator and tpm_emulator/tpm_emulator differ -diff -uprN orig/tpm_emulator-0.4/tpm_version.h tpm_emulator/tpm_version.h ---- orig/tpm_emulator-0.4/tpm_version.h 2006-06-23 03:37:07.000000000 -0700 -+++ tpm_emulator/tpm_version.h 2006-07-24 14:35:41.000000000 -0700 -@@ -2,5 +2,5 @@ - #define _TPM_VERSION_H_ - #define VERSION_MAJOR 0 - #define VERSION_MINOR 4 --#define VERSION_BUILD 1151058734 -+#define VERSION_BUILD 1153776940 - #endif /* _TPM_VERSION_H_ */ diff --git a/tools/vtpm/vtpm-0.5.1-LDLIBS.patch b/tools/vtpm/vtpm-0.5.1-LDLIBS.patch --- a/tools/vtpm/vtpm-0.5.1-LDLIBS.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naurp tpm_emulator-0.5.1/tpmd/Makefile tpm_emulator-0.5.1/tpmd/Makefile ---- tpm_emulator-0.5.1/tpmd/Makefile -+++ tpm_emulator-0.5.1/tpmd/Makefile -@@ -8,7 +8,7 @@ WFLAGS := -Wall -Wno-unused -Wpointer-a - #WFLAGS += -Wextra -Wcast-qual -Wmissing-prototypes -Wmissing-declarations -Wstrict-aliasing - CFLAGS += $(WFLAGS) -g -I.. -I. -O2 -fno-strict-aliasing - CFLAGS += -I../../../../tools/vtpm_manager/manager --LDFLAGS += -lgmp -+LDLIBS += -lgmp - - BINDIR := /usr/bin/ - diff --git a/tools/vtpm/vtpm-0.5.1.patch b/tools/vtpm/vtpm-0.5.1.patch --- a/tools/vtpm/vtpm-0.5.1.patch +++ /dev/null @@ -1,766 +0,0 @@ -diff -Naurp tpm_emulator-0.5.1/Makefile tpm5-test/Makefile ---- tpm_emulator-0.5.1/Makefile 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/Makefile 2009-07-15 09:45:28.000000000 -0400 -@@ -10,7 +10,7 @@ VERSION_MINOR := 5 - VERSION_BUILD := $(shell date +"%s") - VERSION_SUFFIX := .1 - --SUBDIRS := tpmd tpmd_dev tddl -+SUBDIRS := tpmd - - all: version all-recursive - -@@ -48,12 +48,12 @@ user_install: user - modules_install: modules - @$(MAKE) -C tpmd_dev install || exit -1 - --DIRS := . tpm crypto tpmd tpmd_dev tddl tpmd_dev_openbsd -+DIRS := . tpm crypto tpmd - DISTSRC := $(foreach dir, $(DIRS), $(wildcard $(dir)/*.c)) - DISTSRC += $(foreach dir, $(DIRS), $(wildcard $(dir)/*.h)) --DIRS := . tpmd tpmd_dev tddl tpmd_dev_openbsd -+DIRS := . tpmd - DISTSRC += $(foreach dir, $(DIRS), $(dir)/Makefile) --DISTSRC += ./README ./AUTHORS ./ChangeLog tpmd_dev/tpmd_dev.rules.in -+DISTSRC += ./README ./AUTHORS ./ChangeLog - DISTDIR := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR)$(VERSION_SUFFIX) - - dist: $(DISTSRC) -diff -Naurp tpm_emulator-0.5.1/tpm/tpm_capability.c tpm5-test/tpm/tpm_capability.c ---- tpm_emulator-0.5.1/tpm/tpm_capability.c 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpm/tpm_capability.c 2009-07-16 12:04:20.000000000 -0400 -@@ -136,8 +136,19 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_TIS_TIMEOUT: - debug("[TPM_CAP_PROP_TIS_TIMEOUT]"); -- /* TODO: TPM_CAP_PROP_TIS_TIMEOUT */ -- return TPM_FAIL; -+ /* TODO: TPM_CAP_PROP_TIS_TIMEOUT: Measure these values and determine correct ones */ -+ UINT32 len = *respSize = 16; -+ BYTE *ptr = *resp = tpm_malloc(*respSize); -+ if (ptr == NULL || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000)) { -+ tpm_free(*resp); -+ return TPM_FAIL; -+ } -+ return TPM_SUCCESS; -+ - - case TPM_CAP_PROP_STARTUP_EFFECT: - debug("[TPM_CAP_PROP_STARTUP_EFFECT]"); -@@ -189,8 +200,12 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_DURATION: - debug("[TPM_CAP_PROP_DURATION]"); -- /* TODO: TPM_CAP_PROP_DURATION */ -- return TPM_FAIL; -+ /* TODO: TPM_CAP_PROP_DURATION: Measure these values and return accurate ones */ -+ BYTE dur[]{0x0,0x0,0x0,0xc,0x0,0x7,0xa1,0x20,0x0,0x1e,0x84,0x80,0x11,0xe1,0xa3,0x0}; -+ *respSize = 16; -+ *resp = tpm_malloc(*respSize); -+ memcpy(*resp,dur,16); -+ - - case TPM_CAP_PROP_ACTIVE_COUNTER: - debug("[TPM_CAP_PROP_ACTIVE_COUNTER]"); -diff -Naurp tpm_emulator-0.5.1/tpmd/Makefile tpm5-test/tpmd/Makefile ---- tpm_emulator-0.5.1/tpmd/Makefile 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpmd/Makefile 2009-07-16 12:08:26.000000000 -0400 -@@ -8,9 +8,10 @@ WFLAGS := -Wall -Wno-unused -Wpointer-a - -Wwrite-strings -Wsign-compare -Wno-multichar - #WFLAGS += -Wextra -Wcast-qual -Wmissing-prototypes -Wmissing-declarations -Wstrict-aliasing - CFLAGS += $(WFLAGS) -g -I.. -I. -O2 -fno-strict-aliasing -+CFLAGS += -I../../../../tools/vtpm_manager/manager - LDFLAGS += -lgmp - --BINDIR := /usr/sbin/ -+BINDIR := /usr/bin/ - - TPMD := tpmd - DIRS := ../tpm ../crypto -@@ -18,6 +19,8 @@ SRCS := $(foreach dir, $(DIRS), $(wil - OBJS := $(patsubst %.c, %.o, $(SRCS)) - OBJS := $(foreach dir, $(DIRS), $(patsubst $(dir)/%.o, %.o, $(filter $(dir)/%.o, $(OBJS)))) - -+VTPM_BIN := vtpmd -+ - vpath %.c $(strip $(DIRS)) - - all: $(TPMD) -@@ -32,10 +35,8 @@ TPMD_GROUP ?= tss - INSTALL ?= install - - install: $(TPMD) -- $(INSTALL) -m 755 -o $(TPMD_USER) -g $(TPMD_GROUP) -d $(DESTDIR)/var/lib/tpm -- $(INSTALL) -m 755 -o $(TPMD_USER) -g $(TPMD_GROUP) -d $(DESTDIR)/var/run/tpm - $(INSTALL) -D -d $(DESTDIR)/$(BINDIR) -- $(INSTALL) -m 755 $(TPMD) $(DESTDIR)/$(BINDIR) -+ $(INSTALL) -m 755 $(TPMD) $(DESTDIR)/$(BINDIR)/$(VTPM_BIN) - - .PHONY: all clean install - -diff -Naurp tpm_emulator-0.5.1/tpmd/tpmd.c tpm5-test/tpmd/tpmd.c ---- tpm_emulator-0.5.1/tpmd/tpmd.c 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpmd/tpmd.c 2009-07-16 11:19:05.000000000 -0400 -@@ -32,6 +32,9 @@ - #include <grp.h> - #include "tpm_emulator_config.h" - #include "tpm/tpm_emulator.h" -+#include "tpm/tpm_structures.h" -+#include "tpm/tpm_marshalling.h" -+#include "vtpm_manager.h" - - #define TPM_DAEMON_NAME "tpmd" - #define TPM_CMD_BUF_SIZE 4096 -@@ -39,6 +42,24 @@ - #define TPM_RANDOM_DEVICE "/dev/urandom" - #undef TPM_MKDIRS - -+#ifdef VTPM_MULTI_VM -+ #define DEV_BE "/dev/vtpm" -+ #define DEV_FE "/dev/tpm" -+#else -+ #define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo" -+ #define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo" -+ #define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket" -+ -+ #define VTPM_RX_FIFO_D "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo" -+ #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm_cmd_from_all.fifo" -+ -+ static char *vtpm_rx_name=NULL; -+#endif -+ -+ static int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+ -+#define BUFFER_SIZE 2048 -+ - static volatile int stopflag = 0; - static int is_daemon = 0; - static int opt_debug = 0; -@@ -49,6 +70,8 @@ static const char *opt_storage_file = "/ - static uid_t opt_uid = 0; - static gid_t opt_gid = 0; - static int tpm_startup = 2; -+static int vtpm_type = VTPM_TYPE_PVM; -+int dmi_id = 0; - static int rand_fh; - - void tpm_log(int priority, const char *fmt, ...) -@@ -90,56 +113,241 @@ uint64_t tpm_get_ticks(void) - - int tpm_write_to_file(uint8_t *data, size_t data_length) - { -- int fh; -- ssize_t res; -- fh = open(opt_storage_file, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -- if (fh < 0) return -1; -- while (data_length > 0) { -- res = write(fh, data, data_length); -- if (res < 0) { -- close(fh); -- return -1; -- } -- data_length -= res; -- data += res; -+ int res, out_data_size, in_header_size; -+ BYTE *ptr, *out_data, *in_header; -+ UINT32 result, len, in_rsp_size; -+ UINT16 tag = VTPM_TAG_REQ; -+ -+ printf("Saving NVM\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT + data_length; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length; -+#endif -+ -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM) -+ || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) { -+ free(out_data); -+ return -1; -+ } -+ -+ printf("\tSending SaveNVM Command.\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) return -1; -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); - } -- close(fh); -- return 0; -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading SaveNVM header.\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ return -1; -+ } -+ -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_tx_fh); close(vtpm_rx_fh); -+#endif -+ -+ printf("\tFinishing up SaveNVM\n"); -+ return (0); - } - - int tpm_read_from_file(uint8_t **data, size_t *data_length) - { -- int fh; -- ssize_t res; -- size_t total_length; -- fh = open(opt_storage_file, O_RDONLY); -- if (fh < 0) return -1; -- total_length = lseek(fh, 0, SEEK_END); -- lseek(fh, 0, SEEK_SET); -- *data = tpm_malloc(total_length); -- if (*data == NULL) { -- close(fh); -- return -1; -- } -- *data_length = 0; -- while (total_length > 0) { -- res = read(fh, &(*data)[*data_length], total_length); -- if (res < 0) { -- close(fh); -- tpm_free(*data); -- return -1; -- } -- *data_length += res; -- total_length -= res; -+ int res, out_data_size, in_header_size; -+ uint8_t *ptr, *out_data, *in_header; -+ UINT16 tag = VTPM_TAG_REQ; -+ UINT32 len, in_rsp_size, result; -+#ifdef VTPM_MUTLI_VM -+ int vtpm_rx_fh, vtpm_tx_fh; -+#endif -+ -+ printf("Loading NVM.\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ printf("Error in read_from_file:301\n"); -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) { -+ free(out_data); -+ printf("Error in read_from_file:325\n"); -+ -+ return -1; -+ } -+ -+ printf("\tSending LoadNVM command\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) -+ { -+ printf("Error in read_from_file:335\n"); -+ return -1; -+ } -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); - } -- close(fh); -- return 0; -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ printf("Error in read_from_file:352\n"); -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading LoadNVM header\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ printf("Error in read_from_file:375\n"); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ printf("Error in read_from_file:381\n"); -+ return -1; -+ } -+ -+ // Read Encrypted data from VTPM Manager -+ *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT; -+ *data = (uint8_t *) malloc(*data_length); -+ -+ printf("\tReading clear data from LoadNVM.\n"); -+ res = read(vtpm_rx_fh, *data, *data_length); -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_rx_fh);close(vtpm_tx_fh); -+#endif -+ -+ printf("\tReturing from loading NVM\n"); -+ if (res != (int)*data_length) { -+ free(*data); -+ printf("Error in read_from_file:398\n"); -+ return -1; -+ } else { -+ return 0; -+ } -+ -+ -+ - } - - static void print_usage(char *name) - { - printf("usage: %s [-d] [-f] [-s storage file] [-u unix socket name] " -- "[-o user name] [-g group name] [-h] [startup mode]\n", name); -+ "[-o user name] [-g group name] [-h]" -+#ifdef VTPM_MULTI_VM -+ "clear|save|deactivated\n", name); -+#else -+ "clear|save|deactivated pvm|hvm vtpmid\n", name); -+#endif - printf(" d : enable debug mode\n"); - printf(" f : forces the application to run in the foreground\n"); - printf(" s : storage file to use (default: %s)\n", opt_storage_file); -@@ -205,7 +413,13 @@ static void parse_options(int argc, char - exit(EXIT_SUCCESS); - } - } -- if (optind < argc) { -+ /*Make sure we have all required options*/ -+#ifdef VTPM_MULTI_VM -+#define EXTRA_OPTS 0 -+#else -+#define EXTRA_OPTS 2 -+#endif -+ if (optind < argc - EXTRA_OPTS ) { - debug("startup mode = ''%s''", argv[optind]); - if (!strcmp(argv[optind], "clear")) { - tpm_startup = 1; -@@ -219,6 +433,25 @@ static void parse_options(int argc, char - print_usage(argv[0]); - exit(EXIT_SUCCESS); - } -+#ifndef VTPM_MULTI_VM -+ ++optind; -+ if(!strcmp(argv[optind], "pvm")) { -+ vtpm_type = VTPM_TYPE_PVM; // Get commands from vTPM Manager through fifo -+ } else if (!strcmp(argv[optind], "hvm")) { -+ vtpm_type = VTPM_TYPE_HVM; // Get commands from qemu via socket -+ } else { -+ error("Invalid vm mode ''%s''; must be ''pvm'', " -+ "or ''hvm'' ", argv[optind]); -+ print_usage(argv[0]); -+ exit(EXIT_SUCCESS); -+ } -+ ++optind; -+ dmi_id = atoi(argv[optind]); -+#endif -+ } else { -+ error("Invalid number of arguments"); -+ print_usage(argv[0]); -+ exit(EXIT_SUCCESS); - } - } - -@@ -348,93 +581,180 @@ static int init_socket(const char *name) - - static void main_loop(void) - { -- int sock, fh, res; -- int32_t in_len; -+ int32_t in_len, written; - uint32_t out_len; -- uint8_t in[TPM_CMD_BUF_SIZE], *out; -+ uint8_t in[TPM_CMD_BUF_SIZE], *out, *addressed_out; -+ int guest_id=-1; -+ int i; -+ char *vtpm_rx_file=NULL; -+ int res; -+ -+#ifndef VTPM_MULTI_VM -+ int sockfd = -1; - struct sockaddr_un addr; -- socklen_t addr_len; -- fd_set rfds; -- struct timeval tv; -+ struct sockaddr_un client_addr; -+ unsigned int client_length; -+#endif -+ -+ int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+ -+#ifndef VTPM_MULTI_VM -+ if (vtpm_type == VTPM_TYPE_PVM) { -+ vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id); -+ } else { -+ vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id); -+ -+ if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) { -+ error("Unable to create socket. errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&addr, 0, sizeof(addr)); -+ addr.sun_family = AF_UNIX; -+ strcpy(addr.sun_path,vtpm_rx_file ); -+ unlink(addr.sun_path); -+ } -+#endif - - info("staring main loop"); -- /* open UNIX socket */ -- sock = init_socket(opt_socket_name); -- if (sock < 0) exit(EXIT_FAILURE); - /* init tpm emulator */ -- debug("initializing TPM emulator: %d", tpm_startup); -+#ifdef VTPM_MULTI_VM -+ debug("initializing TPM emulator: state=%d", tpm_startup); -+#else -+ debug("initializing TPM emulator: state=%d, type=%d, id=%d", tpm_startup, vtpm_type, dmi_id); -+#endif - tpm_emulator_init(tpm_startup); - /* start command processing */ - while (!stopflag) { - /* wait for incomming connections */ - debug("waiting for connections..."); -- FD_ZERO(&rfds); -- FD_SET(sock, &rfds); -- tv.tv_sec = 10; -- tv.tv_usec = 0; -- res = select(sock + 1, &rfds, NULL, NULL, &tv); -- if (res < 0) { -- error("select(sock) failed: %s", strerror(errno)); -- break; -- } else if (res == 0) { -- continue; -- } -- addr_len = sizeof(addr); -- fh = accept(sock, (struct sockaddr*)&addr, &addr_len); -- if (fh < 0) { -- error("accept() failed: %s", strerror(errno)); -- continue; -- } -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = open(DEV_BE, O_RDWR); -+#else -+ if (vtpm_type == VTPM_TYPE_PVM) -+ { -+ vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY); -+ } else { -+ if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { -+ error("Unable to bind(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ if (listen(sockfd, 10) <0) { -+ error("Unable to listen(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&client_addr, 0, sizeof(client_addr)); -+ client_length = sizeof(client_addr); -+ -+ vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr *)&client_addr, &client_length); -+ } -+#endif -+ } -+ -+ /*Error Checking*/ -+ if (vtpm_rx_fh < 0) { -+ error("Failed to open devices to listen to guest.\n"); -+ exit(-1); -+ } -+ - /* receive and handle commands */ - in_len = 0; - do { - debug("waiting for commands..."); -- FD_ZERO(&rfds); -- FD_SET(fh, &rfds); -- tv.tv_sec = TPM_COMMAND_TIMEOUT; -- tv.tv_usec = 0; -- res = select(fh + 1, &rfds, NULL, NULL, &tv); -- if (res < 0) { -- error("select(fh) failed: %s", strerror(errno)); -- close(fh); -- break; -- } else if (res == 0) { --#ifdef TPMD_DISCONNECT_IDLE_CLIENTS -- info("connection closed due to inactivity"); -- close(fh); -- break; --#else -- continue; --#endif -- } -- in_len = read(fh, in, sizeof(in)); -- if (in_len > 0) { -+ -+ in_len = read(vtpm_rx_fh, in, sizeof(in)); -+ /*Magic size of minimum TPM command is 6*/ -+ //FIXME Magic size check may not be required anymore -+ if (in_len < 6) { -+ info("Recv incomplete command of %d bytes.", in_len); -+ if (in_len <= 0) { -+ close(vtpm_rx_fh); -+ vtpm_rx_fh = -1; -+ continue; -+ } -+ } else { -+ /*Debug Printouts*/ - debug("received %d bytes", in_len); -+ debug_nostop("Recv[%d]: 0x", in_len); -+ for (i=0; i< in_len; i++) -+ debug_more("%x ", in[i]); -+ debug_more("\n"); -+ /*Multiple Guest check*/ -+ if (guest_id == -1) { -+ guest_id = *((int32_t *) in); -+ } else { -+ if (guest_id != *((int32_t *) in) ) { -+ error("WARNING: More than one guest attached\n"); -+ } -+ } -+ -+ /*Open tx handle now*/ -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_BE, O_RDWR); -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (vtpm_type == VTPM_TYPE_PVM) { -+ vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY); -+ } // No need to open the other direction for HVM -+#endif -+ } -+ if (vtpm_tx_fh < 0) { -+ error("Failed to open devices to respond to guest.\n"); -+ exit(-1); -+ } -+ -+ /*Handle the TPM command now*/ - out = NULL; -- res = tpm_handle_command(in, in_len, &out, &out_len); -+ res = tpm_handle_command(in + sizeof(uint32_t), in_len - sizeof(uint32_t), &out, &out_len); - if (res < 0) { - error("tpm_handle_command() failed"); - } else { - debug("sending %d bytes", out_len); -+ //FIXME this prepending may or may not be needed -+ /*Prepend the first 4 bytes of the in buffer.. why?*/ -+ addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + out_len); -+ *(uint32_t *) addressed_out = *(uint32_t *) in; -+ memcpy(addressed_out + sizeof(uint32_t), out, out_len); -+ out_len += sizeof(uint32_t); -+ /*End Prepend*/ -+ -+ /*Perform write operation now*/ - while (out_len > 0) { -- res = write(fh, out, out_len); -+ res = write(vtpm_tx_fh, addressed_out, out_len); -+ - if (res < 0) { - error("write(%d) failed: %s", out_len, strerror(errno)); - break; -- } -+ } else { -+ debug_nostop("Sent[%Zu]: ", out_len); -+ for (i=0; (unsigned int)i< out_len; i++) -+ debug_more("%x ", addressed_out[i]); -+ debug_more("\n"); -+ } - out_len -= res; - } - tpm_free(out); -+ tpm_free(addressed_out); - } - } - } while (in_len > 0); -- close(fh); -+ //close(fh); - } -+ - /* shutdown tpm emulator */ - tpm_emulator_shutdown(); -- /* close socket */ -- close(sock); -- unlink(opt_socket_name); -+ /* Close handles */ -+ close(vtpm_tx_fh); -+#ifndef VTPM_MULTI_VM -+ close(vtpm_rx_fh); -+ free(vtpm_rx_file); -+#endif - info("main loop stopped"); - } - -@@ -450,12 +770,13 @@ int main(int argc, char **argv) - /* open random device */ - init_random(); - /* init signal handlers */ -- init_signal_handler(); -+ //init_signal_handler(); - /* unless requested otherwiese, fork and daemonize process */ -- if (!opt_foreground) daemonize(); -+ //if (!opt_foreground) daemonize(); - /* start main processing loop */ - main_loop(); - info("stopping TPM Emulator daemon"); - closelog(); - return 0; - } -+ -diff -Naurp tpm_emulator-0.5.1/tpmd/tpm_emulator_config.h tpm5-test/tpmd/tpm_emulator_config.h ---- tpm_emulator-0.5.1/tpmd/tpm_emulator_config.h 2008-02-14 03:22:48.000000000 -0500 -+++ tpm5-test/tpmd/tpm_emulator_config.h 2009-07-16 11:25:26.000000000 -0400 -@@ -29,23 +29,28 @@ - - /* TPM emulator configuration */ - --#undef TPM_STRONG_PERSISTENCE --#undef TPM_GENERATE_EK -+#define TPM_STRONG_PERSISTENCE -+#define TPM_GENERATE_EK - #undef TPM_GENERATE_SEED_DAA - #undef TPM_MEMORY_ALIGNMENT_MANDATORY - -+extern int dmi_id; -+ - /* log macros */ - - void tpm_log(int priority, const char *fmt, ...); - --#define debug(fmt, ...) tpm_log(LOG_DEBUG, "%s:%d: Debug: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define info(fmt, ...) tpm_log(LOG_INFO, "%s:%d: Info: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define error(fmt, ...) tpm_log(LOG_ERR, "%s:%d: Error: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define alert(fmt, ...) tpm_log(LOG_ALERT, "%s:%d: Alert: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug(fmt, ...) tpm_log(LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define info(fmt, ...) tpm_log(LOG_INFO, "VTPMD[%d]: %s:%d: Info: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define error(fmt, ...) tpm_log(LOG_ERR, "VTPMD[%d]: %s:%d: Error: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define alert(fmt, ...) tpm_log(LOG_ALERT, "VTPMD[%d]: %s:%d: Alert: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_nostop(fmt, ...) tpm_log(LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt, \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_more(fmt, ...) tpm_log(LOG_DEBUG, fmt, ## __VA_ARGS__) - - /* min/max macros that also do strict type-checking */ - diff --git a/tools/vtpm/vtpm-0.7.4.patch b/tools/vtpm/vtpm-0.7.4.patch --- /dev/null +++ b/tools/vtpm/vtpm-0.7.4.patch @@ -0,0 +1,1138 @@ +diff -Naur tpm_emulator-0.7.4-orig/CMakeLists.txt tpm_emulator-0.7.4/CMakeLists.txt +--- tpm_emulator-0.7.4-orig/CMakeLists.txt 2012-09-17 13:16:27.832582475 -0400 ++++ tpm_emulator-0.7.4/CMakeLists.txt 2012-09-17 13:16:41.621654594 -0400 +@@ -63,6 +63,7 @@ + # include root directories + include_directories(${CMAKE_SOURCE_DIR}) + include_directories(${CMAKE_BINARY_DIR}) ++include_directories(../../vtpm_manager/manager) + + # add internal libraries + add_subdirectory(tpm) +diff -Naur tpm_emulator-0.7.4-orig/CMakeLists.txt.orig tpm_emulator-0.7.4/CMakeLists.txt.orig +--- tpm_emulator-0.7.4-orig/CMakeLists.txt.orig 1969-12-31 19:00:00.000000000 -0500 ++++ tpm_emulator-0.7.4/CMakeLists.txt.orig 2011-12-20 13:30:06.000000000 -0500 +@@ -0,0 +1,80 @@ ++# Software-based Trusted Platform Module (TPM) Emulator ++# Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net> ++# ++# $Id: CMakeLists.txt 475 2011-12-20 18:21:19Z mast $ ++ ++project(TPM_Emulator C) ++ ++cmake_minimum_required(VERSION 2.4) ++set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS true) ++if(COMMAND cmake_policy) ++cmake_policy(SET CMP0003 NEW) ++endif() ++ ++# enforce out of source build ++string(COMPARE EQUAL "${CMAKE_SOURCE_DIR}" "${CMAKE_BINARY_DIR}" IS_INSOURCE) ++if(IS_INSOURCE) ++ message(FATAL_ERROR "${PROJECT_NAME} requires an out of source build.") ++endif() ++ ++# set project and build version ++set(${PROJECT_NAME}_VERSION_MAJOR 0) ++set(${PROJECT_NAME}_VERSION_MINOR 7) ++string(REGEX REPLACE ".*Revision: ([0-9]+).*" "\\1" ${PROJECT_NAME}_VERSION_BUILD "$Revision: 475 $") ++ ++# create project configuration ++if(WIN32) ++STRING(REGEX REPLACE "\\\\" "/" PROGRAMFILES "$ENV{PROGRAMFILES}/${PROJECT_NAME}") ++set(TPM_LOG_FILE "${PROGRAMFILES}/tpmd.log") ++set(TPM_STORAGE_NAME "${PROGRAMFILES}/tpm_emulator-1_2_${${PROJECT_NAME}_VERSION_MAJOR}_${${PROJECT_NAME}_VERSION_MINOR}") ++set(TPM_DEVICE_NAME "//./pipe/tpmd:0") ++elseif(APPLE) ++set(TPM_LOG_FILE "/private/var/log/tpmd.log") ++set(TPM_SOCKET_NAME "/private/var/run/tpm/tpmd_socket:0") ++set(TPM_STORAGE_NAME "/private/var/lib/tpm/tpm_emulator-1_2_${${PROJECT_NAME}_VERSION_MAJOR}_${${PROJECT_NAME}_VERSION_MINOR}") ++set(TPM_DEVICE_NAME "/dev/tpm") ++else() ++set(TPM_LOG_FILE "/var/log/tpmd.log") ++set(TPM_SOCKET_NAME "/var/run/tpm/tpmd_socket:0") ++set(TPM_STORAGE_NAME "/var/lib/tpm/tpm_emulator-1_2_${${PROJECT_NAME}_VERSION_MAJOR}_${${PROJECT_NAME}_VERSION_MINOR}") ++set(TPM_DEVICE_NAME "/dev/tpm") ++endif() ++configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/config.h) ++add_definitions(-Wall -Werror -Wno-unused-parameter -Wpointer-arith -Wcast-align -Wwrite-strings) ++if("${CMAKE_SYSTEM}" MATCHES "Linux") ++ add_definitions(-Wextra) ++endif() ++if(USE_OPENSSL) ++ add_definitions(-DUSE_OPENSSL) ++endif() ++include_directories("/opt/local/include") ++link_directories("/opt/local/lib") ++ ++# configure CPack ++set(CPACK_PACKAGE_VERSION_MAJOR ${${PROJECT_NAME}_VERSION_MAJOR}) ++set(CPACK_PACKAGE_VERSION_MINOR ${${PROJECT_NAME}_VERSION_MINOR}) ++set(CPACK_SOURCE_PACKAGE_FILE_NAME "tpm_emulator-${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.4") ++set(CPACK_SOURCE_GENERATOR "TGZ") ++set(CPACK_SOURCE_IGNORE_FILES ".svn/" "/build/" "/.project" "/.cproject") ++set(CPACK_GENERATOR "ZIP") ++set(CPACK_SET_DESTDIR ON) ++include(CPack) ++ ++# include root directories ++include_directories(${CMAKE_SOURCE_DIR}) ++include_directories(${CMAKE_BINARY_DIR}) ++ ++# add internal libraries ++add_subdirectory(tpm) ++add_subdirectory(mtm) ++add_subdirectory(crypto) ++ ++# add TDDL ++add_subdirectory(tddl) ++ ++# add kernel modules ++add_subdirectory(tpmd_dev) ++ ++# add executables ++add_subdirectory(tpmd) ++ +diff -Naur tpm_emulator-0.7.4-orig/tpm/tpm_emulator_extern.h tpm_emulator-0.7.4/tpm/tpm_emulator_extern.h +--- tpm_emulator-0.7.4-orig/tpm/tpm_emulator_extern.h 2012-09-17 13:16:27.834582486 -0400 ++++ tpm_emulator-0.7.4/tpm/tpm_emulator_extern.h 2012-09-17 13:16:41.621654594 -0400 +@@ -29,6 +29,8 @@ + TPM_LOG_ERROR + }; + ++extern int dmi_id; ++ + void (*tpm_log)(int priority, const char *fmt, ...); + + #if defined(_WIN32) || defined(_WIN64) +@@ -37,12 +39,16 @@ + #define __BFILE__ ((strrchr(__FILE__, ''/'') ? : __FILE__ - 1) + 1) + #endif + +-#define debug(fmt, ...) tpm_log(TPM_LOG_DEBUG, "%s:%d: Debug: " fmt "\n", \ +- __BFILE__, __LINE__, ## __VA_ARGS__) +-#define info(fmt, ...) tpm_log(TPM_LOG_INFO, "%s:%d: Info: " fmt "\n", \ +- __BFILE__, __LINE__, ## __VA_ARGS__) +-#define error(fmt, ...) tpm_log(TPM_LOG_ERROR, "%s:%d: Error: " fmt "\n", \ +- __BFILE__, __LINE__, ## __VA_ARGS__) ++#define debug(fmt, ...) tpm_log(TPM_LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt "\n", \ ++ dmi_id, __BFILE__, __LINE__, ## __VA_ARGS__) ++#define info(fmt, ...) tpm_log(TPM_LOG_INFO, "VTPMD[%d]: %s:%d: Info: " fmt "\n", \ ++ dmi_id, __BFILE__, __LINE__, ## __VA_ARGS__) ++#define error(fmt, ...) tpm_log(TPM_LOG_ERROR, "VTPMD[%d]: %s:%d: Error: " fmt "\n", \ ++ dmi_id, __BFILE__, __LINE__, ## __VA_ARGS__) ++#define debug_nostop(fmt, ...) tpm_log(TPM_LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt, \ ++ dmi_id, __BFILE__, __LINE__, ## __VA_ARGS__) ++#define debug_more(fmt, ...) tpm_log(TPM_LOG_DEBUG, fmt, ## __VA_ARGS__) ++ + /* initialization */ + int (*tpm_extern_init)(void); + void (*tpm_extern_release)(void); +diff -Naur tpm_emulator-0.7.4-orig/tpmd/unix/tpmd.c tpm_emulator-0.7.4/tpmd/unix/tpmd.c +--- tpm_emulator-0.7.4-orig/tpmd/unix/tpmd.c 2012-09-17 13:16:27.839582511 -0400 ++++ tpm_emulator-0.7.4/tpmd/unix/tpmd.c 2012-09-17 13:16:41.623654604 -0400 +@@ -30,9 +30,31 @@ + #include <grp.h> + #include "config.h" + #include "tpm/tpm_emulator.h" ++#include "tpm/tpm_structures.h" ++#include "tpm/tpm_marshalling.h" ++#include "vtpm_manager.h" + + #define TPM_COMMAND_TIMEOUT 30 + ++#define TPM_DAEMON_NAME "tpmd" ++#define TPM_CMD_BUF_SIZE 4096 ++#define TPM_RANDOM_DEVICE "/dev/urandom" ++#undef TPM_MKDIRS ++ ++#define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo" ++#define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo" ++#define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket" ++ ++#define VTPM_RX_FIFO_D "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo" ++#define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm_cmd_from_all.fifo" ++ ++static char *vtpm_rx_name=NULL; ++ ++static int vtpm_tx_fh=-1, vtpm_rx_fh=-1; ++ ++#define BUFFER_SIZE 2048 ++ ++ + static volatile int stopflag = 0; + static int is_daemon = 0; + static int opt_debug = 0; +@@ -44,6 +66,9 @@ + static uint32_t tpm_config = 0; + extern const char *tpm_storage_file; + ++static int vtpm_type = VTPM_TYPE_PVM; ++int dmi_id; ++ + void my_log(int priority, const char *fmt, ...) + { + va_list ap, bp; +@@ -156,35 +181,218 @@ + exit(EXIT_SUCCESS); + } + } else { +- /* if no startup mode is given assume save if a configuration +- file is available, clear otherwise */ +- int fh = open(tpm_storage_file, O_RDONLY); +- if (fh < 0) { +- tpm_startup = 1; +- info("no startup mode was specified; asuming ''clear''"); +- } else { +- tpm_startup = 2; +- close(fh); +- } ++ tpm_startup = 1; ++ info("no startup mode was specified; asuming ''clear''"); + } ++ /* GET VM TYPE */ ++ ++optind; ++ if (optind < argc) { ++ if(!strcmp(argv[optind], "pvm")) { ++ vtpm_type = VTPM_TYPE_PVM; // Get commands from vTPM Manager through fifo ++ } else if (!strcmp(argv[optind], "hvm")) { ++ vtpm_type = VTPM_TYPE_HVM; // Get commands from qemu via socket ++ } else { ++ error("Invalid vm mode ''%s''; must be ''pvm'', " ++ "or ''hvm'' ", argv[optind]); ++ print_usage(argv[0]); ++ exit(EXIT_SUCCESS); ++ } ++ } else { ++ vtpm_type = VTPM_TYPE_PVM; ++ info("no vm mode specified; assuming ''pvm''"); ++ } ++ /* GET DMI ID */ ++ ++optind; ++ if(optind >= argc || sscanf(argv[optind], "%d", &dmi_id) != 1) { ++ error("Missing or non-integer dmi_id specified!"); ++ print_usage(argv[0]); ++ exit(EXIT_SUCCESS); ++ } ++} ++ ++int vtpm_write_to_file(uint8_t *data, size_t data_length) ++{ ++ int res, out_data_size, in_header_size; ++ BYTE *ptr, *out_data, *in_header; ++ UINT32 result, len, in_rsp_size; ++ UINT16 tag = VTPM_TAG_REQ; ++ ++ printf("Saving NVM\n"); ++ if (vtpm_tx_fh < 0) { ++ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); ++ } ++ ++ if (vtpm_tx_fh < 0) { ++ return -1; ++ } ++ ++ // Send request to VTPM Manager to encrypt data ++ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length; ++ ++ out_data = ptr = (BYTE *) malloc(len); ++ ++ if (ptr == NULL ++ || tpm_marshal_UINT32(&ptr, &len, dmi_id) ++ || tpm_marshal_UINT16(&ptr, &len, tag) ++ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) ++ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM) ++ || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) { ++ free(out_data); ++ return -1; ++ } ++ ++ printf("\tSending SaveNVM Command.\n"); ++ res = write(vtpm_tx_fh, out_data, out_data_size); ++ free(out_data); ++ if (res != out_data_size) return -1; ++ ++ if (vtpm_rx_fh < 0) { ++ if (vtpm_rx_name == NULL) { ++ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); ++ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); ++ } ++ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); ++ } ++ ++ if (vtpm_rx_fh < 0) { ++ return -1; ++ } ++ ++ // Read Header of response so we can get the size & status ++ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; ++ in_header = ptr = malloc(in_header_size); ++ ++ printf("\tReading SaveNVM header.\n"); ++ res = read(vtpm_rx_fh, in_header, in_header_size); ++ ++ if ( (res != in_header_size) ++ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) ++ || tpm_unmarshal_UINT16(&ptr, &len, &tag) ++ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) ++ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { ++ free(in_header); ++ return -1; ++ } ++ free(in_header); ++ ++ if (result != VTPM_SUCCESS) { ++ return -1; ++ } ++ ++ printf("\tFinishing up SaveNVM\n"); ++ return (0); ++} ++ ++int vtpm_read_from_file(uint8_t **data, size_t *data_length) ++{ ++ int res, out_data_size, in_header_size; ++ uint8_t *ptr, *out_data, *in_header; ++ UINT16 tag = VTPM_TAG_REQ; ++ UINT32 len, in_rsp_size, result; ++ ++ printf("Loading NVM.\n"); ++ if (vtpm_tx_fh < 0) { ++ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); ++ } ++ ++ if (vtpm_tx_fh < 0) { ++ printf("Error in read_from_file:301\n"); ++ return -1; ++ } ++ ++ // Send request to VTPM Manager to encrypt data ++ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; ++ out_data = ptr = (BYTE *) malloc(len); ++ ++ if (ptr == NULL ++ || tpm_marshal_UINT32(&ptr, &len, dmi_id) ++ || tpm_marshal_UINT16(&ptr, &len, tag) ++ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) ++ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) { ++ free(out_data); ++ printf("Error in read_from_file:325\n"); ++ ++ return -1; ++ } ++ ++ printf("\tSending LoadNVM command\n"); ++ res = write(vtpm_tx_fh, out_data, out_data_size); ++ free(out_data); ++ if (res != out_data_size) ++ { ++ printf("Error in read_from_file:335\n"); ++ return -1; ++ } ++ ++ if (vtpm_rx_fh < 0) { ++ if (vtpm_rx_name == NULL) { ++ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); ++ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); ++ } ++ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); ++ } ++ ++ if (vtpm_rx_fh < 0) { ++ printf("Error in read_from_file:352\n"); ++ return -1; ++ } ++ ++ // Read Header of response so we can get the size & status ++ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; ++ in_header = ptr = malloc(in_header_size); ++ ++ printf("\tReading LoadNVM header\n"); ++ res = read(vtpm_rx_fh, in_header, in_header_size); ++ ++ if ( (res != in_header_size) ++ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) ++ || tpm_unmarshal_UINT16(&ptr, &len, &tag) ++ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) ++ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { ++ free(in_header); ++ printf("Error in read_from_file:375\n"); ++ return -1; ++ } ++ free(in_header); ++ ++ if (result != VTPM_SUCCESS) { ++ printf("Error in read_from_file:381\n"); ++ return -1; ++ } ++ ++ // Read Encrypted data from VTPM Manager ++ *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT; ++ *data = (uint8_t *) malloc(*data_length); ++ ++ printf("\tReading clear data from LoadNVM.\n"); ++ res = read(vtpm_rx_fh, *data, *data_length); ++ ++ printf("\tReturing from loading NVM\n"); ++ if (res != (int)*data_length) { ++ free(*data); ++ printf("Error in read_from_file:398\n"); ++ return -1; ++ } else { ++ return 0; ++ } + } + + static void switch_uid_gid(void) + { +- if (opt_gid != getgid()) { +- info("switching effective group ID to %d", opt_gid); +- if (setgid(opt_gid) == -1) { +- error("switching effective group ID to %d failed: %s", opt_gid, strerror(errno)); +- exit(EXIT_FAILURE); +- } +- } +- if (opt_uid != getuid()) { +- info("switching effective user ID to %d", opt_uid); +- if (setuid(opt_uid) == -1) { +- error("switching effective user ID to %d failed: %s", opt_uid, strerror(errno)); +- exit(EXIT_FAILURE); +- } +- } ++ if (opt_gid != getgid()) { ++ info("switching effective group ID to %d", opt_gid); ++ if (setgid(opt_gid) == -1) { ++ error("switching effective group ID to %d failed: %s", opt_gid, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ } ++ if (opt_uid != getuid()) { ++ info("switching effective user ID to %d", opt_uid); ++ if (setuid(opt_uid) == -1) { ++ error("switching effective user ID to %d failed: %s", opt_uid, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ } + } + + static void signal_handler(int sig) +@@ -214,174 +422,175 @@ + } + } + +-static void daemonize(void) +-{ +- pid_t sid, pid; +- info("daemonizing process"); +- pid = fork(); +- if (pid < 0) { +- error("fork() failed: %s", strerror(errno)); +- exit(EXIT_FAILURE); +- } +- if (pid > 0) exit(EXIT_SUCCESS); +- pid = getpid(); +- sid = setsid(); +- if (sid < 0) { +- error("setsid() failed: %s", strerror(errno)); +- exit(EXIT_FAILURE); +- } +- if (chdir("/") < 0) { +- error("chdir() failed: %s", strerror(errno)); +- exit(EXIT_FAILURE); +- } +- close(STDIN_FILENO); +- close(STDOUT_FILENO); +- close(STDERR_FILENO); +- is_daemon = 1; +- info("process was successfully daemonized: pid=%d sid=%d", pid, sid); +-} +- +-static int mkdirs(const char *path) +-{ +- char *copy = strdup(path); +- char *p = strchr(copy + 1, ''/''); +- while (p != NULL) { +- *p = ''\0''; +- if ((mkdir(copy, 0755) == -1) && (errno != EEXIST)) { +- free(copy); +- return errno; +- } +- *p = ''/''; +- p = strchr(p + 1, ''/''); +- } +- free(copy); +- return 0; +-} +- +-static int init_socket(const char *name) +-{ +- int sock; +- struct sockaddr_un addr; +- info("initializing socket %s", name); +- sock = socket(AF_UNIX, SOCK_STREAM, 0); +- if (sock < 0) { +- error("socket(AF_UNIX) failed: %s", strerror(errno)); +- return -1; +- } +- mkdirs(name); +- addr.sun_family = AF_UNIX; +- strncpy(addr.sun_path, name, sizeof(addr.sun_path)); +- umask(0177); +- if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) < 0) { +- error("bind(%s) failed: %s", addr.sun_path, strerror(errno)); +- close(sock); +- return -1; +- } +- listen(sock, 1); +- return sock; +-} +- + static void main_loop(void) + { +- int sock, fh, res; + int32_t in_len; + uint32_t out_len; +- uint8_t in[TPM_CMD_BUF_SIZE], *out; ++ uint8_t in[TPM_CMD_BUF_SIZE], *out, *addressed_out; ++ int guest_id=-1; ++ int i; ++ char *vtpm_rx_file=NULL; ++ int res; ++ ++ int sockfd = -1; + struct sockaddr_un addr; +- socklen_t addr_len; +- fd_set rfds; +- struct timeval tv; ++ struct sockaddr_un client_addr; ++ unsigned int client_length; ++ ++ int vtpm_tx_fh=-1, vtpm_rx_fh=-1; ++ ++ if (vtpm_type == VTPM_TYPE_PVM) { ++ vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D)); ++ sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id); ++ } else { ++ vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D)); ++ sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id); ++ ++ if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) { ++ error("Unable to create socket. errno = %d\n", errno); ++ exit (-1); ++ } ++ ++ memset(&addr, 0, sizeof(addr)); ++ addr.sun_family = AF_UNIX; ++ strcpy(addr.sun_path,vtpm_rx_file ); ++ unlink(addr.sun_path); ++ } + + info("staring main loop"); +- /* open UNIX socket */ +- sock = init_socket(opt_socket_name); +- if (sock < 0) exit(EXIT_FAILURE); + /* init tpm emulator */ +- debug("initializing TPM emulator"); +- if (tpm_emulator_init(tpm_startup, tpm_config) != 0) { +- error("tpm_emulator_init() failed"); +- close(sock); +- unlink(opt_socket_name); +- exit(EXIT_FAILURE); +- } ++ debug("initializing TPM emulator: state=%d, type=%d, id=%d", tpm_startup, vtpm_type, dmi_id); ++ /* Set config flags that must be on for vtpm operation */ ++ tpm_config |= TPM_CONF_STRONG_PERSISTENCE; ++ tpm_config &= ~TPM_CONF_USE_INTERNAL_PRNG; ++ tpm_config |= TPM_CONF_GENERATE_EK; ++ tpm_config |= TPM_CONF_GENERATE_SEED_DAA; ++ /*Start the emulator */ ++ tpm_emulator_init(tpm_startup, tpm_config); + /* start command processing */ + while (!stopflag) { + /* wait for incomming connections */ + debug("waiting for connections..."); +- FD_ZERO(&rfds); +- FD_SET(sock, &rfds); +- tv.tv_sec = 10; +- tv.tv_usec = 0; +- res = select(sock + 1, &rfds, NULL, NULL, &tv); +- if (res < 0) { +- error("select(sock) failed: %s", strerror(errno)); +- break; +- } else if (res == 0) { +- continue; ++ if (vtpm_rx_fh < 0) { ++ if (vtpm_type == VTPM_TYPE_PVM) ++ { ++ vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY); ++ } else { ++ if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { ++ error("Unable to bind(). errno = %d\n", errno); ++ exit (-1); ++ } ++ ++ if (listen(sockfd, 10) <0) { ++ error("Unable to listen(). errno = %d\n", errno); ++ exit (-1); ++ } ++ ++ memset(&client_addr, 0, sizeof(client_addr)); ++ client_length = sizeof(client_addr); ++ ++ vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr *)&client_addr, &client_length); ++ } + } +- addr_len = sizeof(addr); +- fh = accept(sock, (struct sockaddr*)&addr, &addr_len); +- if (fh < 0) { +- error("accept() failed: %s", strerror(errno)); +- continue; ++ ++ /*Error Checking*/ ++ if (vtpm_rx_fh < 0) { ++ error("Failed to open devices to listen to guest.\n"); ++ exit(-1); + } ++ + /* receive and handle commands */ + in_len = 0; + do { + debug("waiting for commands..."); +- FD_ZERO(&rfds); +- FD_SET(fh, &rfds); +- tv.tv_sec = TPM_COMMAND_TIMEOUT; +- tv.tv_usec = 0; +- res = select(fh + 1, &rfds, NULL, NULL, &tv); +- if (res < 0) { +- error("select(fh) failed: %s", strerror(errno)); +- close(fh); +- break; +- } else if (res == 0) { +-#ifdef TPMD_DISCONNECT_IDLE_CLIENTS +- info("connection closed due to inactivity"); +- close(fh); +- break; +-#else +- continue; +-#endif +- } +- in_len = read(fh, in, sizeof(in)); +- if (in_len > 0) { ++ ++ in_len = read(vtpm_rx_fh, in, sizeof(in)); ++ /*Magic size of minimum TPM command is 6*/ ++ if (in_len < 6) { ++ info("Recv incomplete command of %d bytes.", in_len); ++ if (in_len <= 0) { ++ close(vtpm_rx_fh); ++ vtpm_rx_fh = -1; ++ continue; ++ } ++ } else { ++ /*Debug Printouts*/ + debug("received %d bytes", in_len); ++ debug_nostop("Recv[%d]: 0x", in_len); ++ for (i=0; i< in_len; i++) ++ debug_more("%02x ", in[i]); ++ debug_more("\n"); ++ /*Multiple Guest check*/ ++ if (guest_id == -1) { ++ guest_id = *((int32_t *) in); ++ } else { ++ if (guest_id != *((int32_t *) in) ) { ++ error("WARNING: More than one guest attached\n"); ++ } ++ } ++ ++ /*Open tx handle now*/ ++ if (vtpm_tx_fh < 0) { ++ if (vtpm_type == VTPM_TYPE_PVM) { ++ vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY); ++ } // No need to open the other direction for HVM ++ } ++ if (vtpm_tx_fh < 0) { ++ error("Failed to open devices to respond to guest.\n"); ++ exit(-1); ++ } ++ ++ /*Handle the TPM command now*/ + out = NULL; +- res = tpm_handle_command(in, in_len, &out, &out_len); ++ res = tpm_handle_command(in + sizeof(uint32_t), in_len - sizeof(uint32_t), &out, &out_len); + if (res < 0) { + error("tpm_handle_command() failed"); + } else { + debug("sending %d bytes", out_len); +- uint32_t len = 0; +- while (len < out_len) { +- res = write(fh, &out[len], out_len - len); ++ //Prepend the dmi_id ++ addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + out_len); ++ *(uint32_t *) addressed_out = *(uint32_t *) in; ++ memcpy(addressed_out + sizeof(uint32_t), out, out_len); ++ out_len += sizeof(uint32_t); ++ /*End Prepend*/ ++ ++ /*Perform write operation now*/ ++ while (out_len > 0) { ++ res = write(vtpm_tx_fh, addressed_out, out_len); ++ + if (res < 0) { +- error("write(%d) failed: %s", +- out_len - len, strerror(errno)); ++ error("write(%d) failed: %s", out_len, strerror(errno)); + break; ++ } else { ++ debug_nostop("Sent[%Zu]: ", out_len); ++ for (i=0; (unsigned int)i< out_len; i++) ++ debug_more("%02x ", addressed_out[i]); ++ debug_more("\n"); + } +- len += res; ++ out_len -= res; + } + tpm_free(out); ++ tpm_free(addressed_out); + } + } + } while (in_len > 0); +- close(fh); + } ++ + /* shutdown tpm emulator */ + tpm_emulator_shutdown(); +- /* close socket */ +- close(sock); +- unlink(opt_socket_name); ++ /* Close handles */ ++ close(vtpm_tx_fh); ++ close(vtpm_rx_fh); ++ free(vtpm_rx_file); + info("main loop stopped"); + } + + int main(int argc, char **argv) + { ++ //Set load/store functions ++ tpm_write_to_storage = vtpm_write_to_file; ++ tpm_read_from_storage = vtpm_read_from_file; ++ + openlog(argv[0], 0, LOG_DAEMON); + setlogmask(~LOG_MASK(LOG_DEBUG)); + syslog(LOG_INFO, "--- separator ---\n"); +@@ -393,8 +602,6 @@ + switch_uid_gid(); + /* init signal handlers */ + init_signal_handler(); +- /* unless requested otherwiese, fork and daemonize process */ +- if (!opt_foreground) daemonize(); + /* start main processing loop */ + main_loop(); + info("stopping TPM Emulator daemon"); +diff -Naur tpm_emulator-0.7.4-orig/tpmd/unix/tpmd.c.orig tpm_emulator-0.7.4/tpmd/unix/tpmd.c.orig +--- tpm_emulator-0.7.4-orig/tpmd/unix/tpmd.c.orig 1969-12-31 19:00:00.000000000 -0500 ++++ tpm_emulator-0.7.4/tpmd/unix/tpmd.c.orig 2011-12-20 13:30:06.000000000 -0500 +@@ -0,0 +1,403 @@ ++/* Software-based Trusted Platform Module (TPM) Emulator ++ * Copyright (C) 2004-2010 Mario Strasser <mast@gmx.net> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published ++ * by the Free Software Foundation; either version 2 of the License, ++ * or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * $Id: tpmd.c 463 2011-06-08 14:25:04Z mast $ ++ */ ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <signal.h> ++#include <string.h> ++#include <errno.h> ++#include <syslog.h> ++#include <stdarg.h> ++#include <fcntl.h> ++#include <sys/stat.h> ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <pwd.h> ++#include <grp.h> ++#include "config.h" ++#include "tpm/tpm_emulator.h" ++ ++#define TPM_COMMAND_TIMEOUT 30 ++ ++static volatile int stopflag = 0; ++static int is_daemon = 0; ++static int opt_debug = 0; ++static int opt_foreground = 0; ++static const char *opt_socket_name = TPM_SOCKET_NAME; ++static uid_t opt_uid = 0; ++static gid_t opt_gid = 0; ++static int tpm_startup = 2; ++static uint32_t tpm_config = 0; ++extern const char *tpm_storage_file; ++ ++void my_log(int priority, const char *fmt, ...) ++{ ++ va_list ap, bp; ++ va_start(ap, fmt); ++ va_copy(bp, ap); ++ switch (priority) { ++ case TPM_LOG_DEBUG: ++ vsyslog(LOG_DEBUG, fmt, ap); ++ break; ++ case TPM_LOG_ERROR: ++ vsyslog(LOG_ERR, fmt, ap); ++ break; ++ case TPM_LOG_INFO: ++ default: ++ vsyslog(LOG_INFO, fmt, ap); ++ break; ++ } ++ va_end(ap); ++ if (!is_daemon && (priority != TPM_LOG_DEBUG || opt_debug)) { ++ vprintf(fmt, bp); ++ } ++ va_end(bp); ++} ++ ++static void print_usage(char *name) ++{ ++ printf("usage: %s [-d] [-f] [-s storage file] [-u unix socket name] " ++ "[-o user name] [-g group name] [-h] [startup mode]\n", name); ++ printf(" d : enable debug mode\n"); ++ printf(" f : forces the application to run in the foreground\n"); ++ printf(" s : storage file to use (default: %s)\n", tpm_storage_file); ++ printf(" u : unix socket name to use (default: %s)\n", opt_socket_name); ++ printf(" o : effective user the application should run as\n"); ++ printf(" g : effective group the application should run as\n"); ++ printf(" h : print this help message\n"); ++ printf(" startup mode : must be ''clear'', " ++ "''save'' (default) or ''deactivated\n"); ++} ++ ++static void parse_options(int argc, char **argv) ++{ ++ char c; ++ struct passwd *pwd; ++ struct group *grp; ++ opt_uid = getuid(); ++ opt_gid = getgid(); ++ info("parsing options"); ++ while ((c = getopt (argc, argv, "dfs:u:o:g:c:h")) != -1) { ++ debug("handling option ''-%c''", c); ++ switch (c) { ++ case ''d'': ++ opt_debug = 1; ++ setlogmask(setlogmask(0) | LOG_MASK(LOG_DEBUG)); ++ debug("debug mode enabled"); ++ break; ++ case ''f'': ++ debug("application is forced to run in foreground"); ++ opt_foreground = 1; ++ break; ++ case ''s'': ++ tpm_storage_file = optarg; ++ debug("using storage file ''%s''", tpm_storage_file); ++ break; ++ case ''u'': ++ opt_socket_name = optarg; ++ debug("using unix socket ''%s''", opt_socket_name); ++ break; ++ case ''o'': ++ pwd = getpwnam(optarg); ++ if (pwd == NULL) { ++ error("invalid user name ''%s''\n", optarg); ++ exit(EXIT_FAILURE); ++ } ++ opt_uid = pwd->pw_uid; ++ break; ++ case ''g'': ++ grp = getgrnam(optarg); ++ if (grp == NULL) { ++ error("invalid group name ''%s''\n", optarg); ++ exit(EXIT_FAILURE); ++ } ++ opt_gid = grp->gr_gid; ++ break; ++ case ''c'': ++ tpm_config = strtol(optarg, NULL, 0); ++ debug("tpm_config = %04x", tpm_config); ++ break; ++ case ''?'': ++ error("unknown option ''-%c''", optopt); ++ print_usage(argv[0]); ++ exit(EXIT_FAILURE); ++ case ''h'': ++ default: ++ print_usage(argv[0]); ++ exit(EXIT_SUCCESS); ++ } ++ } ++ if (optind < argc) { ++ debug("startup mode = ''%s''", argv[optind]); ++ if (!strcmp(argv[optind], "clear")) { ++ tpm_startup = 1; ++ } else if (!strcmp(argv[optind], "save")) { ++ tpm_startup = 2; ++ } else if (!strcmp(argv[optind], "deactivated")) { ++ tpm_startup = 3; ++ } else { ++ error("invalid startup mode ''%s''; must be ''clear'', " ++ "''save'' (default) or ''deactivated", argv[optind]); ++ print_usage(argv[0]); ++ exit(EXIT_SUCCESS); ++ } ++ } else { ++ /* if no startup mode is given assume save if a configuration ++ file is available, clear otherwise */ ++ int fh = open(tpm_storage_file, O_RDONLY); ++ if (fh < 0) { ++ tpm_startup = 1; ++ info("no startup mode was specified; asuming ''clear''"); ++ } else { ++ tpm_startup = 2; ++ close(fh); ++ } ++ } ++} ++ ++static void switch_uid_gid(void) ++{ ++ if (opt_gid != getgid()) { ++ info("switching effective group ID to %d", opt_gid); ++ if (setgid(opt_gid) == -1) { ++ error("switching effective group ID to %d failed: %s", opt_gid, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ } ++ if (opt_uid != getuid()) { ++ info("switching effective user ID to %d", opt_uid); ++ if (setuid(opt_uid) == -1) { ++ error("switching effective user ID to %d failed: %s", opt_uid, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ } ++} ++ ++static void signal_handler(int sig) ++{ ++ info("signal received: %d", sig); ++ if (sig == SIGTERM || sig == SIGQUIT || sig == SIGINT) stopflag = 1; ++} ++ ++static void init_signal_handler(void) ++{ ++ info("installing signal handlers"); ++ if (signal(SIGTERM, signal_handler) == SIG_ERR) { ++ error("signal(SIGTERM) failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (signal(SIGQUIT, signal_handler) == SIG_ERR) { ++ error("signal(SIGQUIT) failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (signal(SIGINT, signal_handler) == SIG_ERR) { ++ error("signal(SIGINT) failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (signal(SIGPIPE, signal_handler) == SIG_ERR) { ++ error("signal(SIGPIPE) failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++} ++ ++static void daemonize(void) ++{ ++ pid_t sid, pid; ++ info("daemonizing process"); ++ pid = fork(); ++ if (pid < 0) { ++ error("fork() failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (pid > 0) exit(EXIT_SUCCESS); ++ pid = getpid(); ++ sid = setsid(); ++ if (sid < 0) { ++ error("setsid() failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (chdir("/") < 0) { ++ error("chdir() failed: %s", strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ close(STDIN_FILENO); ++ close(STDOUT_FILENO); ++ close(STDERR_FILENO); ++ is_daemon = 1; ++ info("process was successfully daemonized: pid=%d sid=%d", pid, sid); ++} ++ ++static int mkdirs(const char *path) ++{ ++ char *copy = strdup(path); ++ char *p = strchr(copy + 1, ''/''); ++ while (p != NULL) { ++ *p = ''\0''; ++ if ((mkdir(copy, 0755) == -1) && (errno != EEXIST)) { ++ free(copy); ++ return errno; ++ } ++ *p = ''/''; ++ p = strchr(p + 1, ''/''); ++ } ++ free(copy); ++ return 0; ++} ++ ++static int init_socket(const char *name) ++{ ++ int sock; ++ struct sockaddr_un addr; ++ info("initializing socket %s", name); ++ sock = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (sock < 0) { ++ error("socket(AF_UNIX) failed: %s", strerror(errno)); ++ return -1; ++ } ++ mkdirs(name); ++ addr.sun_family = AF_UNIX; ++ strncpy(addr.sun_path, name, sizeof(addr.sun_path)); ++ umask(0177); ++ if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) < 0) { ++ error("bind(%s) failed: %s", addr.sun_path, strerror(errno)); ++ close(sock); ++ return -1; ++ } ++ listen(sock, 1); ++ return sock; ++} ++ ++static void main_loop(void) ++{ ++ int sock, fh, res; ++ int32_t in_len; ++ uint32_t out_len; ++ uint8_t in[TPM_CMD_BUF_SIZE], *out; ++ struct sockaddr_un addr; ++ socklen_t addr_len; ++ fd_set rfds; ++ struct timeval tv; ++ ++ info("staring main loop"); ++ /* open UNIX socket */ ++ sock = init_socket(opt_socket_name); ++ if (sock < 0) exit(EXIT_FAILURE); ++ /* init tpm emulator */ ++ debug("initializing TPM emulator"); ++ if (tpm_emulator_init(tpm_startup, tpm_config) != 0) { ++ error("tpm_emulator_init() failed"); ++ close(sock); ++ unlink(opt_socket_name); ++ exit(EXIT_FAILURE); ++ } ++ /* start command processing */ ++ while (!stopflag) { ++ /* wait for incomming connections */ ++ debug("waiting for connections..."); ++ FD_ZERO(&rfds); ++ FD_SET(sock, &rfds); ++ tv.tv_sec = 10; ++ tv.tv_usec = 0; ++ res = select(sock + 1, &rfds, NULL, NULL, &tv); ++ if (res < 0) { ++ error("select(sock) failed: %s", strerror(errno)); ++ break; ++ } else if (res == 0) { ++ continue; ++ } ++ addr_len = sizeof(addr); ++ fh = accept(sock, (struct sockaddr*)&addr, &addr_len); ++ if (fh < 0) { ++ error("accept() failed: %s", strerror(errno)); ++ continue; ++ } ++ /* receive and handle commands */ ++ in_len = 0; ++ do { ++ debug("waiting for commands..."); ++ FD_ZERO(&rfds); ++ FD_SET(fh, &rfds); ++ tv.tv_sec = TPM_COMMAND_TIMEOUT; ++ tv.tv_usec = 0; ++ res = select(fh + 1, &rfds, NULL, NULL, &tv); ++ if (res < 0) { ++ error("select(fh) failed: %s", strerror(errno)); ++ close(fh); ++ break; ++ } else if (res == 0) { ++#ifdef TPMD_DISCONNECT_IDLE_CLIENTS ++ info("connection closed due to inactivity"); ++ close(fh); ++ break; ++#else ++ continue; ++#endif ++ } ++ in_len = read(fh, in, sizeof(in)); ++ if (in_len > 0) { ++ debug("received %d bytes", in_len); ++ out = NULL; ++ res = tpm_handle_command(in, in_len, &out, &out_len); ++ if (res < 0) { ++ error("tpm_handle_command() failed"); ++ } else { ++ debug("sending %d bytes", out_len); ++ uint32_t len = 0; ++ while (len < out_len) { ++ res = write(fh, &out[len], out_len - len); ++ if (res < 0) { ++ error("write(%d) failed: %s", ++ out_len - len, strerror(errno)); ++ break; ++ } ++ len += res; ++ } ++ tpm_free(out); ++ } ++ } ++ } while (in_len > 0); ++ close(fh); ++ } ++ /* shutdown tpm emulator */ ++ tpm_emulator_shutdown(); ++ /* close socket */ ++ close(sock); ++ unlink(opt_socket_name); ++ info("main loop stopped"); ++} ++ ++int main(int argc, char **argv) ++{ ++ openlog(argv[0], 0, LOG_DAEMON); ++ setlogmask(~LOG_MASK(LOG_DEBUG)); ++ syslog(LOG_INFO, "--- separator ---\n"); ++ tpm_log = my_log; ++ info("starting TPM Emulator daemon (1.2.%d.%d-%d)", ++ VERSION_MAJOR, VERSION_MINOR, VERSION_BUILD); ++ parse_options(argc, argv); ++ /* switch uid/gid if required */ ++ switch_uid_gid(); ++ /* init signal handlers */ ++ init_signal_handler(); ++ /* unless requested otherwiese, fork and daemonize process */ ++ if (!opt_foreground) daemonize(); ++ /* start main processing loop */ ++ main_loop(); ++ info("stopping TPM Emulator daemon"); ++ closelog(); ++ return EXIT_SUCCESS; ++} diff --git a/tools/vtpm/vtpm.patch b/tools/vtpm/vtpm.patch --- a/tools/vtpm/vtpm.patch +++ /dev/null @@ -1,716 +0,0 @@ -diff -uprN tpm_emulator/AUTHORS vtpm/AUTHORS ---- tpm_emulator/AUTHORS 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/AUTHORS 2006-12-13 16:38:52.000000000 -0800 -@@ -1,3 +1,3 @@ - Mario Strasser <mast@gmx.net> - Heiko Stamer <stamer@gaos.org> [DAA] --INTEL Corp <> [Dropped to Ring3] -+INTEL Corp <> [VTPM Extensions] -diff -uprN tpm_emulator/ChangeLog vtpm/ChangeLog ---- tpm_emulator/ChangeLog 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/ChangeLog 2006-12-13 16:38:52.000000000 -0800 -@@ -1,5 +1,6 @@ - ????-??-?? Intel Corp - * Moved module out of kernel to run as a ring 3 app -+ * Modified save_to_file and load_from_file to call xen VTPM manager - - 2006-06-23 Mario Strasser <mast@gmx.net> - * tpm_startup.c: behaviour of ST_CLEAR and storage of -diff -uprN tpm_emulator/linux_module.h vtpm/linux_module.h ---- tpm_emulator/linux_module.h 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/linux_module.h 2007-01-09 14:49:06.000000000 -0800 -@@ -44,18 +44,26 @@ - #define TPM_DEVICE_NAME "tpm" - #define TPM_MODULE_NAME "tpm_emulator" - -+/* debug and log output functions */ -+extern int dmi_id; -+ - #ifdef DEBUG --#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug(fmt, ...) printf("TPMD[%d]: %s:%d: Debug: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_nostop(fmt, ...) printf("TPMD[%d]: %s:%d: Debug: " fmt, \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define debug_more(fmt, ...) printf( fmt, ## __VA_ARGS__ ) - #else - #define debug(fmt, ...) -+#define debug_nostop(fmt, ...) -+#define debug_more(fmt, ...) - #endif --#define info(fmt, ...) printf("TPMD: %s:%d: Info: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) --#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \ -- __FILE__, __LINE__, ## __VA_ARGS__) -+#define info(fmt, ...) printf("TPMD[%d]: %s:%d: Info: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define error(fmt, ...) printf("TPMD[%d]: %s:%d: Error: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) -+#define alert(fmt, ...) printf("TPMD[%d]: %s:%d: Alert: " fmt "\n", \ -+ dmi_id, __FILE__, __LINE__, ## __VA_ARGS__) - - /* memory allocation */ - -diff -uprN tpm_emulator/Makefile vtpm/Makefile ---- tpm_emulator/Makefile 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/Makefile 2006-12-13 16:38:52.000000000 -0800 -@@ -7,7 +7,7 @@ - COMPILE_ARCH ?= $(shell uname -m | sed -e s/i.86/x86_32/) - - # module settings --BIN := tpm_emulator -+BIN := vtpmd - VERSION_MAJOR := 0 - VERSION_MINOR := 4 - VERSION_BUILD := $(shell date +"%s") -@@ -22,7 +22,7 @@ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin - - CC := gcc - CFLAGS += -g -Wall $(INCLUDE) -DDEBUG --CFLAGS += -I. -Itpm -+CFLAGS += -I. -Itpm -I../../vtpm_manager/manager - - # Is the simulator running in it''s own vm? - #CFLAGS += -DVTPM_MULTI_VM -@@ -62,7 +62,6 @@ $(BIN): $(src)/crypto/gmp.h $(src)/crypt - - install: $(BIN) - $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR) -- @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi - - clean: - rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS) -@@ -98,3 +97,4 @@ version: - @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h - - .PHONY: all install clean dist gmp version -+ -diff -uprN tpm_emulator/tpm/tpm_capability.c vtpm/tpm/tpm_capability.c ---- tpm_emulator/tpm/tpm_capability.c 2006-06-23 03:37:07.000000000 -0700 -+++ vtpm/tpm/tpm_capability.c 2007-01-10 10:00:49.000000000 -0800 -@@ -136,8 +136,18 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_TIS_TIMEOUT: - debug("[TPM_CAP_PROP_TIS_TIMEOUT]"); -- /* TODO: TPM_CAP_PROP_TIS_TIMEOUT */ -- return TPM_FAIL; -+ /* TODO: TPM_CAP_PROP_TIS_TIMEOUT: Measure these values and determine correct ones */ -+ UINT32 len = *respSize = 16; -+ BYTE *ptr = *resp = tpm_malloc(*respSize); -+ if (ptr == NULL || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000) || -+ tpm_marshal_UINT32(&ptr, &len, 200000)) { -+ tpm_free(*resp); -+ return TPM_FAIL; -+ } -+ return TPM_SUCCESS; - - case TPM_CAP_PROP_STARTUP_EFFECT: - debug("[TPM_CAP_PROP_STARTUP_EFFECT]"); -@@ -190,7 +200,11 @@ static TPM_RESULT cap_property(UINT32 su - - case TPM_CAP_PROP_DURATION: - debug("[TPM_CAP_PROP_DURATION]"); -- /* TODO: TPM_CAP_PROP_DURATION */ -+ /* TODO: TPM_CAP_PROP_DURATION: Measure these values and return accurate ones */ -+ BYTE dur[]{0x0,0x0,0x0,0xc,0x0,0x7,0xa1,0x20,0x0,0x1e,0x84,0x80,0x11,0xe1,0xa3,0x0}; -+ *respSize = 16; -+ *resp = tpm_malloc(*respSize); -+ memcpy(*resp,dur,16); - return TPM_FAIL; - - case TPM_CAP_PROP_ACTIVE_COUNTER: -diff -uprN tpm_emulator/tpm/tpm_cmd_handler.c vtpm/tpm/tpm_cmd_handler.c ---- tpm_emulator/tpm/tpm_cmd_handler.c 2008-02-27 16:35:41.000000000 -0500 -+++ vtpm/tpm/tpm_cmd_handler.c 2008-02-28 14:43:28.000000000 -0500 -@@ -94,12 +94,18 @@ void tpm_compute_out_param_digest(TPM_CO - sha1_ctx_t sha1; - UINT32 res = CPU_TO_BE32(rsp->result); - UINT32 ord = CPU_TO_BE32(ordinal); -+ UINT32 offset = 0; - - /* compute SHA1 hash */ - sha1_init(&sha1); - sha1_update(&sha1, (BYTE*)&res, 4); - sha1_update(&sha1, (BYTE*)&ord, 4); -- sha1_update(&sha1, rsp->param, rsp->paramSize); -+ if (ordinal == TPM_ORD_LoadKey2) { -+ offset = 4; -+ } -+ if (rsp->paramSize - offset > 0) { -+ sha1_update(&sha1, rsp->param + offset, rsp->paramSize - offset); -+ } - sha1_final(&sha1, rsp->auth1->digest); - if (rsp->auth2 != NULL) memcpy(rsp->auth2->digest, - rsp->auth1->digest, sizeof(rsp->auth1->digest)); -diff -uprN tpm_emulator/tpm/tpm_data.c vtpm/tpm/tpm_data.c ---- tpm_emulator/tpm/tpm_data.c 2008-02-27 16:35:41.000000000 -0500 -+++ vtpm/tpm/tpm_data.c 2008-02-27 16:35:40.000000000 -0500 -@@ -1,6 +1,7 @@ - /* Software-Based Trusted Platform Module (TPM) Emulator for Linux - * Copyright (C) 2004 Mario Strasser <mast@gmx.net>, - * Swiss Federal Institute of Technology (ETH) Zurich -+ * Copyright (C) 2005 INTEL Corp - * - * This module is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published -@@ -15,10 +16,15 @@ - * $Id: tpm_data.c 98 2006-05-07 14:16:29Z hstamer $ - */ - -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <unistd.h> -+ - #include "tpm_emulator.h" - #include "tpm_structures.h" - #include "tpm_marshalling.h" --#include "linux_module.h" -+#include "vtpm_manager.h" - - TPM_DATA tpmData; - -@@ -158,45 +164,232 @@ void tpm_release_data(void) - #include <sys/types.h> - #include <sys/stat.h> - #include <fcntl.h> --#include <unistd.h> - --#define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." STR(VERSION_MINOR) -+ static int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+ -+#ifdef VTPM_MUTLI_VM -+ #define DEV_FE "/dev/tpm" -+#else -+ #define VTPM_RX_FIFO_D "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo" -+ #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm_cmd_from_all.fifo" -+ -+ extern int dmi_id; -+ static char *vtpm_rx_name=NULL; -+#endif - - static int write_to_file(uint8_t *data, size_t data_length) - { -- int res; -- int fp; -- fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); -- res = write(fp, data, data_length); -- close(fp); -- return (res == data_length) ? 0 : -1; -+ int res, out_data_size, in_header_size; -+ BYTE *ptr, *out_data, *in_header; -+ UINT32 result, len, in_rsp_size; -+ UINT16 tag = VTPM_TAG_REQ; -+ -+ printf("Saving NVM\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT + data_length; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length; -+#endif -+ -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM) -+ || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) { -+ free(out_data); -+ return -1; -+ } -+ -+ printf("\tSending SaveNVM Command.\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) return -1; -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); -+ } -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading SaveNVM header.\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ return -1; -+ } -+ -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_tx_fh); close(vtpm_rx_fh); -+#endif -+ -+ printf("\tFinishing up SaveNVM\n"); -+ return (0); - } - - static int read_from_file(uint8_t **data, size_t *data_length) - { -- int res; -- int fp, file_status; -- struct stat file_info; -- fp = open(TPM_STORAGE_FILE, O_RDONLY, 0); -- file_status = fstat(fp, &file_info); -- if (file_status < 0) { -- close(fp); -- return -1; -- } -+ int res, out_data_size, in_header_size; -+ uint8_t *ptr, *out_data, *in_header; -+ UINT16 tag = VTPM_TAG_REQ; -+ UINT32 len, in_rsp_size, result; -+#ifdef VTPM_MUTLI_VM -+ int vtpm_rx_fh, vtpm_tx_fh; -+#endif -+ -+ printf("Loading NVM.\n"); -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_FE, O_RDWR); -+#else -+ vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); -+#endif -+ } - -- *data_length = file_info.st_size; -- *data = tpm_malloc(*data_length); -- if (*data == NULL) { -- close(fp); -+ if (vtpm_tx_fh < 0) { -+ return -1; -+ } -+ -+ // Send request to VTPM Manager to encrypt data -+#ifdef VTPM_MUTLI_VM -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ out_data = ptr = (BYTE *) malloc(len); -+ -+ if (ptr == NULL -+#ifndef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, dmi_id) -+#endif -+ || tpm_marshal_UINT16(&ptr, &len, tag) -+#ifdef VTPM_MUTLI_VM -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size) -+#else -+ || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) -+#endif -+ || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) { -+ free(out_data); - return -1; - } -- res = read(fp, *data, *data_length); -- close(fp); -+ -+ printf("\tSending LoadNVM command\n"); -+ res = write(vtpm_tx_fh, out_data, out_data_size); -+ free(out_data); -+ if (res != out_data_size) return -1; -+ -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (vtpm_rx_name == NULL) { -+ vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); -+ sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); -+ } -+ vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); -+#endif -+ } -+ -+ if (vtpm_rx_fh < 0) { -+ return -1; -+ } -+ -+ // Read Header of response so we can get the size & status -+#ifdef VTPM_MUTLI_VM -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT; -+#else -+ in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; -+#endif -+ in_header = ptr = malloc(in_header_size); -+ -+ printf("\tReading LoadNVM header\n"); -+ res = read(vtpm_rx_fh, in_header, in_header_size); -+ -+ if ( (res != in_header_size) -+#ifndef VTPM_MUTLI_VM -+ || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) -+#endif -+ || tpm_unmarshal_UINT16(&ptr, &len, &tag) -+ || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) -+ || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { -+ free(in_header); -+ return -1; -+ } -+ free(in_header); -+ -+ if (result != VTPM_SUCCESS) { -+ return -1; -+ } -+ -+ // Read Encrypted data from VTPM Manager -+ *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT; -+ *data = (uint8_t *) malloc(*data_length); -+ -+ printf("\tReading clear data from LoadNVM.\n"); -+ res = read(vtpm_rx_fh, *data, *data_length); -+#ifdef VTPM_MUTLI_VM -+ close(vtpm_rx_fh);close(vtpm_tx_fh); -+#endif -+ -+ printf("\tReturing from loading NVM\n"); - if (res != *data_length) { -- tpm_free(*data); -- return -1; -+ free(*data); -+ return -1; -+ } else { -+ return 0; - } -- return 0; -+ - } - - #else -diff -uprN tpm_emulator/tpmd.c vtpm/tpmd.c ---- tpm_emulator/tpmd.c 2006-12-08 12:51:29.000000000 -0800 -+++ vtpm/tpmd.c 2007-01-09 14:48:56.000000000 -0800 -@@ -21,12 +21,24 @@ - #include <sys/stat.h> - #include <fcntl.h> - #include <sys/time.h> -+#include <sys/socket.h> -+#include <sys/un.h> -+#include <errno.h> - - #include "tpm_emulator.h" -+#include "vtpm_manager.h" - --#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo" --#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo" -+#ifdef VTPM_MULTI_VM -+ #define DEV_BE "/dev/vtpm" -+#else -+ #define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo" -+ #define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo" - -+ #define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket" -+#endif -+ -+ int dmi_id; -+ - #define BUFFER_SIZE 2048 - - static int devurandom=0; -@@ -38,7 +50,7 @@ void get_random_bytes(void *buf, int nby - } - - if (read(devurandom, buf, nbytes) != nbytes) { -- printf("Can''t get random number.\n"); -+ error("Can''t get random number.\n"); - exit(-1); - } - } -@@ -52,105 +64,182 @@ uint64_t tpm_get_ticks(void) - - int main(int argc, char **argv) - { -- uint8_t in[BUFFER_SIZE], *out; -+ uint8_t type, in[BUFFER_SIZE], *out, *addressed_out; -+ char *vtpm_rx_file=NULL; - uint32_t out_size; - int in_size, written; -- int i; -- struct stat file_info; -+ int i, guest_id=-1; - -- int tpm_tx_fh=-1, tpm_rx_fh=-1; -+#ifndef VTPM_MULTI_VM -+ int sockfd = -1; -+ struct sockaddr_un addr; -+ struct sockaddr_un client_addr; -+ unsigned int client_length; -+ -+#endif -+ -+ int vtpm_tx_fh=-1, vtpm_rx_fh=-1; -+#ifdef VTPM_MULTI_VM - if (argc < 2) { -- printf("Usage: tpmd clear|save|deactivated\n" ); -+ error("Usage: tpmd clear|save|deactivated\n" ); -+#else -+ if (argc < 4) { -+ error("Usage: tpmd clear|save|deactivated pvm|hvm vtpmid\n" ); -+#endif - return -1; - } - -+#ifndef VTPM_MULTI_VM -+ /* setup type of vm */ -+ if (!strcmp(argv[2], "pvm")) { -+ type = VTPM_TYPE_PVM; // Get commands from vTPM Manager through fifo -+ } else if (!strcmp(argv[2], "hvm")) { -+ type = VTPM_TYPE_HVM; // Get commands from qemu via socket -+ } else { -+ error("invalid vTPM type ''%s''.\n", argv[2]); -+ } -+ -+ dmi_id = atoi(argv[3]); -+ -+ if (type == VTPM_TYPE_PVM) { -+ vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id); -+ } else { -+ vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D)); -+ sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id); -+ -+ if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) { -+ error("Unable to create socket. errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&addr, 0, sizeof(addr)); -+ addr.sun_family = AF_UNIX; -+ strcpy(addr.sun_path,vtpm_rx_file ); -+ unlink(addr.sun_path); -+ } -+#endif -+ -+#ifdef VTPM_MULTI_VM -+ info("Initializing tpm state: %s\n", argv[1]); -+#else -+ info("Initializing tpm state: %s, type: %s, id: %d\n", argv[1], argv[2], dmi_id); -+#endif -+ - /* initialize TPM emulator */ - if (!strcmp(argv[1], "clear")) { -- printf("Initializing tpm: %s\n", argv[1]); - tpm_emulator_init(1); -- } else if (!strcmp(argv[1], "save")) { -- printf("Initializing tpm: %s\n", argv[1]); -+ } else if (!strcmp(argv[1], "save")) { - tpm_emulator_init(2); - } else if (!strcmp(argv[1], "deactivated")) { -- printf("Initializing tpm: %s\n", argv[1]); - tpm_emulator_init(3); - } else { -- printf("invalid startup mode ''%s''; must be ''clear'', " -+ error("invalid startup mode ''%s''; must be ''clear'', " - "''save'' (default) or ''deactivated", argv[1]); - return -1; - } -- -- if ( stat(TPM_RX_FNAME, &file_info) == -1) { -- if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) { -- printf("Failed to create fifo %s.\n", TPM_RX_FNAME); -- return -1; -- } -- } -- -- if ( stat(TPM_TX_FNAME, &file_info) == -1) { -- if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) { -- printf("Failed to create fifo %s.\n", TPM_TX_FNAME); -- return -1; -- } -- } -- -+ - while (1) { - abort_command: -- if (tpm_rx_fh < 0) { -- tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY); -+ if (vtpm_rx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_rx_fh = open(DEV_BE, O_RDWR); -+#else -+ if (type == VTPM_TYPE_PVM) { -+ vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY); -+ } else { -+ if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { -+ error("Unable to bind(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ if (listen(sockfd, 10) <0) { -+ error("Unable to listen(). errno = %d\n", errno); -+ exit (-1); -+ } -+ -+ memset(&client_addr, 0, sizeof(client_addr)); -+ client_length = sizeof(client_addr); -+ -+ vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr *)&client_addr, &client_length); -+ } -+#endif - } - -- if (tpm_rx_fh < 0) { -- printf("ERROR: failed to open devices to listen to guest.\n"); -+ if (vtpm_rx_fh < 0) { -+ error("Failed to open devices to listen to guest.\n"); - return -1; - } - -- if (tpm_tx_fh < 0) { -- tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY); -- } -- -- if (tpm_tx_fh < 0) { -- printf("ERROR: failed to open devices to respond to guest.\n"); -- return -1; -- } -- -- in_size = read(tpm_rx_fh, in, BUFFER_SIZE); -+ in_size = read(vtpm_rx_fh, in, BUFFER_SIZE); - if (in_size < 6) { // Magic size of minium TPM command -- printf("Recv[%d] to small: 0x", in_size); -+ info("Recv incomplete command of %d bytes.", in_size); - if (in_size <= 0) { -- close(tpm_rx_fh); -- tpm_rx_fh = -1; -+ close(vtpm_rx_fh); -+ vtpm_rx_fh = -1; - goto abort_command; - } - } else { -- printf("Recv[%d]: 0x", in_size); -+ debug_nostop("Recv[%d]: 0x", in_size); - for (i=0; i< in_size; i++) -- printf("%x ", in[i]); -- printf("\n"); -+ debug_more("%x ", in[i]); -+ debug_more("\n"); - } - -- -- if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { -- printf("ERROR: Handler Failed.\n"); -+ if (guest_id == -1) { -+ guest_id = *((uint32_t *) in); -+ } else { -+ if (guest_id != *((uint32_t *) in) ) { -+ error("WARNING: More than one guest attached\n"); -+ } -+ } -+ -+ if (vtpm_tx_fh < 0) { -+#ifdef VTPM_MUTLI_VM -+ vtpm_tx_fh = open(DEV_BE, O_RDWR); -+ vtpm_rx_fh = vtpm_tx_fh; -+#else -+ if (type == VTPM_TYPE_PVM) { -+ vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY); -+ } // No need to open the other direction for HVM -+#endif -+ } -+ -+ if (vtpm_tx_fh < 0) { -+ error("Failed to open devices to respond to guest.\n"); -+ return -1; -+ } -+ -+ // Handle the command, but skip the domain id header -+ if (tpm_handle_command(in + sizeof(uint32_t), in_size - sizeof(uint32_t), &out, &out_size) != 0) { -+ error("Handler Failed.\n"); - } - -- written = write(tpm_tx_fh, out, out_size); -+ addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + out_size); -+ *(uint32_t *) addressed_out = *(uint32_t *) in; -+ memcpy(addressed_out + sizeof(uint32_t), out, out_size); -+ -+ written = write(vtpm_tx_fh, addressed_out, out_size + sizeof(uint32_t)); - -- if (written != out_size ) { -- printf("ERROR: Part of response not written %d/%d.\nAttempt: ", written, out_size); -+ if (written != out_size + sizeof(uint32_t)) { -+ error("Part of response not written %d/%d.\n", written, out_size); - } else { -- printf("Sent[%Zu]: ", out_size); -+ debug_nostop("Sent[%Zu]: ", out_size + sizeof(uint32_t)); -+ for (i=0; i< out_size+ sizeof(uint32_t); i++) -+ debug_more("%x ", addressed_out[i]); -+ debug_more("\n"); - } -- for (i=0; i< out_size; i++) -- printf("%x ", out[i]); -- printf("\n"); - tpm_free(out); -+ tpm_free(addressed_out); - - } // loop - - tpm_emulator_shutdown(); - -- close(tpm_tx_fh); -- close(tpm_rx_fh); -+ close(vtpm_tx_fh); -+#ifndef VTPM_MUTLI_VM -+ close(vtpm_rx_fh); -+ free (vtpm_rx_file); -+#endif - - } -- 1.7.4.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On Mon, 2012-09-17 at 18:52 +0100, Matthew Fioravante wrote:> What will follow soon are updates to vtpmd, vtpm_manager, xm, xl, > mini-os, and new vtpm and vtpm manager stub domains.No need to update xm any more, it is deprecated in 4.2. Who or what is/are Berlios? Are they (actively) maintaining the vTPM? Perhaps we should consider making this stuff an external dependency rather than importing it into our code base? This could be done either as a simple dependency (i.e. require vtpm to be installed before building) or as a repo cloned during build (like how we handle qemu and seabios etc).> The first patch I''d like to submit upgrades vtpmd to version 0.7.4 > > This patch does the following: > -add checks to configure to check for cmake (required by berlios 0.7.4)Is the model with cmake that it is required on all the end systems building the project (like make), or is it only needed on the project maintainer''s system (like autoconf/make)?> -removes all of the 0.5.1 patches > -adds a single patch for 0.7.4 > -cleans up the makefile, should work for parallel make (avoiding > version.h discussion from august 2012) > -builds vtpmd to use berlios 0.7.4 > -Remoed the tpm_emualtor build option. berlios itself provides a kernel > module if you want to use it in dom0 to emulate the physical tpm.Is there going to be an associated documentation update/refresh?> > Signed of by: Matthew Fioravante matthew.fioravante@jhuapl.eduIan.
Matthew Fioravante
2012-Sep-18 17:33 UTC
Re: [PATCH] Upgrade vtpmd to berlios version 0.7.4
On 09/18/2012 03:38 AM, Ian Campbell wrote:> On Mon, 2012-09-17 at 18:52 +0100, Matthew Fioravante wrote: >> What will follow soon are updates to vtpmd, vtpm_manager, xm, xl, >> mini-os, and new vtpm and vtpm manager stub domains. > No need to update xm any more, it is deprecated in 4.2.I have just one small patch for xm coming. You can decide if you want to accept or not. Its a small addition.> > Who or what is/are Berlios? Are they (actively) maintaining the vTPM?The berlios tpm emulator is what vtpm is based off of. http://tpm-emulator.berlios.de/ Essentially vtpmd and vtpm-stubdom (coming in a patch) are just small patches for the tpm emulator to allow it to run in the vtpm framework. The older version of the emulator required more invasive patching. The newer one lets you set some function pointers to override functionality such as saving and loading to disk, making it much easier and simpler to modify it to become a vtpm.> > Perhaps we should consider making this stuff an external dependency > rather than importing it into our code base? This could be done either > as a simple dependency (i.e. require vtpm to be installed before > building) or as a repo cloned during build (like how we handle qemu and > seabios etc). >This might be workable. The vtpm system has 2 mini-so stubdoms and 3 mini-os tpm drivers. Does mini-os/stubdom have a nice way of building stuff out of tree? It doesn''t appear so at the moment. The whole stubdom setup is basically one large monolithic makefile. vtpm domains also require building openssl, polarssl, and libgmp in the stubdom cross root. Should the tpm drivers should be included in mini-os for potential use by other projects or also kept in their own separate tree? They are GPL drivers so maybe out of tree makes more sense. vtpmd and vtpm_managerdom (deprecated, the old way of running vtpms as processes in dom0, instead of separate domains) could easily be moved out of tree. They are just binaries installed on the system. vtpm support for xm/xl probably has to stay in xen. Unless someone plans on making a plugin architecture for xl. There are also the hotplug scripts, but those go away with xl.>> The first patch I''d like to submit upgrades vtpmd to version 0.7.4 >> >> This patch does the following: >> -add checks to configure to check for cmake (required by berlios 0.7.4) > Is the model with cmake that it is required on all the end systems > building the project (like make), or is it only needed on the project > maintainer''s system (like autoconf/make)?Its the equivalent of running a configure script, so its needed on end systems. Also you have to download and patch the tpm emulator before running cmake, so if we did want to avoid its usage on end systems we would have to ship the entire source code of the patched emulator.> >> -removes all of the 0.5.1 patches >> -adds a single patch for 0.7.4 >> -cleans up the makefile, should work for parallel make (avoiding >> version.h discussion from august 2012) >> -builds vtpmd to use berlios 0.7.4 >> -Remoed the tpm_emualtor build option. berlios itself provides a kernel >> module if you want to use it in dom0 to emulate the physical tpm. > Is there going to be an associated documentation update/refresh?Right now I don''t have a formal doc but I want to write one. I''m looking into getting some time to do this.> >> Signed of by: Matthew Fioravante matthew.fioravante@jhuapl.edu > Ian. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
I just realised while looking at your reposting of this that I never replied here, sorry. On Tue, 2012-09-18 at 18:33 +0100, Matthew Fioravante wrote:> > Perhaps we should consider making this stuff an external dependency > > rather than importing it into our code base? This could be done either > > as a simple dependency (i.e. require vtpm to be installed before > > building) or as a repo cloned during build (like how we handle qemu and > > seabios etc). > > > This might be workable. The vtpm system has 2 mini-so stubdoms and 3 > mini-os tpm drivers. Does mini-os/stubdom have a nice way of building > stuff out of tree? It doesn''t appear so at the moment.No I don''t think it does :-(> The whole stubdom setup is basically one large monolithic makefile. > vtpm domains also require building openssl, polarssl, and libgmp in > the stubdom cross root. > > Should the tpm drivers should be included in mini-os for potential use > by other projects or also kept in their own separate tree? They are > GPL drivers so maybe out of tree makes more sense. > > vtpmd and vtpm_managerdom (deprecated, the old way of running vtpms as > processes in dom0, instead of separate domains) could easily be moved > out of tree. They are just binaries installed on the system.Right, this was the main bit I was thinking of. I think what I didn''t appreciate is that the stub domains also build this vtm stuff as well as the drivers, is that right? If we need the source for stubdoms we might as well have it for vtpmd Architectural question: Am I right that vtpmd is a host wide daemon for mediating access to the real TPM while vtpm_managerdom (or one of the stubdom types?) are responsible for the tpm emulation for a single domain -- they communicate with vtpmd to get stuff done? Is there also a stubdom which can take on the vtpmd role? Removing vtpm_managerdom sounds like a win to me, assuming it is acceptable to require the use of stubdoms for vtpm functionality. Is it?> vtpm support for xm/xl probably has to stay in xen. Unless someone > plans on making a plugin architecture for xl. There are also the > hotplug scripts, but those go away with xl. > > > > The first patch I''d like to submit upgrades vtpmd to version 0.7.4 > > > > > > This patch does the following: > > > -add checks to configure to check for cmake (required by berlios 0.7.4) > > Is the model with cmake that it is required on all the end systems > > building the project (like make), or is it only needed on the project > > maintainer''s system (like autoconf/make)? > Its the equivalent of running a configure script, so its needed on end > systems.That''s a shame, but unavoidable I suppose..> Also you have to download and patch the tpm emulator before running > cmake, so if we did want to avoid its usage on end systems we would > have to ship the entire source code of the patched emulator. > > > > > -removes all of the 0.5.1 patches > > > -adds a single patch for 0.7.4 > > > -cleans up the makefile, should work for parallel make (avoiding > > > version.h discussion from august 2012) > > > -builds vtpmd to use berlios 0.7.4 > > > -Remoed the tpm_emualtor build option. berlios itself provides a kernel > > > module if you want to use it in dom0 to emulate the physical tpm. > > Is there going to be an associated documentation update/refresh? > Right now I don''t have a formal doc but I want to write one. I''m > looking into getting some time to do this.Thanks. Ian.
Matthew Fioravante
2012-Sep-25 15:50 UTC
Re: [PATCH] Upgrade vtpmd to berlios version 0.7.4
On 09/25/2012 05:53 AM, Ian Campbell wrote:> I just realised while looking at your reposting of this that I never > replied here, sorry. > > On Tue, 2012-09-18 at 18:33 +0100, Matthew Fioravante wrote: > > >>> Perhaps we should consider making this stuff an external dependency >>> rather than importing it into our code base? This could be done either >>> as a simple dependency (i.e. require vtpm to be installed before >>> building) or as a repo cloned during build (like how we handle qemu and >>> seabios etc). >>> >> This might be workable. The vtpm system has 2 mini-so stubdoms and 3 >> mini-os tpm drivers. Does mini-os/stubdom have a nice way of building >> stuff out of tree? It doesn''t appear so at the moment. > No I don''t think it does :-( > >> The whole stubdom setup is basically one large monolithic makefile. >> vtpm domains also require building openssl, polarssl, and libgmp in >> the stubdom cross root. >> >> Should the tpm drivers should be included in mini-os for potential use >> by other projects or also kept in their own separate tree? They are >> GPL drivers so maybe out of tree makes more sense. >> >> vtpmd and vtpm_managerdom (deprecated, the old way of running vtpms as >> processes in dom0, instead of separate domains) could easily be moved >> out of tree. They are just binaries installed on the system. > Right, this was the main bit I was thinking of. > > I think what I didn''t appreciate is that the stub domains also build > this vtm stuff as well as the drivers, is that right? If we need the > source for stubdoms we might as well have it for vtpmd > > Architectural question: Am I right that vtpmd is a host wide daemon for > mediating access to the real TPM while vtpm_managerdom (or one of the > stubdom types?) are responsible for the tpm emulation for a single > domain -- they communicate with vtpmd to get stuff done? > > Is there also a stubdom which can take on the vtpmd role? > > Removing vtpm_managerdom sounds like a win to me, assuming it is > acceptable to require the use of stubdoms for vtpm functionality. Is it?the vtpm manager takes control of the tpm and protects the secrets of vtpms. Each vtpm emulates a tpm for a virtual machine. There are basically 3 models that have developed over time: Process model (deprecated?): This is the old model that was originally with xen which I also provide bug fixes for. vtpm_manager is the manager that controls the tpm. There is one vtpmd process launched for each virtual tpm. Both vtpmd and vtpm_manager are processes in dom0. Hybrid model (deprecated?): This was the beginning of our internal development. Now vtpm_manager runs in dom0, but there is one vtpm-stubdom instance for each vtpm. It worked via enabling a #define in the vtpm_manager makefile. This was developed as an incremental stepping stone to the full domain model. Domain model: vtpmmgrdom is now a mini-os domain. It uses pieces of the vtpm_manager code. vtpm-stubdom is the same as before except now it talks to the manager dom. The vtpmmgrdom also has a hardware tpm driver and with iomem passthrough, so that dom0 is completely removed from the vtpm chain. Internally we only use the domain model because of the higher security guarantees it provides. It would be much nicer from a maintenance perspective also to get rid of the process and hybrid models. I don''t think my latest patches to xl even work with the process model anymore. I don''t know if there is anyone who would want to still use vtpms as processes when the stub domains are now available. Security research people like the domain model because it guarantees a better separation of components guaranteed by the hypervisor and doesn''t have to trust the dom0 OS. If we got rid of the process and hybrid model, then the tools/vtpm_manager code that is still used could be moved into the vtpmmgrdom stubdom codebase. tools/vtpm could be completely removed along with the --enable-vtpm stuff in the configure script and the cmake dependency.> >> vtpm support for xm/xl probably has to stay in xen. Unless someone >> plans on making a plugin architecture for xl. There are also the >> hotplug scripts, but those go away with xl. >> >>>> The first patch I''d like to submit upgrades vtpmd to version 0.7.4 >>>> >>>> This patch does the following: >>>> -add checks to configure to check for cmake (required by berlios 0.7.4) >>> Is the model with cmake that it is required on all the end systems >>> building the project (like make), or is it only needed on the project >>> maintainer''s system (like autoconf/make)? >> Its the equivalent of running a configure script, so its needed on end >> systems. > That''s a shame, but unavoidable I suppose.. > >> Also you have to download and patch the tpm emulator before running >> cmake, so if we did want to avoid its usage on end systems we would >> have to ship the entire source code of the patched emulator. >>>> -removes all of the 0.5.1 patches >>>> -adds a single patch for 0.7.4 >>>> -cleans up the makefile, should work for parallel make (avoiding >>>> version.h discussion from august 2012) >>>> -builds vtpmd to use berlios 0.7.4 >>>> -Remoed the tpm_emualtor build option. berlios itself provides a kernel >>>> module if you want to use it in dom0 to emulate the physical tpm. >>> Is there going to be an associated documentation update/refresh? >> Right now I don''t have a formal doc but I want to write one. I''m >> looking into getting some time to do this. > Thanks. > > Ian. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On Tue, Sep 25, 2012 at 4:50 PM, Matthew Fioravante <matthew.fioravante@jhuapl.edu> wrote:> I don''t know if there is anyone who would want to still use vtpms as > processes when the stub domains are now available. Security research > people like the domain model because it guarantees a better separation > of components guaranteed by the hypervisor and doesn''t have to trust the > dom0 OS. > > If we got rid of the process and hybrid model, then the > tools/vtpm_manager code that is still used could be moved into the > vtpmmgrdom stubdom codebase. tools/vtpm could be completely removed > along with the --enable-vtpm stuff in the configure script and the cmake > dependency.I haven''t had a chance to look at your patches in detail (because the few I''ve looked at have whitespace damage that Ian mentioned before), but I as long as the user interface (via xl, config files, &c) is the same, or comparable, I don''t see any reason not to move entirely over the stubdom model; especially if the process or hybrid models are not being tested or maintained. -George
Matthew Fioravante
2012-Sep-26 14:39 UTC
Re: [PATCH] Upgrade vtpmd to berlios version 0.7.4
On 09/26/2012 07:46 AM, George Dunlap wrote:> On Tue, Sep 25, 2012 at 4:50 PM, Matthew Fioravante > <matthew.fioravante@jhuapl.edu> wrote: >> I don''t know if there is anyone who would want to still use vtpms as >> processes when the stub domains are now available. Security research >> people like the domain model because it guarantees a better separation >> of components guaranteed by the hypervisor and doesn''t have to trust the >> dom0 OS. >> >> If we got rid of the process and hybrid model, then the >> tools/vtpm_manager code that is still used could be moved into the >> vtpmmgrdom stubdom codebase. tools/vtpm could be completely removed >> along with the --enable-vtpm stuff in the configure script and the cmake >> dependency. > I haven''t had a chance to look at your patches in detail (because the > few I''ve looked at have whitespace damage that Ian mentioned before), > but I as long as the user interface (via xl, config files, &c) is the > same, or comparable, I don''t see any reason not to move entirely over > the stubdom model; especially if the process or hybrid models are not > being tested or maintained.It would also simplify the whole system quite a bit. If I am to maintain vtpm I''d like to not have to deal with bugs in the old code. So how should we proceed with this then? Do you all want to remove the vtpm process/hybrid model entirely now or just deprecate it for a while? If we deprecate it do you still want my updates for it? Let me know and I''ll provide patches to make it happen either way. The last piece of this puzzle that I haven''t figured out is the linux tpm frontend driver. Its not in the main linux tree. Its from the old 2006 vtpm code but it still works. I believe it shipped with the old xen 2.6.18 kernel but now I don''t know whats happened to it. I still have a copy we have been porting to newer kernels internally. Should we try to get it in mainline linux? Or maybe provide it in the xen tree as an externally compilable kernel module? There also exists a linux tpm backend driver, but if were only going to support the domain model that is no longer needed and can go away.> -George_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On 26/09/12 15:39, Matthew Fioravante wrote:> The last piece of this puzzle that I haven''t figured out is the linux > tpm frontend driver. Its not in the main linux tree. Its from the old > 2006 vtpm code but it still works. I believe it shipped with the old xen > 2.6.18 kernel but now I don''t know whats happened to it. I still have a > copy we have been porting to newer kernels internally. > > Should we try to get it in mainline linux? Or maybe provide it in the > xen tree as an externally compilable kernel module? > > There also exists a linux tpm backend driver, but if were only going to > support the domain model that is no longer needed and can go away.We should absolutely get it into mainline Linux. I presume it''s mainly the front/back code, which would live in the xen/ tree, and then hooks to make it work with /dev/tpm? It seems like that should be fairly straightforward to get upstream. Re the backend driver: obviously you''re going to be the one doing the work, so the final call will be up to you. But it seems to me that if it''s not too difficult (and from the docs I looked at, it seemed like not much more than a dumb pipe?), I think you might as well port it. That would make it easy to run vtpm and vtpmmgr in Linux stubdoms instead of a mini-os stubdoms, should it ever becomes necessary to do so (for instance, if the vtpm code ever requires more functionality than the mini-os libc has). To upstream, I think the SOP is to rebase to the most recently released Linux kernel (3.6 now I think), and cross-post the patches to xen-devel and linux-kernel, CC''ing the Xen maintainer, Konrad Wilk <konrad.wilk@oracle.com>, and probably the TPM maintianer as well. (Correct me if I''m wrong, Konrad!) -George
On Wed, 2012-09-26 at 15:39 +0100, Matthew Fioravante wrote:> On 09/26/2012 07:46 AM, George Dunlap wrote: > > On Tue, Sep 25, 2012 at 4:50 PM, Matthew Fioravante > > <matthew.fioravante@jhuapl.edu> wrote: > >> I don''t know if there is anyone who would want to still use vtpms as > >> processes when the stub domains are now available. Security research > >> people like the domain model because it guarantees a better separation > >> of components guaranteed by the hypervisor and doesn''t have to trust the > >> dom0 OS. > >> > >> If we got rid of the process and hybrid model, then the > >> tools/vtpm_manager code that is still used could be moved into the > >> vtpmmgrdom stubdom codebase. tools/vtpm could be completely removed > >> along with the --enable-vtpm stuff in the configure script and the cmake > >> dependency. > > I haven''t had a chance to look at your patches in detail (because the > > few I''ve looked at have whitespace damage that Ian mentioned before), > > but I as long as the user interface (via xl, config files, &c) is the > > same, or comparable, I don''t see any reason not to move entirely over > > the stubdom model; especially if the process or hybrid models are not > > being tested or maintained. > It would also simplify the whole system quite a bit. If I am to maintain > vtpm I''d like to not have to deal with bugs in the old code. > > So how should we proceed with this then? Do you all want to remove the > vtpm process/hybrid model entirely now or just deprecate it for a while? > If we deprecate it do you still want my updates for it?I''m happy for you to just remove the hybrid and process variants. I think if anyone is really attached to those then it is up to them to step up and maintain them, if someone does turn up then they can always resurrect it from the VCS history and start from there.> Let me know and I''ll provide patches to make it happen either way. > > The last piece of this puzzle that I haven''t figured out is the linux > tpm frontend driver. Its not in the main linux tree. Its from the old > 2006 vtpm code but it still works. I believe it shipped with the old xen > 2.6.18 kernel but now I don''t know whats happened to it. I still have a > copy we have been porting to newer kernels internally. > > Should we try to get it in mainline linux?This is the preferred approach.> Or maybe provide it in the > xen tree as an externally compilable kernel module?We generally try and avoid that these days.> There also exists a linux tpm backend driver, but if were only going to > support the domain model that is no longer needed and can go away.Indeed. Ian.
Matthew Fioravante
2012-Sep-26 15:58 UTC
Re: [PATCH] Upgrade vtpmd to berlios version 0.7.4
On 09/26/2012 11:21 AM, Ian Campbell wrote:> On Wed, 2012-09-26 at 15:39 +0100, Matthew Fioravante wrote: >> On 09/26/2012 07:46 AM, George Dunlap wrote: >>> On Tue, Sep 25, 2012 at 4:50 PM, Matthew Fioravante >>> <matthew.fioravante@jhuapl.edu> wrote: >>>> I don''t know if there is anyone who would want to still use vtpms as >>>> processes when the stub domains are now available. Security research >>>> people like the domain model because it guarantees a better separation >>>> of components guaranteed by the hypervisor and doesn''t have to trust the >>>> dom0 OS. >>>> >>>> If we got rid of the process and hybrid model, then the >>>> tools/vtpm_manager code that is still used could be moved into the >>>> vtpmmgrdom stubdom codebase. tools/vtpm could be completely removed >>>> along with the --enable-vtpm stuff in the configure script and the cmake >>>> dependency. >>> I haven''t had a chance to look at your patches in detail (because the >>> few I''ve looked at have whitespace damage that Ian mentioned before), >>> but I as long as the user interface (via xl, config files, &c) is the >>> same, or comparable, I don''t see any reason not to move entirely over >>> the stubdom model; especially if the process or hybrid models are not >>> being tested or maintained. >> It would also simplify the whole system quite a bit. If I am to maintain >> vtpm I''d like to not have to deal with bugs in the old code. >> >> So how should we proceed with this then? Do you all want to remove the >> vtpm process/hybrid model entirely now or just deprecate it for a while? >> If we deprecate it do you still want my updates for it? > I''m happy for you to just remove the hybrid and process variants. > > I think if anyone is really attached to those then it is up to them to > step up and maintain them, if someone does turn up then they can always > resurrect it from the VCS history and start from there.Ok then in that case, ignore the vtpmd and vtpm_manager patches I sent before. The only ones that are not applicable are the mini-os patches and the libxl patches. The stubdoms are coming soon. I''d like to rework them so that the vtpm_manager code is just included directly into vtpmmgrdom.>> Let me know and I''ll provide patches to make it happen either way. >> >> The last piece of this puzzle that I haven''t figured out is the linux >> tpm frontend driver. Its not in the main linux tree. Its from the old >> 2006 vtpm code but it still works. I believe it shipped with the old xen >> 2.6.18 kernel but now I don''t know whats happened to it. I still have a >> copy we have been porting to newer kernels internally. >> >> Should we try to get it in mainline linux? > This is the preferred approach. > >> Or maybe provide it in the >> xen tree as an externally compilable kernel module? > We generally try and avoid that these days. > >> There also exists a linux tpm backend driver, but if were only going to >> support the domain model that is no longer needed and can go away. > Indeed. > > Ian. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel