THese are the remaining patches to add vtpm mini-os support to xen. Documentation internal review is taking a bit longer so I will send out a final patch with docs next week. Matthew Fioravante (10): fix bug in lseek for mini-os Update mini-os license to support GPL features Remove old vtpm support from xm Remove VTPM_TOOLS from config/Tools.mk.in Remove old vtpm stuff from tools/libxen Remove tools/vtpm* from MAINTAINERS file Regenerate configure script after removing vtpm add vtpm-stubdom code add stubdom/vtpmmgr code vtpm/vtpmmgr and required libs to stubdom/Makefile MAINTAINERS | 2 - config/Tools.mk.in | 1 - docs/man/xm.pod.1 | 11 - extras/mini-os/COPYING | 13 + extras/mini-os/lib/sys.c | 67 +- stubdom/Makefile | 138 +++- stubdom/polarssl.patch | 64 ++ stubdom/tpmemu-0.7.4.patch | 12 + stubdom/vtpm/Makefile | 37 + stubdom/vtpm/minios.cfg | 14 + stubdom/vtpm/vtpm.c | 404 +++++++++++ stubdom/vtpm/vtpm.h | 36 + stubdom/vtpm/vtpm_cmd.c | 256 +++++++ stubdom/vtpm/vtpm_cmd.h | 31 + stubdom/vtpm/vtpm_pcrs.c | 43 ++ stubdom/vtpm/vtpm_pcrs.h | 53 ++ stubdom/vtpm/vtpmblk.c | 307 +++++++++ stubdom/vtpm/vtpmblk.h | 31 + stubdom/vtpmmgr/Makefile | 32 + stubdom/vtpmmgr/init.c | 553 +++++++++++++++ stubdom/vtpmmgr/log.c | 151 +++++ stubdom/vtpmmgr/log.h | 85 +++ stubdom/vtpmmgr/marshal.h | 528 +++++++++++++++ stubdom/vtpmmgr/minios.cfg | 14 + stubdom/vtpmmgr/tcg.h | 707 +++++++++++++++++++ stubdom/vtpmmgr/tpm.c | 938 ++++++++++++++++++++++++++ stubdom/vtpmmgr/tpm.h | 218 ++++++ stubdom/vtpmmgr/tpmrsa.c | 175 +++++ stubdom/vtpmmgr/tpmrsa.h | 67 ++ stubdom/vtpmmgr/uuid.h | 50 ++ stubdom/vtpmmgr/vtpm_cmd_handler.c | 152 +++++ stubdom/vtpmmgr/vtpm_manager.h | 64 ++ stubdom/vtpmmgr/vtpm_storage.c | 783 +++++++++++++++++++++ stubdom/vtpmmgr/vtpm_storage.h | 68 ++ stubdom/vtpmmgr/vtpmmgr.c | 93 +++ stubdom/vtpmmgr/vtpmmgr.h | 77 +++ tools/configure | 603 ++++++++--------- tools/libxen/include/xen/api/xen_all.h | 1 - tools/libxen/include/xen/api/xen_vm.h | 9 - tools/libxen/include/xen/api/xen_vtpm.h | 218 ------ tools/libxen/include/xen/api/xen_vtpm_decl.h | 31 - tools/libxen/src/xen_vm.c | 22 - tools/libxen/src/xen_vtpm.c | 235 ------- tools/python/README.XendConfig | 2 - tools/python/README.sxpcfg | 4 - tools/python/scripts/xapi.py | 20 - tools/python/xen/xend/XendAPI.py | 128 ---- tools/python/xen/xend/XendConfig.py | 19 +- tools/python/xen/xend/XendConstants.py | 8 +- tools/python/xen/xend/XendDevices.py | 4 +- tools/python/xen/xend/XendDomainInfo.py | 29 - tools/python/xen/xend/XendError.py | 1 - tools/python/xen/xend/XendOptions.py | 4 - tools/python/xen/xend/server/tpmif.py | 141 ---- tools/python/xen/xend/tests/xend-config.sxp | 2 - tools/python/xen/xm/create.dtd | 4 - tools/python/xen/xm/create.py | 69 -- tools/python/xen/xm/main.py | 37 - tools/python/xen/xm/xenapi_create.py | 39 -- 59 files changed, 6535 insertions(+), 1370 deletions(-) create mode 100644 stubdom/polarssl.patch create mode 100644 stubdom/tpmemu-0.7.4.patch create mode 100644 stubdom/vtpm/Makefile create mode 100644 stubdom/vtpm/minios.cfg create mode 100644 stubdom/vtpm/vtpm.c create mode 100644 stubdom/vtpm/vtpm.h create mode 100644 stubdom/vtpm/vtpm_cmd.c create mode 100644 stubdom/vtpm/vtpm_cmd.h create mode 100644 stubdom/vtpm/vtpm_pcrs.c create mode 100644 stubdom/vtpm/vtpm_pcrs.h create mode 100644 stubdom/vtpm/vtpmblk.c create mode 100644 stubdom/vtpm/vtpmblk.h create mode 100644 stubdom/vtpmmgr/Makefile create mode 100644 stubdom/vtpmmgr/init.c create mode 100644 stubdom/vtpmmgr/log.c create mode 100644 stubdom/vtpmmgr/log.h create mode 100644 stubdom/vtpmmgr/marshal.h create mode 100644 stubdom/vtpmmgr/minios.cfg create mode 100644 stubdom/vtpmmgr/tcg.h create mode 100644 stubdom/vtpmmgr/tpm.c create mode 100644 stubdom/vtpmmgr/tpm.h create mode 100644 stubdom/vtpmmgr/tpmrsa.c create mode 100644 stubdom/vtpmmgr/tpmrsa.h create mode 100644 stubdom/vtpmmgr/uuid.h create mode 100644 stubdom/vtpmmgr/vtpm_cmd_handler.c create mode 100644 stubdom/vtpmmgr/vtpm_manager.h create mode 100644 stubdom/vtpmmgr/vtpm_storage.c create mode 100644 stubdom/vtpmmgr/vtpm_storage.h create mode 100644 stubdom/vtpmmgr/vtpmmgr.c create mode 100644 stubdom/vtpmmgr/vtpmmgr.h delete mode 100644 tools/libxen/include/xen/api/xen_vtpm.h delete mode 100644 tools/libxen/include/xen/api/xen_vtpm_decl.h delete mode 100644 tools/libxen/src/xen_vtpm.c delete mode 100644 tools/python/xen/xend/server/tpmif.py -- 1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 01/10] fix bug in lseek for mini-os
lseek always used files[fd].file.offset. It should
use the offset of whatever union member is actually
being used.
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
---
extras/mini-os/lib/sys.c | 67 ++++++++++++++++++++++++++--------------------
1 file changed, 38 insertions(+), 29 deletions(-)
diff --git a/extras/mini-os/lib/sys.c b/extras/mini-os/lib/sys.c
index d212969..3cc3340 100644
--- a/extras/mini-os/lib/sys.c
+++ b/extras/mini-os/lib/sys.c
@@ -360,45 +360,54 @@ int write(int fd, const void *buf, size_t nbytes)
off_t lseek(int fd, off_t offset, int whence)
{
+ off_t* target = NULL;
switch(files[fd].type) {
-#if defined(CONFIG_BLKFRONT) || defined(CONFIG_TPMFRONT) ||
defined(CONFIG_TPM_TIS)
#ifdef CONFIG_BLKFRONT
case FTYPE_BLK:
+ target = &files[fd].blk.offset;
+ break;
#endif
-#ifdef CONFIG_TPMFRNT
+#ifdef CONFIG_TPMFRONT
case FTYPE_TPMFRONT:
+ target = &files[fd].tpmfront.offset;
+ break;
#endif
#ifdef CONFIG_TPM_TIS
case FTYPE_TPM_TIS:
+ target = &files[fd].tpm_tis.offset;
+ break;
#endif
- switch (whence) {
- case SEEK_SET:
- files[fd].file.offset = offset;
- break;
- case SEEK_CUR:
- files[fd].file.offset += offset;
- break;
- case SEEK_END:
- {
- struct stat st;
- int ret;
- ret = fstat(fd, &st);
- if (ret)
- return -1;
- files[fd].file.offset = st.st_size + offset;
- break;
- }
- default:
- errno = EINVAL;
- return -1;
- }
- return files[fd].file.offset;
- break;
-#endif
- default: /* Not implemented on this FTYPE */
- errno = ESPIPE;
- return (off_t) -1;
+ case FTYPE_FILE:
+ target = &files[fd].file.offset;
+ break;
+ default:
+ /* Not implemented for this filetype */
+ errno = ESPIPE;
+ return (off_t) -1;
+ }
+
+ switch (whence) {
+ case SEEK_SET:
+ *target = offset;
+ break;
+ case SEEK_CUR:
+ *target += offset;
+ break;
+ case SEEK_END:
+ {
+ struct stat st;
+ int ret;
+ ret = fstat(fd, &st);
+ if (ret)
+ return -1;
+ *target = st.st_size + offset;
+ break;
+ }
+ default:
+ errno = EINVAL;
+ return -1;
}
+ return *target;
}
int fsync(int fd) {
--
1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 02/10] Update mini-os license to support GPL features
This patch updates extras/mini-os/COPYING to explain which optional features are GPL and what the implications of enabling them are. Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> --- extras/mini-os/COPYING | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/extras/mini-os/COPYING b/extras/mini-os/COPYING index c26ccfc..1d9df6c 100644 --- a/extras/mini-os/COPYING +++ b/extras/mini-os/COPYING @@ -1,3 +1,16 @@ +Certain files in this directory are licensed by the GNU +General Public License version 2 (GPLv2). By default these +files are not built and linked into MiniOs. Enabling them +will cause the whole work to become covered by the GPLv2. + +The current set of GPLv2 features are: +CONFIG_TPMFRONT +CONFIG_TPMBACK +CONFIG_TPM_TIS + +Do not use these if you do not want your MiniOS build to become +GPL licensed! + Copyright (c) 2009 Citrix Systems, Inc. All rights reserved. Redistribution and use in source and binary forms, with or without -- 1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 03/10] Remove old vtpm support from xm
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
---
docs/man/xm.pod.1 | 11 ---
tools/python/README.XendConfig | 2 -
tools/python/README.sxpcfg | 4 -
tools/python/scripts/xapi.py | 20 ----
tools/python/xen/xend/XendAPI.py | 128 ------------------------
tools/python/xen/xend/XendConfig.py | 19 +---
tools/python/xen/xend/XendConstants.py | 8 +-
tools/python/xen/xend/XendDevices.py | 4 +-
tools/python/xen/xend/XendDomainInfo.py | 29 ------
tools/python/xen/xend/XendError.py | 1 -
tools/python/xen/xend/XendOptions.py | 4 -
tools/python/xen/xend/server/tpmif.py | 141 ---------------------------
tools/python/xen/xend/tests/xend-config.sxp | 2 -
tools/python/xen/xm/create.dtd | 4 -
tools/python/xen/xm/create.py | 69 -------------
tools/python/xen/xm/main.py | 37 -------
tools/python/xen/xm/xenapi_create.py | 39 --------
17 files changed, 4 insertions(+), 518 deletions(-)
delete mode 100644 tools/python/xen/xend/server/tpmif.py
diff --git a/docs/man/xm.pod.1 b/docs/man/xm.pod.1
index 69e1f51..7c4ef85 100644
--- a/docs/man/xm.pod.1
+++ b/docs/man/xm.pod.1
@@ -977,17 +977,6 @@ formatted as a list or as an S-Expression if the
B<--long> option was given.
=back
-=head2 VIRTUAL TPM DEVICES
-
-=over 4
-
-=item B<vtpm-list> [B<-l>|B<--long>] I<domain-id>
-
-Show the virtual TPM device for a domain. The returned output is
-formatted as a list or as an S-Expression if the B<--long> option was
given.
-
-=back
-
=head1 SEE ALSO
B<xmdomain.cfg>(5), B<xentop>(1)
diff --git a/tools/python/README.XendConfig b/tools/python/README.XendConfig
index 9cc0ead..338715b 100644
--- a/tools/python/README.XendConfig
+++ b/tools/python/README.XendConfig
@@ -71,8 +71,6 @@ vbds !(devices.vbds)
- io_read_kbs
- io_write_kbs
-tpm_instance tpm.instance
-tpm_backend tpm.backend
bios_boot image.boot?
platform_std_VGA image.stdvga
platform_serial image.serial
diff --git a/tools/python/README.sxpcfg b/tools/python/README.sxpcfg
index 7a17fd1..a4762fe 100644
--- a/tools/python/README.sxpcfg
+++ b/tools/python/README.sxpcfg
@@ -105,10 +105,6 @@ io
- from
- to
-tpm
- - pref_instance
- - instance
-
pciquirk
- pci_ids
- pci_config_space_fields
diff --git a/tools/python/scripts/xapi.py b/tools/python/scripts/xapi.py
index 9530f4a..0997187 100644
--- a/tools/python/scripts/xapi.py
+++ b/tools/python/scripts/xapi.py
@@ -58,7 +58,6 @@ COMMANDS = {
''vdi-rename'': (''<vdi_uuid>
<new_name>'', ''Rename VDI''),
''vdi-destroy'': (''<vdi_uuid>'',
''Delete VDI''),
''vif-create'': (''<domname>
<pycfg>'', ''Create VIF attached to domname''),
- ''vtpm-create'' : (''<domname>
<pycfg>'', ''Create VTPM attached to domname''),
''vm-create'': (''<pycfg>'',
''Create VM with python config''),
''vm-destroy'': (''<domname>'',
''Delete VM''),
@@ -284,22 +283,16 @@ def xapi_vm_list(args, async = False):
if is_long:
vbds = vm_info[''VBDs'']
vifs = vm_info[''VIFs'']
- vtpms = vm_info[''VTPMs'']
vif_infos = []
vbd_infos = []
- vtpm_infos = []
for vbd in vbds:
vbd_info = execute(server, ''VBD.get_record'',
(session, vbd))
vbd_infos.append(vbd_info)
for vif in vifs:
vif_info = execute(server, ''VIF.get_record'',
(session, vif))
vif_infos.append(vif_info)
- for vtpm in vtpms:
- vtpm_info = execute(server,
''VTPM.get_record'', (session, vtpm))
- vtpm_infos.append(vtpm_info)
vm_info[''VBDs''] = vbd_infos
vm_info[''VIFs''] = vif_infos
- vm_info[''VTPMs''] = vtpm_infos
pprint(vm_info)
else:
print VM_LIST_FORMAT % _stringify(vm_info)
@@ -661,19 +654,6 @@ def xapi_vdi_rename(args, async = False):
print ''Done.''
-
-def xapi_vtpm_create(args, async = False):
- server, session = connect()
- domname = args[0]
- cfg = _read_python_cfg(args[1])
-
- vm_uuid = resolve_vm(server, session, domname)
- cfg[''VM''] = vm_uuid
- print "Creating vTPM with cfg = %s" % cfg
- vtpm_uuid = execute(server, ''VTPM.create'', (session,
cfg))
- print "Done. (%s)" % vtpm_uuid
-
-
def xapi_pif_list(args, async = False):
server, session = connect()
pif_uuids = execute(server, ''PIF.get_all'', (session,))
diff --git a/tools/python/xen/xend/XendAPI.py b/tools/python/xen/xend/XendAPI.py
index 54eec31..359a26b 100644
--- a/tools/python/xen/xend/XendAPI.py
+++ b/tools/python/xen/xend/XendAPI.py
@@ -377,17 +377,6 @@ def valid_vdi(func):
_check_ref(XendNode.instance().is_valid_vdi,
''VDI'', func, *args, **kwargs)
-def valid_vtpm(func):
- """Decorator to verify if vtpm_ref is valid before calling
method.
-
- @param func: function with params: (self, session, vtpm_ref, ...)
- @rtype: callable object
- """
- return lambda *args, **kwargs: \
- _check_ref(lambda r:
XendDomain.instance().is_valid_dev(''vtpm'', r),
- ''VTPM'', func, *args, **kwargs)
-
-
def valid_console(func):
"""Decorator to verify if console_ref is valid before
calling method.
@@ -481,7 +470,6 @@ classes = {
''VIF'' : valid_vif,
''VIF_metrics'' : valid_vif_metrics,
''VDI'' : valid_vdi,
- ''VTPM'' : valid_vtpm,
''console'' : valid_console,
''SR'' : valid_sr,
''task'' : valid_task,
@@ -1293,7 +1281,6 @@ class XendAPI(object):
''consoles'',
''VIFs'',
''VBDs'',
- ''VTPMs'',
''DPCIs'',
''DSCSIs'',
''DSCSI_HBAs'',
@@ -1436,10 +1423,6 @@ class XendAPI(object):
dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
return xen_api_success(dom.get_vbds())
- def VM_get_VTPMs(self, session, vm_ref):
- dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
- return xen_api_success(dom.get_vtpms())
-
def VM_get_consoles(self, session, vm_ref):
dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
return xen_api_success(dom.get_consoles())
@@ -1851,7 +1834,6 @@ class XendAPI(object):
''consoles'': xeninfo.get_consoles(),
''VIFs'': xeninfo.get_vifs(),
''VBDs'': xeninfo.get_vbds(),
- ''VTPMs'': xeninfo.get_vtpms(),
''DPCIs'': xeninfo.get_dpcis(),
''DSCSIs'': xeninfo.get_dscsis(),
''DSCSI_HBAs'': xeninfo.get_dscsi_HBAs(),
@@ -2537,116 +2519,6 @@ class XendAPI(object):
vdi = XendNode.instance().get_vdi_by_uuid(vdi_ref)
return xen_api_success(vdi.get_security_label())
- # Xen API: Class VTPM
- # ----------------------------------------------------------------
-
- VTPM_attr_rw = [''other_config'']
- VTPM_attr_ro = [''VM'',
- ''backend'',
- ''runtime_properties'' ]
-
- VTPM_attr_inst = VTPM_attr_rw
-
- VTPM_methods = [(''destroy'', None)]
- VTPM_funcs = [(''create'', ''VTPM'')]
-
- def VTPM_get_other_config(self, session, vtpm_ref):
- xendom = XendDomain.instance()
- return
xen_api_success(xendom.get_dev_property_by_uuid(''vtpm'',
- vtpm_ref,
-
''other_config''))
-
- def VTPM_set_other_config(self, session, vtpm_ref, other_config):
- xendom = XendDomain.instance()
- xendom.set_dev_property_by_uuid(''vtpm'',
- vtpm_ref,
- ''other_config'',
- other_config)
- return xen_api_success_void()
-
- # object methods
- def VTPM_get_record(self, session, vtpm_ref):
- xendom = XendDomain.instance()
- vm = xendom.get_vm_with_dev_uuid(''vtpm'', vtpm_ref)
- if not vm:
- return xen_api_error([''HANDLE_INVALID'',
''VTPM'', vtpm_ref])
- cfg = vm.get_dev_xenapi_config(''vtpm'', vtpm_ref)
- if not cfg:
- return xen_api_error([''HANDLE_INVALID'',
''VTPM'', vtpm_ref])
- valid_vtpm_keys = self.VTPM_attr_ro + self.VTPM_attr_rw + \
- self.Base_attr_ro + self.Base_attr_rw
- return_cfg = {}
- for k in cfg.keys():
- if k in valid_vtpm_keys:
- return_cfg[k] = cfg[k]
-
- return xen_api_success(return_cfg)
-
- # Class Functions
- def VTPM_get_backend(self, session, vtpm_ref):
- xendom = XendDomain.instance()
- vm = xendom.get_vm_with_dev_uuid(''vtpm'', vtpm_ref)
- if not vm:
- return xen_api_error([''HANDLE_INVALID'',
''VTPM'', vtpm_ref])
- cfg = vm.get_dev_xenapi_config(''vtpm'', vtpm_ref)
- if not cfg:
- return xen_api_error([''HANDLE_INVALID'',
''VTPM'', vtpm_ref])
- if not cfg.has_key(''backend''):
- return xen_api_error([''INTERNAL_ERROR'',
''VTPM backend not set''])
- return xen_api_success(cfg[''backend''])
-
- def VTPM_get_VM(self, session, vtpm_ref):
- xendom = XendDomain.instance()
- return
xen_api_success(xendom.get_dev_property_by_uuid(''vtpm'',
- vtpm_ref,
''VM''))
-
- def VTPM_destroy(self, session, vtpm_ref):
- xendom = XendDomain.instance()
- dom = xendom.get_vm_with_dev_uuid(''vtpm'', vtpm_ref)
- if dom:
- if dom.state != XEN_API_VM_POWER_STATE_HALTED:
- vm_ref = dom.get_dev_property(''vtpm'',
vtpm_ref, ''VM'')
- return xen_api_error([''VM_BAD_POWER_STATE'',
vm_ref,
- XendDomain.POWER_STATE_NAMES[XEN_API_VM_POWER_STATE_HALTED],
- XendDomain.POWER_STATE_NAMES[dom.state]])
- from xen.xend.server import tpmif
- tpmif.destroy_vtpmstate(dom.getName())
- return xen_api_success_void()
- else:
- return xen_api_error([''HANDLE_INVALID'',
''VTPM'', vtpm_ref])
-
- # class methods
- def VTPM_create(self, session, vtpm_struct):
- xendom = XendDomain.instance()
- if xendom.is_valid_vm(vtpm_struct[''VM'']):
- dom = xendom.get_vm_by_uuid(vtpm_struct[''VM''])
- try:
- vtpm_ref = dom.create_vtpm(vtpm_struct)
- xendom.managed_config_save(dom)
- return xen_api_success(vtpm_ref)
- except XendError, exn:
- return xen_api_error([''INTERNAL_ERROR'',
str(exn)])
- else:
- return xen_api_error([''HANDLE_INVALID'',
''VM'', vtpm_struct[''VM'']])
-
- def VTPM_get_all(self, session):
- xendom = XendDomain.instance()
- vtpms = [d.get_vtpms() for d in
XendDomain.instance().list(''all'')]
- vtpms = reduce(lambda x, y: x + y, vtpms)
- return xen_api_success(vtpms)
-
- def VTPM_get_runtime_properties(self, _, vtpm_ref):
- xendom = XendDomain.instance()
- dominfo = xendom.get_vm_with_dev_uuid(''vtpm'',
vtpm_ref)
- device = dominfo.get_dev_config_by_uuid(''vtpm'',
vtpm_ref)
-
- try:
- device_sxps = dominfo.getDeviceSxprs(''vtpm'')
- device_dict = dict(device_sxps[0][1])
- return xen_api_success(device_dict)
- except:
- return xen_api_success({})
-
# Xen API: Class console
# ----------------------------------------------------------------
diff --git a/tools/python/xen/xend/XendConfig.py
b/tools/python/xen/xend/XendConfig.py
index 9c47e56..497a5f4 100644
--- a/tools/python/xen/xend/XendConfig.py
+++ b/tools/python/xen/xend/XendConfig.py
@@ -417,7 +417,6 @@ class XendConfig(dict):
''console_refs'': [],
''vif_refs'': [],
''vbd_refs'': [],
- ''vtpm_refs'': [],
''other_config'': {},
''platform'': {},
''target'': 0,
@@ -937,7 +936,6 @@ class XendConfig(dict):
self[''console_refs''] =
cfg.get(''console_refs'', [])
self[''vif_refs''] =
cfg.get(''vif_refs'', [])
self[''vbd_refs''] =
cfg.get(''vbd_refs'', [])
- self[''vtpm_refs''] =
cfg.get(''vtpm_refs'', [])
# coalesce hvm vnc frame buffer with vfb config
if self.is_hvm() and
int(self[''platform''].get(''vnc'', 0)) != 0:
@@ -1488,7 +1486,7 @@ class XendConfig(dict):
# store dev references by uuid for certain device types
target[''devices''][dev_uuid] = (dev_type,
dev_info)
- if dev_type in (''vif'', ''vbd'',
''vtpm''):
+ if dev_type in (''vif'', ''vbd''):
param = ''%s_refs'' % dev_type
if param not in target:
target[param] = []
@@ -1630,18 +1628,6 @@ class XendConfig(dict):
target[''devices''][dev_uuid] = (dev_type,
dev_info)
target[''vbd_refs''].append(dev_uuid)
- elif dev_type == ''vtpm'':
- if cfg_xenapi.get(''type''):
- dev_info[''type''] =
cfg_xenapi.get(''type'')
-
- dev_uuid = cfg_xenapi.get(''uuid'', None)
- if not dev_uuid:
- dev_uuid = uuid.createString()
- dev_info[''uuid''] = dev_uuid
- dev_info[''other_config''] =
cfg_xenapi.get(''other_config'', {})
- target[''devices''][dev_uuid] = (dev_type,
dev_info)
- target[''vtpm_refs''].append(dev_uuid)
-
elif dev_type == ''console'':
dev_uuid = cfg_xenapi.get(''uuid'', None)
if not dev_uuid:
@@ -2078,8 +2064,7 @@ class XendConfig(dict):
result.extend(target.get(''console_refs'', []) +
target.get(''vbd_refs'', []) +
- target.get(''vif_refs'', []) +
- target.get(''vtpm_refs'', []))
+ target.get(''vif_refs'', []))
result.extend([u for u in target[''devices''].keys() if
u not in result])
return result
diff --git a/tools/python/xen/xend/XendConstants.py
b/tools/python/xen/xend/XendConstants.py
index c41b0fa..bc1c400 100644
--- a/tools/python/xen/xend/XendConstants.py
+++ b/tools/python/xen/xend/XendConstants.py
@@ -115,7 +115,7 @@ TRIGGER_TYPE = {
}
#
-# Device migration stages (eg. XendDomainInfo, XendCheckpoint, server.tpmif)
+# Device migration stages (eg. XendDomainInfo, XendCheckpoint)
#
DEV_MIGRATE_TEST = 0
@@ -124,12 +124,6 @@ DEV_MIGRATE_STEP2 = 2
DEV_MIGRATE_STEP3 = 3
#
-# VTPM-related constants
-#
-
-VTPM_DELETE_SCRIPT = auxbin.scripts_dir() + ''/vtpm-delete''
-
-#
# Xenstore Constants
#
diff --git a/tools/python/xen/xend/XendDevices.py
b/tools/python/xen/xend/XendDevices.py
index e4585e1..bef4d8a 100644
--- a/tools/python/xen/xend/XendDevices.py
+++ b/tools/python/xen/xend/XendDevices.py
@@ -19,7 +19,7 @@
# A collection of DevControllers
#
-from xen.xend.server import blkif, netif, tpmif, pciif, iopif, irqif, vfbif,
vscsiif, netif2, vusbif
+from xen.xend.server import blkif, netif, pciif, iopif, irqif, vfbif, vscsiif,
netif2, vusbif
from xen.xend.server.BlktapController import BlktapController,
Blktap2Controller
from xen.xend.server.ConsoleController import ConsoleController
@@ -38,7 +38,6 @@ class XendDevices:
''vbd'': blkif.BlkifController,
''vif'': netif.NetifController,
''vif2'': netif2.NetifController2,
- ''vtpm'': tpmif.TPMifController,
''pci'': pciif.PciController,
''ioports'': iopif.IOPortsController,
''irq'': irqif.IRQController,
@@ -82,6 +81,5 @@ class XendDevices:
@type domain: XendDomainInfo
"""
from xen.xend.XendLogging import log
- tpmif.destroy_vtpmstate(domain.info.get(''vtpm_refs''))
destroy_device_state = classmethod(destroy_device_state)
diff --git a/tools/python/xen/xend/XendDomainInfo.py
b/tools/python/xen/xend/XendDomainInfo.py
index 456e325..e9d3e7e 100644
--- a/tools/python/xen/xend/XendDomainInfo.py
+++ b/tools/python/xen/xend/XendDomainInfo.py
@@ -3908,12 +3908,6 @@ class XendDomainInfo:
else:
config[''mode''] = ''RW''
- if dev_class == ''vtpm'':
- if not config.has_key(''type''):
- config[''type''] =
''paravirtualised'' # TODO
- if not config.has_key(''backend''):
- config[''backend''] =
"00000000-0000-0000-0000-000000000000"
-
return config
def get_dev_property(self, dev_class, dev_uuid, field):
@@ -3945,9 +3939,6 @@ class XendDomainInfo:
def get_vbds(self):
return self.info.get(''vbd_refs'', [])
- def get_vtpms(self):
- return self.info.get(''vtpm_refs'', [])
-
def get_dpcis(self):
return XendDPCI.get_by_VM(self.info.get(''uuid''))
@@ -4046,23 +4037,6 @@ class XendDomainInfo:
return dev_uuid
- def create_vtpm(self, xenapi_vtpm):
- """Create a VTPM device from the passed struct in Xen
API format.
-
- @return: uuid of the device
- @rtype: string
- """
-
- if self._stateGet() not in (DOM_STATE_HALTED,):
- raise VmError("Can only add vTPM to a halted domain.")
- if self.get_vtpms() != []:
- raise VmError(''Domain already has a vTPM.'')
- dev_uuid = self.info.device_add(''vtpm'', cfg_xenapi =
xenapi_vtpm)
- if not dev_uuid:
- raise XendError(''Failed to create device'')
-
- return dev_uuid
-
def create_console(self, xenapi_console):
""" Create a console device from a Xen API struct.
@@ -4301,9 +4275,6 @@ class XendDomainInfo:
def destroy_vif(self, dev_uuid):
self.destroy_device_by_uuid(''vif'', dev_uuid)
- def destroy_vtpm(self, dev_uuid):
- self.destroy_device_by_uuid(''vtpm'', dev_uuid)
-
def destroy_dpci(self, dev_uuid):
dpci = XendAPIStore.get(dev_uuid, ''DPCI'')
diff --git a/tools/python/xen/xend/XendError.py
b/tools/python/xen/xend/XendError.py
index 3be0651..d7ec42d 100644
--- a/tools/python/xen/xend/XendError.py
+++ b/tools/python/xen/xend/XendError.py
@@ -246,7 +246,6 @@ XEND_ERROR_UNSUPPORTED =
(''EUNSUPPORTED'', ''Method Unsupported'')
XEND_ERROR_VM_INVALID = (''EVMINVALID'',
''VM Invalid'')
XEND_ERROR_VBD_INVALID = (''EVBDINVALID'',
''VBD Invalid'')
XEND_ERROR_VIF_INVALID = (''EVIFINVALID'',
''VIF Invalid'')
-XEND_ERROR_VTPM_INVALID = (''EVTPMINVALID'',
''VTPM Invalid'')
XEND_ERROR_VDI_INVALID = (''EVDIINVALID'',
''VDI Invalid'')
XEND_ERROR_SR_INVALID = (''ESRINVALID'', ''SR
Invalid'')
XEND_ERROR_XSPOLICY_INVALID = (''EXSPOLICYINVALID'',
''XS Invalid'')
diff --git a/tools/python/xen/xend/XendOptions.py
b/tools/python/xen/xend/XendOptions.py
index 01287f7..e2651e3 100644
--- a/tools/python/xen/xend/XendOptions.py
+++ b/tools/python/xen/xend/XendOptions.py
@@ -349,10 +349,6 @@ class XendOptions:
else:
return None
- def get_external_migration_tool(self):
- """@return the name of the tool to handle virtual TPM
migration."""
- return
self.get_config_string(''external-migration-tool'',
self.external_migration_tool_default)
-
def get_enable_dump(self):
return self.get_config_bool(''enable-dump'',
''no'')
diff --git a/tools/python/xen/xend/server/tpmif.py
b/tools/python/xen/xend/server/tpmif.py
deleted file mode 100644
index 23a10e9..0000000
--- a/tools/python/xen/xend/server/tpmif.py
+++ /dev/null
@@ -1,141 +0,0 @@
-#===========================================================================-#
This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General Public
-# License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#===========================================================================-#
Copyright (C) 2004 Mike Wray <mike.wray@hp.com>
-# Copyright (C) 2005 IBM Corporation
-# Author: Stefan Berger, stefanb@us.ibm.com
-# Copyright (C) 2005 XenSource Ltd
-#===========================================================================-
-"""Support for virtual TPM interfaces."""
-
-from xen.xend import XendOptions
-from xen.xend.XendLogging import log
-from xen.xend.XendError import XendError
-from xen.xend.XendConstants import DEV_MIGRATE_TEST, VTPM_DELETE_SCRIPT
-from xen.xend.server.DevController import DevController
-
-import os
-import re
-
-xoptions = XendOptions.instance()
-
-def destroy_vtpmstate(uuids):
- if os.path.exists(VTPM_DELETE_SCRIPT):
- for uuid in uuids:
- os.system(VTPM_DELETE_SCRIPT + " " + uuid)
-
-class TPMifController(DevController):
- """TPM interface controller. Handles all TPM devices for a
domain.
- """
-
- def __init__(self, vm):
- DevController.__init__(self, vm)
-
-
- def getDeviceDetails(self, config):
- """@see DevController.getDeviceDetails"""
-
- devid = self.allocateDeviceID()
- inst = int(config.get(''pref_instance'', -1))
- if inst == -1:
- inst = int(config.get(''instance'', 0))
-
- typ = config.get(''type'')
- uuid = config.get(''uuid'')
-
- log.info("The domain has a TPM with pref. instance %d and devid
%d.",
- inst, devid)
- back = { ''pref_instance'' : "%i" % inst,
- ''resume'' : "%s" %
(self.vm.getResume()) }
- if typ:
- back[''type''] = typ
- if uuid:
- back[''uuid''] = uuid
-
- data = self.vm.info[''devices''].get(uuid)
- if data:
- other = data[1].get(''other_config'')
- if type(other) == dict:
- for key, item in other.items():
- back[''oc_'' + key] = item
-
- front = { ''handle'' : "%i" % devid }
-
- return (devid, back, front)
-
- def getDeviceConfiguration(self, devid, transaction = None):
- """Returns the configuration of a
device"""
- result = DevController.getDeviceConfiguration(self, devid, transaction)
-
- (instance, uuid, type) = \
- self.readBackend(devid,
''instance'',
- ''uuid'',
- ''type'')
-
- if instance:
- result[''instance''] = instance
- if uuid:
- result[''uuid''] = uuid
- if type:
- result[''type''] = type
-
- if uuid:
- data = self.vm.info[''devices''].get(uuid)
- if data:
- other = data[1].get(''other_config'')
- if other:
- result[''other_config''] = other
-
- return result
-
- def migrate(self, deviceConfig, network, dst, step, domName):
- """@see DevContoller.migrate"""
- if network:
- tool = xoptions.get_external_migration_tool()
- if tool != '''':
- log.info("Request to network-migrate device to %s.
step=%d.",
- dst, step)
-
- if step == DEV_MIGRATE_TEST:
- """Assuming for now that everything is ok
and migration
- with the given tool can proceed.
- """
- return 0
- else:
- fd = os.popen("%s -type vtpm -step %d -host %s
-domname %s" %
- (tool, step, dst, domName),
- ''r'')
- for line in fd.readlines():
- mo = re.search(''Error'', line)
- if mo:
- raise XendError("vtpm: Fatal error in
migration step %d: %s" %
- (step, line))
- return 0
- else:
- log.debug("External migration tool not in
configuration.")
- return -1
- return 0
-
- def recover_migrate(self, deviceConfig, network, dst, step, domName):
- """@see DevContoller.recover_migrate"""
- if network:
- tool = xoptions.get_external_migration_tool()
- if tool != '''':
- log.info("Request to recover network-migrated device. last
good step=%d.",
- step)
- fd = os.popen("%s -type vtpm -step %d -host %s -domname %s
-recover" %
- (tool, step, dst, domName),
- ''r'')
- return 0
diff --git a/tools/python/xen/xend/tests/xend-config.sxp
b/tools/python/xen/xend/tests/xend-config.sxp
index 0793028..9f26e34 100644
--- a/tools/python/xen/xend/tests/xend-config.sxp
+++ b/tools/python/xen/xend/tests/xend-config.sxp
@@ -127,5 +127,3 @@
# Whether to enable core-dumps when domains crash.
#(enable-dump no)
-# The tool used for initiating virtual TPM migration
-#(external-migration-tool '''')
diff --git a/tools/python/xen/xm/create.dtd b/tools/python/xen/xm/create.dtd
index bc8d314..c91ea90 100644
--- a/tools/python/xen/xm/create.dtd
+++ b/tools/python/xen/xm/create.dtd
@@ -38,7 +38,6 @@
memory,
vbd*,
vif*,
- vtpm*,
pci*,
vscsi*,
console*,
@@ -82,9 +81,6 @@
network CDATA #IMPLIED
security_label CDATA #IMPLIED>
-<!ELEMENT vtpm (name*)>
-<!ATTLIST vtpm backend CDATA #REQUIRED>
-
<!ELEMENT pci (pci_opt*)>
<!ATTLIST pci domain CDATA #REQUIRED
bus CDATA #REQUIRED
diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py
index 7bad910..22841aa 100644
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -324,10 +324,6 @@ gopts.var(''netif'',
val=''no|yes'',
fn=set_bool, default=0,
use="Make the domain a network interface backend.")
-gopts.var(''tpmif'', val=''no|yes'',
- fn=append_value, default=0,
- use="Make the domain a TPM interface backend.")
-
gopts.var(''disk'',
val=''phy:DEV,VDEV,MODE[,DOM]'',
fn=append_value, default=[],
use="""Add a disk device to a domain. The physical
device is DEV,
@@ -419,20 +415,6 @@ gopts.var(''vif2'',
val="front_mac=MAC,back_mac=MAC,backend=DOM,pdev=PDEV,max_bypa
and backend MAC addresses. Randomly generated
addresses will be used if either address is
missing.""")
-gopts.var(''vtpm'',
val="instance=INSTANCE,backend=DOM,type=TYPE",
- fn=append_value, default=[],
- use="""Add a TPM interface. On the backend side use
the given
- instance as virtual TPM instance. The given number is merely the
- preferred instance number. The hotplug script will determine
- which instance number will actually be assigned to the domain.
- The associtation between virtual machine and the TPM instance
- number can be found in /etc/xen/vtpm.db. Use the backend in the
- given domain.
- The type parameter can be used to select a specific driver type
- that the VM can use. To prevent a fully virtualized domain (HVM)
- from being able to access an emulated device model, you may specify
- ''paravirtualized'' here.""")
-
gopts.var(''access_control'',
val="policy=POLICY,label=LABEL",
fn=append_value, default=[],
use="""Add a security label and the security policy
reference that defines it.
@@ -997,37 +979,6 @@ def configure_mem_prot(config_image, vals):
"""
config_image.append([''s3_integrity'', vals.s3_integrity])
-def configure_vtpm(config_devs, vals):
- """Create the config for virtual TPM interfaces.
- """
- vtpm = vals.vtpm
- if len(vtpm) > 0:
- d = vtpm[0]
- instance = d.get(''instance'')
- uuid = d.get(''uuid'')
- if instance == "VTPMD":
- instance = "0"
- else:
- if instance != None:
- try:
- if int(instance) == 0:
- err(''VM config error: vTPM instance must not
be 0.'')
- except ValueError:
- err(''Vm config error: could not parse instance
number.'')
- backend = d.get(''backend'')
- typ = d.get(''type'')
- config_vtpm = [''vtpm'']
- if instance:
- config_vtpm.append([''pref_instance'', instance])
- if backend:
- config_vtpm.append([''backend'', backend])
- if typ:
- config_vtpm.append([''type'', typ])
- if uuid:
- config_vtpm.append([''uuid'', uuid])
- config_devs.append([''device'', config_vtpm])
-
-
def configure_vifs(config_devs, vals):
"""Create the config for virtual network interfaces.
"""
@@ -1160,8 +1111,6 @@ def make_config(vals):
config.append([''backend'',
[''blkif'']])
if vals.netif:
config.append([''backend'',
[''netif'']])
- if vals.tpmif:
- config.append([''backend'',
[''tpmif'']])
if vals.localtime:
config.append([''localtime'', vals.localtime])
if vals.oos:
@@ -1193,7 +1142,6 @@ def make_config(vals):
configure_ioports(config_devs, vals)
configure_irq(config_devs, vals)
configure_vifs(config_devs, vals)
- configure_vtpm(config_devs, vals)
configure_vfbs(config_devs, vals)
configure_security(config, vals)
config += config_devs
@@ -1307,22 +1255,6 @@ def preprocess_irq(vals):
irq.append(d)
vals.irq = irq
-def preprocess_vtpm(vals):
- if not vals.vtpm: return
- vtpms = []
- for vtpm in vals.vtpm:
- d = {}
- a = vtpm.split('','')
- for b in a:
- (k, v) = b.strip().split(''='', 1)
- k = k.strip()
- v = v.strip()
- if k not in [''backend'',
''instance'', ''uuid'']:
- err(''Invalid vtpm specifier: '' + vtpm)
- d[k] = v
- vtpms.append(d)
- vals.vtpm = vtpms
-
def preprocess_access_control(vals):
if not vals.access_control:
return
@@ -1401,7 +1333,6 @@ def preprocess(vals):
preprocess_ip(vals)
preprocess_irq(vals)
preprocess_nfs(vals)
- preprocess_vtpm(vals)
preprocess_access_control(vals)
preprocess_cpuid(vals, ''cpuid'')
preprocess_cpuid(vals, ''cpuid_check'')
diff --git a/tools/python/xen/xm/main.py b/tools/python/xen/xm/main.py
index 948d3ce..429c573 100644
--- a/tools/python/xen/xm/main.py
+++ b/tools/python/xen/xm/main.py
@@ -204,7 +204,6 @@ SUBCOMMAND_HELP = {
''vnet-create'' :
(''<ConfigFile>'',''Create a vnet from
ConfigFile.''),
''vnet-delete'' : (''<VnetId>'',
''Delete a Vnet.''),
''vnet-list'' : (''[-l|--long]'',
''List Vnets.''),
- ''vtpm-list'' : (''<Domain>
[--long]'', ''List virtual TPM devices.''),
''pci-attach'' : (''[-o|--options=<opt>]
<Domain> <domain:bus:slot.func> [virtual slot]'',
''Insert a new pass-through pci
device.''),
''pci-detach'' : (''<Domain>
<domain:bus:slot.func>'',
@@ -469,7 +468,6 @@ device_commands = [
"network2-attach",
"network2-detach",
"network2-list",
- "vtpm-list",
"pci-attach",
"pci-detach",
"pci-list",
@@ -2392,39 +2390,6 @@ def xm_block_list(args):
"%(be-path)-30s "
% ni)
-def xm_vtpm_list(args):
- (use_long, params) = arg_check_for_resource_list(args,
"vtpm-list")
-
- dom = params[0]
-
- if serverType == SERVER_XEN_API:
- vtpm_refs = server.xenapi.VM.get_VTPMs(get_single_vm(dom))
- vtpm_properties = \
- map(server.xenapi.VTPM.get_runtime_properties, vtpm_refs)
- devs = map(lambda (handle, properties): [handle, map2sxp(properties)],
- zip(range(len(vtpm_properties)), vtpm_properties))
- else:
- devs = server.xend.domain.getDeviceSxprs(dom, ''vtpm'')
-
- if use_long:
- map(PrettyPrint.prettyprint, devs)
- else:
- hdr = 0
- for x in devs:
- if hdr == 0:
- print ''Idx BE handle state evt-ch ring-ref
BE-path''
- hdr = 1
- ni = parse_dev_info(x[1])
- ni[''idx''] = int(x[0])
- print ("%(idx)-3d "
- "%(backend-id)-3d "
- "%(handle)-3d "
- "%(state)-3d "
- "%(event-ch)-3d "
- "%(ring-ref)-5d "
- "%(be-path)-30s "
- % ni)
-
def attached_pci_dict_bin(dom):
devs = []
if serverType == SERVER_XEN_API:
@@ -3854,8 +3819,6 @@ commands = {
"vnet-list": xm_vnet_list,
"vnet-create": xm_vnet_create,
"vnet-delete": xm_vnet_delete,
- # vtpm
- "vtpm-list": xm_vtpm_list,
#pci
"pci-attach": xm_pci_attach,
"pci-detach": xm_pci_detach,
diff --git a/tools/python/xen/xm/xenapi_create.py
b/tools/python/xen/xm/xenapi_create.py
index 3d526d8..346ff20 100644
--- a/tools/python/xen/xm/xenapi_create.py
+++ b/tools/python/xen/xm/xenapi_create.py
@@ -375,12 +375,6 @@ class xenapi_create:
self.create_vifs(vm_ref, vifs, networks)
- # Now create vtpms
-
- vtpms = vm.getElementsByTagName("vtpm")
-
- self.create_vtpms(vm_ref, vtpms)
-
# Now create consoles
consoles = vm.getElementsByTagName("console")
@@ -488,21 +482,6 @@ class xenapi_create:
self._network_refs = server.xenapi.network.get_all()
return self._network_refs.pop(0)
- def create_vtpms(self, vm_ref, vtpms):
- if len(vtpms) > 1:
- vtpms = [ vtpms[0] ]
- log(DEBUG, "create_vtpms")
- return map(lambda vtpm: self.create_vtpm(vm_ref, vtpm), vtpms)
-
- def create_vtpm(self, vm_ref, vtpm):
- vtpm_record = {
- "VM":
- vm_ref,
- "backend":
- vtpm.attributes["backend"].value
- }
- return server.xenapi.VTPM.create(vtpm_record)
-
def create_consoles(self, vm_ref, consoles):
log(DEBUG, "create_consoles")
return map(lambda console: self.create_console(vm_ref, console),
@@ -633,9 +612,6 @@ class sxp2xml:
vifs_sxp = map(lambda x: x[1], [device for device in devices
if device[1][0] == "vif"])
- vtpms_sxp = map(lambda x: x[1], [device for device in devices
- if device[1][0] == "vtpm"])
-
vfbs_sxp = map(lambda x: x[1], [device for device in devices
if device[1][0] == "vfb"])
@@ -780,12 +756,6 @@ class sxp2xml:
map(vm.appendChild, vifs)
- # And now the vTPMs
-
- vtpms = map(lambda vtpm: self.extract_vtpm(vtpm, document), vtpms_sxp)
-
- map(vm.appendChild, vtpms)
-
# And now the pcis
pcis = self.extract_pcis(pcis_sxp, document)
@@ -923,15 +893,6 @@ class sxp2xml:
return vif
- def extract_vtpm(self, vtpm_sxp, document):
-
- vtpm = document.createElement("vtpm")
-
- vtpm.attributes["backend"] \
- = get_child_by_name(vtpm_sxp, "backend", "0")
-
- return vtpm
-
def extract_vfb(self, vfb_sxp, document):
vfb = document.createElement("console")
--
1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 04/10] Remove VTPM_TOOLS from config/Tools.mk.in
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> --- config/Tools.mk.in | 1 - 1 file changed, 1 deletion(-) diff --git a/config/Tools.mk.in b/config/Tools.mk.in index a78f211..3967e7d 100644 --- a/config/Tools.mk.in +++ b/config/Tools.mk.in @@ -44,7 +44,6 @@ GIT_HTTP := @githttp@ # Optional components XENSTAT_XENTOP := @monitors@ -VTPM_TOOLS := @vtpm@ LIBXENAPI_BINDINGS := @xenapi@ OCAML_TOOLS := @ocamltools@ CONFIG_MINITERM := @miniterm@ -- 1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 05/10] Remove old vtpm stuff from tools/libxen
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
---
tools/libxen/include/xen/api/xen_all.h | 1 -
tools/libxen/include/xen/api/xen_vm.h | 9 -
tools/libxen/include/xen/api/xen_vtpm.h | 218 ------------------------
tools/libxen/include/xen/api/xen_vtpm_decl.h | 31 ----
tools/libxen/src/xen_vm.c | 22 ---
tools/libxen/src/xen_vtpm.c | 235 --------------------------
6 files changed, 516 deletions(-)
delete mode 100644 tools/libxen/include/xen/api/xen_vtpm.h
delete mode 100644 tools/libxen/include/xen/api/xen_vtpm_decl.h
delete mode 100644 tools/libxen/src/xen_vtpm.c
diff --git a/tools/libxen/include/xen/api/xen_all.h
b/tools/libxen/include/xen/api/xen_all.h
index 52113c7..45ac171 100644
--- a/tools/libxen/include/xen/api/xen_all.h
+++ b/tools/libxen/include/xen/api/xen_all.h
@@ -35,7 +35,6 @@
#include <xen/api/xen_vm.h>
#include <xen/api/xen_vm_metrics.h>
#include <xen/api/xen_vm_power_state.h>
-#include <xen/api/xen_vtpm.h>
#include <xen/api/xen_xspolicy.h>
#include <xen/api/xen_cpu_pool.h>
#endif
diff --git a/tools/libxen/include/xen/api/xen_vm.h
b/tools/libxen/include/xen/api/xen_vm.h
index de554fc..8be7d2b 100644
--- a/tools/libxen/include/xen/api/xen_vm.h
+++ b/tools/libxen/include/xen/api/xen_vm.h
@@ -33,7 +33,6 @@
#include <xen/api/xen_vm_guest_metrics_decl.h>
#include <xen/api/xen_vm_metrics_decl.h>
#include <xen/api/xen_vm_power_state.h>
-#include <xen/api/xen_vtpm_decl.h>
#include <xen/api/xen_cpu_pool_decl.h>
@@ -98,7 +97,6 @@ typedef struct xen_vm_record
struct xen_vif_record_opt_set *vifs;
struct xen_vbd_record_opt_set *vbds;
struct xen_crashdump_record_opt_set *crash_dumps;
- struct xen_vtpm_record_opt_set *vtpms;
char *pv_bootloader;
char *pv_kernel;
char *pv_ramdisk;
@@ -396,13 +394,6 @@ xen_vm_get_crash_dumps(xen_session *session, struct
xen_crashdump_set **result,
/**
- * Get the VTPMs field of the given VM.
- */
-extern bool
-xen_vm_get_vtpms(xen_session *session, struct xen_vtpm_set **result, xen_vm
vm);
-
-
-/**
* Get the PV/bootloader field of the given VM.
*/
extern bool
diff --git a/tools/libxen/include/xen/api/xen_vtpm.h
b/tools/libxen/include/xen/api/xen_vtpm.h
deleted file mode 100644
index 9b3b2eb..0000000
--- a/tools/libxen/include/xen/api/xen_vtpm.h
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright (c) 2006-2007, XenSource Inc.
- * Copyright (c) 2006, IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#ifndef XEN_VTPM_H
-#define XEN_VTPM_H
-
-#include <xen/api/xen_common.h>
-#include <xen/api/xen_vm_decl.h>
-#include <xen/api/xen_vtpm_decl.h>
-
-
-/*
- * The VTPM class.
- *
- * A virtual TPM device.
- */
-
-
-/**
- * Free the given xen_vtpm. The given handle must have been allocated
- * by this library.
- */
-extern void
-xen_vtpm_free(xen_vtpm vtpm);
-
-
-typedef struct xen_vtpm_set
-{
- size_t size;
- xen_vtpm *contents[];
-} xen_vtpm_set;
-
-/**
- * Allocate a xen_vtpm_set of the given size.
- */
-extern xen_vtpm_set *
-xen_vtpm_set_alloc(size_t size);
-
-/**
- * Free the given xen_vtpm_set. The given set must have been allocated
- * by this library.
- */
-extern void
-xen_vtpm_set_free(xen_vtpm_set *set);
-
-
-typedef struct xen_vtpm_record
-{
- xen_vtpm handle;
- char *uuid;
- struct xen_vm_record_opt *vm;
- struct xen_vm_record_opt *backend;
- xen_string_string_map *other_config;
-} xen_vtpm_record;
-
-/**
- * Allocate a xen_vtpm_record.
- */
-extern xen_vtpm_record *
-xen_vtpm_record_alloc(void);
-
-/**
- * Free the given xen_vtpm_record, and all referenced values. The
- * given record must have been allocated by this library.
- */
-extern void
-xen_vtpm_record_free(xen_vtpm_record *record);
-
-
-typedef struct xen_vtpm_record_opt
-{
- bool is_record;
- union
- {
- xen_vtpm handle;
- xen_vtpm_record *record;
- } u;
-} xen_vtpm_record_opt;
-
-/**
- * Allocate a xen_vtpm_record_opt.
- */
-extern xen_vtpm_record_opt *
-xen_vtpm_record_opt_alloc(void);
-
-/**
- * Free the given xen_vtpm_record_opt, and all referenced values. The
- * given record_opt must have been allocated by this library.
- */
-extern void
-xen_vtpm_record_opt_free(xen_vtpm_record_opt *record_opt);
-
-
-typedef struct xen_vtpm_record_set
-{
- size_t size;
- xen_vtpm_record *contents[];
-} xen_vtpm_record_set;
-
-/**
- * Allocate a xen_vtpm_record_set of the given size.
- */
-extern xen_vtpm_record_set *
-xen_vtpm_record_set_alloc(size_t size);
-
-/**
- * Free the given xen_vtpm_record_set, and all referenced values. The
- * given set must have been allocated by this library.
- */
-extern void
-xen_vtpm_record_set_free(xen_vtpm_record_set *set);
-
-
-
-typedef struct xen_vtpm_record_opt_set
-{
- size_t size;
- xen_vtpm_record_opt *contents[];
-} xen_vtpm_record_opt_set;
-
-/**
- * Allocate a xen_vtpm_record_opt_set of the given size.
- */
-extern xen_vtpm_record_opt_set *
-xen_vtpm_record_opt_set_alloc(size_t size);
-
-/**
- * Free the given xen_vtpm_record_opt_set, and all referenced values.
- * The given set must have been allocated by this library.
- */
-extern void
-xen_vtpm_record_opt_set_free(xen_vtpm_record_opt_set *set);
-
-
-/**
- * Get a record containing the current state of the given VTPM.
- */
-extern bool
-xen_vtpm_get_record(xen_session *session, xen_vtpm_record **result, xen_vtpm
vtpm);
-
-
-/**
- * Get a reference to the VTPM instance with the specified UUID.
- */
-extern bool
-xen_vtpm_get_by_uuid(xen_session *session, xen_vtpm *result, char *uuid);
-
-
-/**
- * Create a new VTPM instance, and return its handle.
- */
-extern bool
-xen_vtpm_create(xen_session *session, xen_vtpm *result, xen_vtpm_record
*record);
-
-
-/**
- * Destroy the specified VTPM instance.
- */
-extern bool
-xen_vtpm_destroy(xen_session *session, xen_vtpm vtpm);
-
-
-/**
- * Get the uuid field of the given VTPM.
- */
-extern bool
-xen_vtpm_get_uuid(xen_session *session, char **result, xen_vtpm vtpm);
-
-
-/**
- * Get the VM field of the given VTPM.
- */
-extern bool
-xen_vtpm_get_vm(xen_session *session, xen_vm *result, xen_vtpm vtpm);
-
-
-/**
- * Get the backend field of the given VTPM.
- */
-extern bool
-xen_vtpm_get_backend(xen_session *session, xen_vm *result, xen_vtpm vtpm);
-
-
-/**
- * Get the other_config field of the given VTPM.
- */
-extern bool
-xen_vtpm_get_other_config(xen_session *session,
- xen_string_string_map **result,
- xen_vtpm vtpm);
-
-
-/**
- * Set the other_config field of the given VTPM.
- */
-extern bool
-xen_vtpm_set_other_config(xen_session *session,
- xen_vtpm vtpm,
- xen_string_string_map *other_config);
-
-
-#endif
diff --git a/tools/libxen/include/xen/api/xen_vtpm_decl.h
b/tools/libxen/include/xen/api/xen_vtpm_decl.h
deleted file mode 100644
index 7798e38..0000000
--- a/tools/libxen/include/xen/api/xen_vtpm_decl.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 2006, XenSource Inc.
- * Copyright (c) 2006, IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#ifndef XEN_VTPM_DECL_H
-#define XEN_VTPM_DECL_H
-
-typedef void *xen_vtpm;
-
-struct xen_vtpm_set;
-struct xen_vtpm_record;
-struct xen_vtpm_record_set;
-struct xen_vtpm_record_opt;
-struct xen_vtpm_record_opt_set;
-
-#endif
diff --git a/tools/libxen/src/xen_vm.c b/tools/libxen/src/xen_vm.c
index b762fbe..dcd650c 100644
--- a/tools/libxen/src/xen_vm.c
+++ b/tools/libxen/src/xen_vm.c
@@ -35,7 +35,6 @@
#include <xen/api/xen_vm.h>
#include <xen/api/xen_vm_guest_metrics.h>
#include <xen/api/xen_vm_metrics.h>
-#include <xen/api/xen_vtpm.h>
#include <xen/api/xen_cpu_pool.h>
@@ -119,9 +118,6 @@ static const struct_member xen_vm_record_struct_members[]
{ .key = "crash_dumps",
.type = &abstract_type_ref_set,
.offset = offsetof(xen_vm_record, crash_dumps) },
- { .key = "VTPMs",
- .type = &abstract_type_ref_set,
- .offset = offsetof(xen_vm_record, vtpms) },
{ .key = "PV_bootloader",
.type = &abstract_type_string,
.offset = offsetof(xen_vm_record, pv_bootloader) },
@@ -203,7 +199,6 @@ xen_vm_record_free(xen_vm_record *record)
xen_vif_record_opt_set_free(record->vifs);
xen_vbd_record_opt_set_free(record->vbds);
xen_crashdump_record_opt_set_free(record->crash_dumps);
- xen_vtpm_record_opt_set_free(record->vtpms);
free(record->pv_bootloader);
free(record->pv_kernel);
free(record->pv_ramdisk);
@@ -668,23 +663,6 @@ xen_vm_get_crash_dumps(xen_session *session, struct
xen_crashdump_set **result,
bool
-xen_vm_get_vtpms(xen_session *session, struct xen_vtpm_set **result, xen_vm vm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vm }
- };
-
- abstract_type result_type = abstract_type_string_set;
-
- *result = NULL;
- XEN_CALL_("VM.get_VTPMs");
- return session->ok;
-}
-
-
-bool
xen_vm_get_pv_bootloader(xen_session *session, char **result, xen_vm vm)
{
abstract_value param_values[] diff --git a/tools/libxen/src/xen_vtpm.c
b/tools/libxen/src/xen_vtpm.c
deleted file mode 100644
index 0ca7b41..0000000
--- a/tools/libxen/src/xen_vtpm.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 2006, XenSource Inc.
- * Copyright (c) 2006, IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-
-#include <stddef.h>
-#include <stdlib.h>
-
-#include "xen_internal.h"
-#include <xen/api/xen_common.h>
-#include <xen/api/xen_vm.h>
-#include <xen/api/xen_vtpm.h>
-
-
-XEN_FREE(xen_vtpm)
-XEN_SET_ALLOC_FREE(xen_vtpm)
-XEN_ALLOC(xen_vtpm_record)
-XEN_SET_ALLOC_FREE(xen_vtpm_record)
-XEN_ALLOC(xen_vtpm_record_opt)
-XEN_RECORD_OPT_FREE(xen_vtpm)
-XEN_SET_ALLOC_FREE(xen_vtpm_record_opt)
-
-
-static const struct_member xen_vtpm_record_struct_members[] - {
- { .key = "uuid",
- .type = &abstract_type_string,
- .offset = offsetof(xen_vtpm_record, uuid) },
- { .key = "VM",
- .type = &abstract_type_ref,
- .offset = offsetof(xen_vtpm_record, vm) },
- { .key = "backend",
- .type = &abstract_type_ref,
- .offset = offsetof(xen_vtpm_record, backend) },
- { .key = "other_config",
- .type = &abstract_type_string_string_map,
- .offset = offsetof(xen_vtpm_record, other_config) }
- };
-
-const abstract_type xen_vtpm_record_abstract_type_ - {
- .typename = STRUCT,
- .struct_size = sizeof(xen_vtpm_record),
- .member_count - sizeof(xen_vtpm_record_struct_members) /
sizeof(struct_member),
- .members = xen_vtpm_record_struct_members
- };
-
-
-void
-xen_vtpm_record_free(xen_vtpm_record *record)
-{
- if (record == NULL)
- {
- return;
- }
- free(record->handle);
- free(record->uuid);
- xen_vm_record_opt_free(record->vm);
- xen_vm_record_opt_free(record->backend);
- xen_string_string_map_free(record->other_config);
- free(record);
-}
-
-
-bool
-xen_vtpm_get_record(xen_session *session, xen_vtpm_record **result, xen_vtpm
vtpm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm }
- };
-
- abstract_type result_type = xen_vtpm_record_abstract_type_;
-
- *result = NULL;
- XEN_CALL_("VTPM.get_record");
-
- if (session->ok)
- {
- (*result)->handle = xen_strdup_((*result)->uuid);
- }
-
- return session->ok;
-}
-
-
-bool
-xen_vtpm_get_by_uuid(xen_session *session, xen_vtpm *result, char *uuid)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = uuid }
- };
-
- abstract_type result_type = abstract_type_string;
-
- *result = NULL;
- XEN_CALL_("VTPM.get_by_uuid");
- return session->ok;
-}
-
-
-bool
-xen_vtpm_create(xen_session *session, xen_vtpm *result, xen_vtpm_record
*record)
-{
- abstract_value param_values[] - {
- { .type = &xen_vtpm_record_abstract_type_,
- .u.struct_val = record }
- };
-
- abstract_type result_type = abstract_type_string;
-
- *result = NULL;
- XEN_CALL_("VTPM.create");
- return session->ok;
-}
-
-
-bool
-xen_vtpm_destroy(xen_session *session, xen_vtpm vtpm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm }
- };
-
- xen_call_(session, "VTPM.destroy", param_values, 1, NULL, NULL);
- return session->ok;
-}
-
-
-bool
-xen_vtpm_get_vm(xen_session *session, xen_vm *result, xen_vtpm vtpm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm }
- };
-
- abstract_type result_type = abstract_type_string;
-
- *result = NULL;
- XEN_CALL_("VTPM.get_VM");
- return session->ok;
-}
-
-
-bool
-xen_vtpm_get_backend(xen_session *session, xen_vm *result, xen_vtpm vtpm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm }
- };
-
- abstract_type result_type = abstract_type_string;
-
- *result = NULL;
- XEN_CALL_("VTPM.get_backend");
- return session->ok;
-}
-
-
-bool
-xen_vtpm_get_uuid(xen_session *session, char **result, xen_vtpm vtpm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm }
- };
-
- abstract_type result_type = abstract_type_string;
-
- *result = NULL;
- XEN_CALL_("VTPM.get_uuid");
- return session->ok;
-}
-
-
-bool
-xen_vtpm_get_other_config(xen_session *session, xen_string_string_map **result,
- xen_vtpm vtpm)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm }
- };
-
- abstract_type result_type = abstract_type_string_string_map;
-
- *result = NULL;
- XEN_CALL_("VTPM.get_other_config");
- return session->ok;
-}
-
-
-bool
-xen_vtpm_set_other_config(xen_session *session, xen_vtpm vtpm,
- xen_string_string_map *other_config)
-{
- abstract_value param_values[] - {
- { .type = &abstract_type_string,
- .u.string_val = vtpm },
- { .type = &abstract_type_string_string_map,
- .u.set_val = (arbitrary_set *)other_config }
- };
-
- xen_call_(session, "VTPM.set_other_config", param_values, 2,
NULL, NULL);
- return session->ok;
-}
--
1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 06/10] Remove tools/vtpm* from MAINTAINERS file
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> --- MAINTAINERS | 2 -- 1 file changed, 2 deletions(-) diff --git a/MAINTAINERS b/MAINTAINERS index 2d8517b..fd45182 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -251,8 +251,6 @@ F: extras/minios-os/tpm-tis.c F: extras/minios-os/include/tpmfront.h F: extras/minios-os/include/tpmback.h F: extras/minios-os/include/tpm-tis.h -F: tools/vtpm/ -F: tools/vtpm_manager/ F: stubdom/vtpm/ F: stubdom/vtpmmgr/ F: docs/misc/vtpm.txt -- 1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 07/10] Regenerate configure script after removing vtpm
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
---
tools/configure | 603 ++++++++++++++++++++++++++++---------------------------
1 file changed, 302 insertions(+), 301 deletions(-)
diff --git a/tools/configure b/tools/configure
index edf42f6..ed20d12 100755
--- a/tools/configure
+++ b/tools/configure
@@ -1,13 +1,11 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.67 for Xen Hypervisor 4.3.
+# Generated by GNU Autoconf 2.69 for Xen Hypervisor 4.3.
#
# Report bugs to <xen-devel@lists.xen.org>.
#
#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
-# Foundation, Inc.
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
@@ -91,6 +89,7 @@ fi
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
+as_myself case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -135,6 +134,31 @@ export LANGUAGE
# CDPATH.
(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# Use a proper internal environment variable to ensure we don''t fall
+ # into an infinite loop, continuously re-executing ourselves.
+ if test x"${_as_can_reexec}" != xno && test
"x$CONFIG_SHELL" != x; then
+ _as_can_reexec=no; export _as_can_reexec;
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec''.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+ fi
+ # We don''t want this to propagate to other subprocesses.
+ { _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\"
&& (emulate sh) >/dev/null 2>&1; then :
emulate sh
@@ -168,7 +192,8 @@ if ( set x; as_fn_ret_success y && test x =
\"\$1\" ); then :
else
exitcode=1; echo positional parameters were not saved.
fi
-test x\$exitcode = x0 || exit 1"
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
as_suggested="
as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested"
as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested"
as_lineno_2a=\$LINENO
eval ''test \"x\$as_lineno_1''\$as_run''\"
!= \"x\$as_lineno_2''\$as_run''\" &&
@@ -213,14 +238,25 @@ IFS=$as_save_IFS
if test "x$CONFIG_SHELL" != x; then :
- # We cannot yet assume a decent shell, so we have to provide a
- # neutralization value for shells without unset; and this also
- # works around shells that cannot unset nonexistent variables.
- BASH_ENV=/dev/null
- ENV=/dev/null
- (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec''.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
fi
if test x$as_have_required = xno; then :
@@ -323,6 +359,14 @@ $as_echo X"$as_dir" |
} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
@@ -444,6 +488,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
chmod +x "$as_me.lineno" ||
{ $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a
POSIX shell" >&2; as_fn_exit 1; }
+ # If we had to re-execute with $CONFIG_SHELL, we''re ensured to have
+ # already done that, so ensure we don''t try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
# Don''t try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
# original and so on. Autoconf is especially sensitive to this).
@@ -478,16 +526,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir'' and `ln file dir''
fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s'' creates a wrapper
executable.
- # In both cases, we have to default to `cp -p''.
+ # In both cases, we have to default to `cp -pR''.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe
||
- as_ln_s=''cp -p''
+ as_ln_s=''cp -pR''
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
- as_ln_s=''cp -p''
+ as_ln_s=''cp -pR''
fi
else
- as_ln_s=''cp -p''
+ as_ln_s=''cp -pR''
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@@ -499,28 +547,8 @@ else
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x=''test -x''
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option- fi
- as_test_x=''
- eval sh -c ''\''''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld''$as_ls_L_option'' "$1" 2>/dev/null`
in #((
- ???[sx]*):;;*)false;;esac;fi
- ''\'''' sh
- ''
-fi
-as_executable_p=$as_test_x
+as_test_x=''test -x''
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed
''y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g''"
@@ -668,7 +696,6 @@ lomount
miniterm
ocamltools
xenapi
-vtpm
monitors
githttp
host_os
@@ -722,7 +749,6 @@ ac_user_opts=''
enable_option_checking
enable_githttp
enable_monitors
-enable_vtpm
enable_xenapi
enable_ocamltools
enable_miniterm
@@ -1166,7 +1192,7 @@ Try \`$0 --help'' for more information"
$as_echo "$as_me: WARNING: you should use --build, --host,
--target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]"
>/dev/null &&
$as_echo "$as_me: WARNING: invalid host type: $ac_option"
>&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option}
${target_alias=$ac_option}
+ : "${build_alias=$ac_option} ${host_alias=$ac_option}
${target_alias=$ac_option}"
;;
esac
@@ -1217,8 +1243,6 @@ target=$target_alias
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
- $as_echo "$as_me: WARNING: if you wanted to set the --build type,
don''t use --host.
- If a cross compiler is detected then cross compile mode will be used"
>&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
@@ -1381,8 +1405,6 @@ Optional Features:
DISABLED)
--disable-monitors Disable xenstat and xentop monitoring tools (default
is ENABLED)
- --enable-vtpm Enable Virtual Trusted Platform Module (default is
- DISABLED)
--enable-xenapi Enable Xen API Bindings (default is DISABLED)
--disable-ocamltools Disable Ocaml tools (default is ENABLED)
--enable-miniterm Enable miniterm (default is DISABLED)
@@ -1495,9 +1517,9 @@ test -n "$ac_init_help" && exit
$ac_status
if $ac_init_version; then
cat <<\_ACEOF
Xen Hypervisor configure 4.3
-generated by GNU Autoconf 2.67
+generated by GNU Autoconf 2.69
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@@ -1541,7 +1563,7 @@ sed ''s/^/| /'' conftest.$ac_ext
>&5
ac_retval=1
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && {
as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_compile
@@ -1578,7 +1600,7 @@ sed ''s/^/| /'' conftest.$ac_ext
>&5
ac_retval=1
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && {
as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_cpp
@@ -1591,10 +1613,10 @@ fi
ac_fn_c_check_header_mongrel ()
{
as_lineno=${as_lineno-"$1"}
as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval "test \"\${$3+set}\"" = set; then :
+ if eval \${$3+:} false; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2"
>&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
fi
eval ac_res=\$$3
@@ -1661,7 +1683,7 @@ $as_echo "$as_me: WARNING: $2: proceeding with the
compiler''s result" >&2;}
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2"
>&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
eval "$3=\$ac_header_compiler"
@@ -1670,7 +1692,7 @@ eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res"
>&5
$as_echo "$ac_res" >&6; }
fi
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && {
as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_mongrel
@@ -1711,7 +1733,7 @@ sed ''s/^/| /'' conftest.$ac_ext
>&5
ac_retval=$ac_status
fi
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && {
as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_run
@@ -1725,7 +1747,7 @@ ac_fn_c_check_header_compile ()
as_lineno=${as_lineno-"$1"}
as_lineno_stack=as_lineno_stack=$as_lineno_stack
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2"
>&5
$as_echo_n "checking for $2... " >&6; }
-if eval "test \"\${$3+set}\"" = set; then :
+if eval \${$3+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -1743,7 +1765,7 @@ fi
eval ac_res=\$$3
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res"
>&5
$as_echo "$ac_res" >&6; }
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && {
as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_compile
@@ -1774,7 +1796,7 @@ $as_echo "$ac_try_echo"; } >&5
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
- $as_test_x conftest$ac_exeext
+ test -x conftest$ac_exeext
}; then :
ac_retval=0
else
@@ -1788,7 +1810,7 @@ fi
# interfere with the next link command; also delete a directory that is
# left behind by Apple''s compiler. We do this before executing the
actions.
rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; test "x$as_lineno_stack" = x && {
as_lineno=; unset as_lineno;}
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
as_fn_set_status $ac_retval
} # ac_fn_c_try_link
@@ -1797,7 +1819,7 @@ This file contains any messages produced by compilers
while
running configure, to aid debugging if configure makes a mistake.
It was created by Xen Hypervisor $as_me 4.3, which was
-generated by GNU Autoconf 2.67. Invocation command line was
+generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2055,7 +2077,7 @@ $as_echo "$as_me: loading site script
$ac_site_file" >&6;}
|| { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in
\`$ac_pwd'':" >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
fi
done
@@ -2199,7 +2221,7 @@ $SHELL "$ac_aux_dir/config.sub" sun4
>/dev/null 2>&1 ||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type"
>&5
$as_echo_n "checking build system type... " >&6; }
-if test "${ac_cv_build+set}" = set; then :
+if ${ac_cv_build+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_build_alias=$build_alias
@@ -2215,7 +2237,7 @@ fi
$as_echo "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build"
"$LINENO" 5 ;;
+*) as_fn_error $? "invalid value of canonical build"
"$LINENO" 5;;
esac
build=$ac_cv_build
ac_save_IFS=$IFS; IFS=''-''
@@ -2233,7 +2255,7 @@ case $build_os in *\ *) build_os=`echo
"$build_os" | sed ''s/ /-/g''`;; esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type"
>&5
$as_echo_n "checking host system type... " >&6; }
-if test "${ac_cv_host+set}" = set; then :
+if ${ac_cv_host+:} false; then :
$as_echo_n "(cached) " >&6
else
if test "x$host_alias" = x; then
@@ -2248,7 +2270,7 @@ fi
$as_echo "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host"
"$LINENO" 5 ;;
+*) as_fn_error $? "invalid value of canonical host"
"$LINENO" 5;;
esac
host=$ac_cv_host
ac_save_IFS=$IFS; IFS=''-''
@@ -2445,29 +2467,6 @@ monitors=$ax_cv_monitors
-# Check whether --enable-vtpm was given.
-if test "${enable_vtpm+set}" = set; then :
- enableval=$enable_vtpm;
-fi
-
-
-if test "x$enable_vtpm" = "xno"; then :
-
- ax_cv_vtpm="n"
-
-elif test "x$enable_vtpm" = "xyes"; then :
-
- ax_cv_vtpm="y"
-
-elif test -z $ax_cv_vtpm; then :
-
- ax_cv_vtpm="n"
-
-fi
-vtpm=$ax_cv_vtpm
-
-
-
# Check whether --enable-xenapi was given.
if test "${enable_xenapi+set}" = set; then :
enableval=$enable_xenapi;
@@ -2700,7 +2699,7 @@ if test -n "$ac_tool_prefix"; then
set dummy ${ac_tool_prefix}gcc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -2712,7 +2711,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2740,7 +2739,7 @@ if test -z "$ac_cv_prog_CC"; then
set dummy gcc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
@@ -2752,7 +2751,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2793,7 +2792,7 @@ if test -z "$CC"; then
set dummy ${ac_tool_prefix}cc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -2805,7 +2804,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2833,7 +2832,7 @@ if test -z "$CC"; then
set dummy cc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -2846,7 +2845,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc";
then
ac_prog_rejected=yes
continue
@@ -2892,7 +2891,7 @@ if test -z "$CC"; then
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then :
+if ${ac_cv_prog_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
@@ -2904,7 +2903,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2936,7 +2935,7 @@ do
set dummy $ac_prog; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
@@ -2948,7 +2947,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -2991,7 +2990,7 @@ fi
test -z "$CC" && { { $as_echo
"$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd'':"
>&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler
version" >&5
@@ -3106,7 +3105,7 @@ sed ''s/^/| /'' conftest.$ac_ext
>&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in
\`$ac_pwd'':" >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error 77 "C compiler cannot create executables
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
@@ -3149,7 +3148,7 @@ else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in
\`$ac_pwd'':" >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "cannot compute suffix of executables: cannot compile and
link
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
fi
rm -f conftest conftest$ac_cv_exeext
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext"
>&5
@@ -3208,7 +3207,7 @@ $as_echo "$ac_try_echo"; } >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "cannot run C compiled programs.
If you meant to cross compile, use \`--host''.
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
fi
fi
fi
@@ -3219,7 +3218,7 @@ rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
ac_clean_files=$ac_clean_files_save
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object
files" >&5
$as_echo_n "checking for suffix of object files... " >&6; }
-if test "${ac_cv_objext+set}" = set; then :
+if ${ac_cv_objext+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -3260,7 +3259,7 @@ sed ''s/^/| /'' conftest.$ac_ext
>&5
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in
\`$ac_pwd'':" >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
fi
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
@@ -3270,7 +3269,7 @@ OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the
GNU C compiler" >&5
$as_echo_n "checking whether we are using the GNU C compiler... "
>&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+if ${ac_cv_c_compiler_gnu+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -3307,7 +3306,7 @@ ac_test_CFLAGS=${CFLAGS+set}
ac_save_CFLAGS=$CFLAGS
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts
-g" >&5
$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then :
+if ${ac_cv_prog_cc_g+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_save_c_werror_flag=$ac_c_werror_flag
@@ -3385,7 +3384,7 @@ else
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept
ISO C89" >&5
$as_echo_n "checking for $CC option to accept ISO C89... "
>&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then :
+if ${ac_cv_prog_cc_c89+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_cv_prog_cc_c89=no
@@ -3394,8 +3393,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+struct stat;
/* Most of the following tests are stolen from RCS 5.7''s src/conf.sh.
*/
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@@ -3484,7 +3482,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... "
>&6; }
set x ${MAKE-make}
ac_make=`$as_echo "$2" | sed ''s/+/p/g;
s/[^a-zA-Z0-9_]/_/g''`
-if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" =
set; then :
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
$as_echo_n "(cached) " >&6
else
cat >conftest.make <<\_ACEOF
@@ -3528,7 +3526,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible
install" >&5
$as_echo_n "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then :
+if ${ac_cv_path_install+:} false; then :
$as_echo_n "(cached) " >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -3548,7 +3546,7 @@ case $as_dir/ in #((
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x
"$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null
2>&1; then
# AIX install. It has an incompatible calling convention.
@@ -3608,7 +3606,7 @@ test -z "$INSTALL_DATA" &&
INSTALL_DATA=''${INSTALL} -m 644''
set dummy bison; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_BISON+set}" = set; then :
+if ${ac_cv_path_BISON+:} false; then :
$as_echo_n "(cached) " >&6
else
case $BISON in
@@ -3622,7 +3620,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_BISON="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3648,7 +3646,7 @@ fi
set dummy flex; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_FLEX+set}" = set; then :
+if ${ac_cv_path_FLEX+:} false; then :
$as_echo_n "(cached) " >&6
else
case $FLEX in
@@ -3662,7 +3660,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3688,7 +3686,7 @@ fi
set dummy perl; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_PERL+set}" = set; then :
+if ${ac_cv_path_PERL+:} false; then :
$as_echo_n "(cached) " >&6
else
case $PERL in
@@ -3702,7 +3700,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3735,7 +3733,7 @@ if test "x$xapi" = "xy"; then :
set dummy curl-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_CURL+set}" = set; then :
+if ${ac_cv_path_CURL+:} false; then :
$as_echo_n "(cached) " >&6
else
case $CURL in
@@ -3749,7 +3747,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_CURL="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3780,7 +3778,7 @@ fi
set dummy xml2-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_XML+set}" = set; then :
+if ${ac_cv_path_XML+:} false; then :
$as_echo_n "(cached) " >&6
else
case $XML in
@@ -3794,7 +3792,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_XML="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3831,7 +3829,7 @@ if test "x$ocamltools" = "xy"; then :
set dummy ${ac_tool_prefix}ocamlc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLC+set}" = set; then :
+if ${ac_cv_prog_OCAMLC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLC"; then
@@ -3843,7 +3841,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLC="${ac_tool_prefix}ocamlc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3871,7 +3869,7 @@ if test -z "$ac_cv_prog_OCAMLC"; then
set dummy ocamlc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLC+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLC"; then
@@ -3883,7 +3881,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLC="ocamlc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3942,7 +3940,7 @@ $as_echo "OCaml library path is $OCAMLLIB"
>&6; }
set dummy ${ac_tool_prefix}ocamlopt; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLOPT+set}" = set; then :
+if ${ac_cv_prog_OCAMLOPT+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLOPT"; then
@@ -3954,7 +3952,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLOPT="${ac_tool_prefix}ocamlopt"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -3982,7 +3980,7 @@ if test -z "$ac_cv_prog_OCAMLOPT"; then
set dummy ocamlopt; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLOPT+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLOPT+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLOPT"; then
@@ -3994,7 +3992,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLOPT="ocamlopt"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4052,7 +4050,7 @@ $as_echo "versions differs from ocamlc; ocamlopt
discarded." >&6; }
set dummy ${ac_tool_prefix}ocamlc.opt; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLCDOTOPT+set}" = set; then :
+if ${ac_cv_prog_OCAMLCDOTOPT+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLCDOTOPT"; then
@@ -4064,7 +4062,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLCDOTOPT="${ac_tool_prefix}ocamlc.opt"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4092,7 +4090,7 @@ if test -z "$ac_cv_prog_OCAMLCDOTOPT"; then
set dummy ocamlc.opt; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLCDOTOPT+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLCDOTOPT+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLCDOTOPT"; then
@@ -4104,7 +4102,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLCDOTOPT="ocamlc.opt"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4156,7 +4154,7 @@ $as_echo "versions differs from ocamlc; ocamlc.opt
discarded." >&6; }
set dummy ${ac_tool_prefix}ocamlopt.opt; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLOPTDOTOPT+set}" = set; then :
+if ${ac_cv_prog_OCAMLOPTDOTOPT+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLOPTDOTOPT"; then
@@ -4168,7 +4166,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLOPTDOTOPT="${ac_tool_prefix}ocamlopt.opt"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4196,7 +4194,7 @@ if test -z "$ac_cv_prog_OCAMLOPTDOTOPT"; then
set dummy ocamlopt.opt; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLOPTDOTOPT+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLOPTDOTOPT+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLOPTDOTOPT"; then
@@ -4208,7 +4206,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLOPTDOTOPT="ocamlopt.opt"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4265,7 +4263,7 @@ $as_echo "version differs from ocamlc; ocamlopt.opt
discarded." >&6; }
set dummy ${ac_tool_prefix}ocaml; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAML+set}" = set; then :
+if ${ac_cv_prog_OCAML+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAML"; then
@@ -4277,7 +4275,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAML="${ac_tool_prefix}ocaml"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4305,7 +4303,7 @@ if test -z "$ac_cv_prog_OCAML"; then
set dummy ocaml; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAML+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAML+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAML"; then
@@ -4317,7 +4315,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAML="ocaml"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4359,7 +4357,7 @@ fi
set dummy ${ac_tool_prefix}ocamldep; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLDEP+set}" = set; then :
+if ${ac_cv_prog_OCAMLDEP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLDEP"; then
@@ -4371,7 +4369,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLDEP="${ac_tool_prefix}ocamldep"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4399,7 +4397,7 @@ if test -z "$ac_cv_prog_OCAMLDEP"; then
set dummy ocamldep; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLDEP+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLDEP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLDEP"; then
@@ -4411,7 +4409,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLDEP="ocamldep"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4453,7 +4451,7 @@ fi
set dummy ${ac_tool_prefix}ocamlmktop; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLMKTOP+set}" = set; then :
+if ${ac_cv_prog_OCAMLMKTOP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLMKTOP"; then
@@ -4465,7 +4463,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLMKTOP="${ac_tool_prefix}ocamlmktop"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4493,7 +4491,7 @@ if test -z "$ac_cv_prog_OCAMLMKTOP"; then
set dummy ocamlmktop; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLMKTOP+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLMKTOP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLMKTOP"; then
@@ -4505,7 +4503,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLMKTOP="ocamlmktop"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4547,7 +4545,7 @@ fi
set dummy ${ac_tool_prefix}ocamlmklib; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLMKLIB+set}" = set; then :
+if ${ac_cv_prog_OCAMLMKLIB+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLMKLIB"; then
@@ -4559,7 +4557,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLMKLIB="${ac_tool_prefix}ocamlmklib"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4587,7 +4585,7 @@ if test -z "$ac_cv_prog_OCAMLMKLIB"; then
set dummy ocamlmklib; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLMKLIB+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLMKLIB+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLMKLIB"; then
@@ -4599,7 +4597,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLMKLIB="ocamlmklib"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4641,7 +4639,7 @@ fi
set dummy ${ac_tool_prefix}ocamldoc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLDOC+set}" = set; then :
+if ${ac_cv_prog_OCAMLDOC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLDOC"; then
@@ -4653,7 +4651,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLDOC="${ac_tool_prefix}ocamldoc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4681,7 +4679,7 @@ if test -z "$ac_cv_prog_OCAMLDOC"; then
set dummy ocamldoc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLDOC+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLDOC+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLDOC"; then
@@ -4693,7 +4691,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLDOC="ocamldoc"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4735,7 +4733,7 @@ fi
set dummy ${ac_tool_prefix}ocamlbuild; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_OCAMLBUILD+set}" = set; then :
+if ${ac_cv_prog_OCAMLBUILD+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$OCAMLBUILD"; then
@@ -4747,7 +4745,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_OCAMLBUILD="${ac_tool_prefix}ocamlbuild"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4775,7 +4773,7 @@ if test -z "$ac_cv_prog_OCAMLBUILD"; then
set dummy ocamlbuild; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_prog_ac_ct_OCAMLBUILD+set}" = set; then :
+if ${ac_cv_prog_ac_ct_OCAMLBUILD+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_OCAMLBUILD"; then
@@ -4787,7 +4785,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OCAMLBUILD="ocamlbuild"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4838,7 +4836,7 @@ fi
set dummy bash; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_BASH+set}" = set; then :
+if ${ac_cv_path_BASH+:} false; then :
$as_echo_n "(cached) " >&6
else
case $BASH in
@@ -4852,7 +4850,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_BASH="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4893,7 +4891,7 @@ fi
set dummy $PYTHON; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_PYTHONPATH+set}" = set; then :
+if ${ac_cv_path_PYTHONPATH+:} false; then :
$as_echo_n "(cached) " >&6
else
case $PYTHONPATH in
@@ -4907,7 +4905,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_PYTHONPATH="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -4960,7 +4958,7 @@ if test -n "$CPP" && test -d
"$CPP"; then
CPP fi
if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then :
+ if ${ac_cv_prog_CPP+:} false; then :
$as_echo_n "(cached) " >&6
else
# Double quotes because CPP needs to be expanded
@@ -5076,7 +5074,7 @@ else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in
\`$ac_pwd'':" >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
fi
ac_ext=c
@@ -5088,7 +5086,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles
long lines and -e" >&5
$as_echo_n "checking for grep that handles long lines and -e... "
>&6; }
-if test "${ac_cv_path_GREP+set}" = set; then :
+if ${ac_cv_path_GREP+:} false; then :
$as_echo_n "(cached) " >&6
else
if test -z "$GREP"; then
@@ -5102,7 +5100,7 @@ do
for ac_prog in grep ggrep; do
for ac_exec_ext in '''' $ac_executable_extensions; do
ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_GREP" && $as_test_x
"$ac_path_GREP"; } || continue
+ as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
case `"$ac_path_GREP" --version 2>&1` in
@@ -5151,7 +5149,7 @@ $as_echo "$ac_cv_path_GREP" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep"
>&5
$as_echo_n "checking for egrep... " >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then :
+if ${ac_cv_path_EGREP+:} false; then :
$as_echo_n "(cached) " >&6
else
if echo a | $GREP -E ''(a|b)'' >/dev/null 2>&1
@@ -5168,7 +5166,7 @@ do
for ac_prog in egrep; do
for ac_exec_ext in '''' $ac_executable_extensions; do
ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_EGREP" && $as_test_x
"$ac_path_EGREP"; } || continue
+ as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
case `"$ac_path_EGREP" --version 2>&1` in
@@ -5218,7 +5216,7 @@ $as_echo "$ac_cv_path_EGREP" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header
files" >&5
$as_echo_n "checking for ANSI C header files... " >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then :
+if ${ac_cv_header_stdc+:} false; then :
$as_echo_n "(cached) " >&6
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -5354,7 +5352,7 @@ ac_python_version=`$PYTHON -c ''import
distutils.sysconfig; \
set dummy $PYTHON-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_pyconfig+set}" = set; then :
+if ${ac_cv_path_pyconfig+:} false; then :
$as_echo_n "(cached) " >&6
else
case $pyconfig in
@@ -5368,7 +5366,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_pyconfig="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5417,7 +5415,7 @@ else
fi
ac_fn_c_check_header_mongrel "$LINENO" "Python.h"
"ac_cv_header_Python_h" "$ac_includes_default"
-if test "x$ac_cv_header_Python_h" = x""yes; then :
+if test "x$ac_cv_header_Python_h" = xyes; then :
else
as_fn_error $? "Unable to find Python development headers"
"$LINENO" 5
@@ -5427,7 +5425,7 @@ fi
as_ac_Lib=`$as_echo
"ac_cv_lib_python$ac_python_version''''_PyArg_ParseTuple"
| $as_tr_sh`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PyArg_ParseTuple in
-lpython$ac_python_version" >&5
$as_echo_n "checking for PyArg_ParseTuple in -lpython$ac_python_version...
" >&6; }
-if eval "test \"\${$as_ac_Lib+set}\"" = set; then :
+if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5480,7 +5478,7 @@ LDLFAGS=$ac_previous_ldflags
set dummy xgettext; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_XGETTEXT+set}" = set; then :
+if ${ac_cv_path_XGETTEXT+:} false; then :
$as_echo_n "(cached) " >&6
else
case $XGETTEXT in
@@ -5494,7 +5492,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_XGETTEXT="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5527,7 +5525,7 @@ i[3456]86|x86_64)
set dummy as86; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_AS86+set}" = set; then :
+if ${ac_cv_path_AS86+:} false; then :
$as_echo_n "(cached) " >&6
else
case $AS86 in
@@ -5541,7 +5539,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_AS86="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5572,7 +5570,7 @@ fi
set dummy ld86; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_LD86+set}" = set; then :
+if ${ac_cv_path_LD86+:} false; then :
$as_echo_n "(cached) " >&6
else
case $LD86 in
@@ -5586,7 +5584,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_LD86="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5617,7 +5615,7 @@ fi
set dummy bcc; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_BCC+set}" = set; then :
+if ${ac_cv_path_BCC+:} false; then :
$as_echo_n "(cached) " >&6
else
case $BCC in
@@ -5631,7 +5629,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_BCC="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5662,7 +5660,7 @@ fi
set dummy iasl; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_IASL+set}" = set; then :
+if ${ac_cv_path_IASL+:} false; then :
$as_echo_n "(cached) " >&6
else
case $IASL in
@@ -5676,7 +5674,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_IASL="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5707,11 +5705,11 @@ fi
esac
ac_fn_c_check_header_mongrel "$LINENO" "uuid/uuid.h"
"ac_cv_header_uuid_uuid_h" "$ac_includes_default"
-if test "x$ac_cv_header_uuid_uuid_h" = x""yes; then :
+if test "x$ac_cv_header_uuid_uuid_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uuid_clear in
-luuid" >&5
$as_echo_n "checking for uuid_clear in -luuid... " >&6; }
-if test "${ac_cv_lib_uuid_uuid_clear+set}" = set; then :
+if ${ac_cv_lib_uuid_uuid_clear+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5745,7 +5743,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_uuid_uuid_clear" >&5
$as_echo "$ac_cv_lib_uuid_uuid_clear" >&6; }
-if test "x$ac_cv_lib_uuid_uuid_clear" = x""yes; then :
+if test "x$ac_cv_lib_uuid_uuid_clear" = xyes; then :
libuuid="y"
fi
@@ -5754,7 +5752,7 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "uuid.h"
"ac_cv_header_uuid_h" "$ac_includes_default"
-if test "x$ac_cv_header_uuid_h" = x""yes; then :
+if test "x$ac_cv_header_uuid_h" = xyes; then :
libuuid="y"
fi
@@ -5767,11 +5765,11 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "curses.h"
"ac_cv_header_curses_h" "$ac_includes_default"
-if test "x$ac_cv_header_curses_h" = x""yes; then :
+if test "x$ac_cv_header_curses_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clear in
-lcurses" >&5
$as_echo_n "checking for clear in -lcurses... " >&6; }
-if test "${ac_cv_lib_curses_clear+set}" = set; then :
+if ${ac_cv_lib_curses_clear+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5805,7 +5803,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_curses_clear" >&5
$as_echo "$ac_cv_lib_curses_clear" >&6; }
-if test "x$ac_cv_lib_curses_clear" = x""yes; then :
+if test "x$ac_cv_lib_curses_clear" = xyes; then :
curses="y"
else
curses="n"
@@ -5818,11 +5816,11 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "ncurses.h"
"ac_cv_header_ncurses_h" "$ac_includes_default"
-if test "x$ac_cv_header_ncurses_h" = x""yes; then :
+if test "x$ac_cv_header_ncurses_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clear in
-lncurses" >&5
$as_echo_n "checking for clear in -lncurses... " >&6; }
-if test "${ac_cv_lib_ncurses_clear+set}" = set; then :
+if ${ac_cv_lib_ncurses_clear+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -5856,7 +5854,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_ncurses_clear" >&5
$as_echo "$ac_cv_lib_ncurses_clear" >&6; }
-if test "x$ac_cv_lib_ncurses_clear" = x""yes; then :
+if test "x$ac_cv_lib_ncurses_clear" = xyes; then :
ncurses="y"
else
ncurses="n"
@@ -5903,7 +5901,7 @@ if test "x$ac_cv_env_PKG_CONFIG_set" !=
"xset"; then
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
$as_echo_n "(cached) " >&6
else
case $PKG_CONFIG in
@@ -5917,7 +5915,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -5946,7 +5944,7 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then
set dummy pkg-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then :
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
$as_echo_n "(cached) " >&6
else
case $ac_pt_PKG_CONFIG in
@@ -5960,7 +5958,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -6091,7 +6089,7 @@ and glib_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
else
glib_CFLAGS=$pkg_cv_glib_CFLAGS
glib_LIBS=$pkg_cv_glib_LIBS
@@ -6104,7 +6102,7 @@ fi
set dummy wget; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_WGET+set}" = set; then :
+if ${ac_cv_path_WGET+:} false; then :
$as_echo_n "(cached) " >&6
else
case $WGET in
@@ -6118,7 +6116,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_WGET="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -6151,7 +6149,7 @@ else
set dummy ftp; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word"
>&5
$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_FTP+set}" = set; then :
+if ${ac_cv_path_FTP+:} false; then :
$as_echo_n "(cached) " >&6
else
case $FTP in
@@ -6165,7 +6163,7 @@ do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '''' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x
"$as_dir/$ac_word$ac_exec_ext"; }; then
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_FTP="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found
$as_dir/$ac_word$ac_exec_ext" >&5
break 2
@@ -6204,11 +6202,11 @@ fi
# Checks for libraries.
ac_fn_c_check_header_mongrel "$LINENO" "bzlib.h"
"ac_cv_header_bzlib_h" "$ac_includes_default"
-if test "x$ac_cv_header_bzlib_h" = x""yes; then :
+if test "x$ac_cv_header_bzlib_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BZ2_bzDecompressInit
in -lbz2" >&5
$as_echo_n "checking for BZ2_bzDecompressInit in -lbz2... "
>&6; }
-if test "${ac_cv_lib_bz2_BZ2_bzDecompressInit+set}" = set; then :
+if ${ac_cv_lib_bz2_BZ2_bzDecompressInit+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6242,7 +6240,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_bz2_BZ2_bzDecompressInit" >&5
$as_echo "$ac_cv_lib_bz2_BZ2_bzDecompressInit" >&6; }
-if test "x$ac_cv_lib_bz2_BZ2_bzDecompressInit" = x""yes;
then :
+if test "x$ac_cv_lib_bz2_BZ2_bzDecompressInit" = xyes; then :
zlib="$zlib -DHAVE_BZLIB -lbz2"
fi
@@ -6251,11 +6249,11 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "lzma.h"
"ac_cv_header_lzma_h" "$ac_includes_default"
-if test "x$ac_cv_header_lzma_h" = x""yes; then :
+if test "x$ac_cv_header_lzma_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzma_stream_decoder
in -llzma" >&5
$as_echo_n "checking for lzma_stream_decoder in -llzma... "
>&6; }
-if test "${ac_cv_lib_lzma_lzma_stream_decoder+set}" = set; then :
+if ${ac_cv_lib_lzma_lzma_stream_decoder+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6289,7 +6287,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_lzma_lzma_stream_decoder" >&5
$as_echo "$ac_cv_lib_lzma_lzma_stream_decoder" >&6; }
-if test "x$ac_cv_lib_lzma_lzma_stream_decoder" = x""yes;
then :
+if test "x$ac_cv_lib_lzma_lzma_stream_decoder" = xyes; then :
zlib="$zlib -DHAVE_LZMA -llzma"
fi
@@ -6298,11 +6296,11 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "lzo/lzo1x.h"
"ac_cv_header_lzo_lzo1x_h" "$ac_includes_default"
-if test "x$ac_cv_header_lzo_lzo1x_h" = x""yes; then :
+if test "x$ac_cv_header_lzo_lzo1x_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_decompress in
-llzo2" >&5
$as_echo_n "checking for lzo1x_decompress in -llzo2... " >&6;
}
-if test "${ac_cv_lib_lzo2_lzo1x_decompress+set}" = set; then :
+if ${ac_cv_lib_lzo2_lzo1x_decompress+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6336,7 +6334,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_lzo2_lzo1x_decompress" >&5
$as_echo "$ac_cv_lib_lzo2_lzo1x_decompress" >&6; }
-if test "x$ac_cv_lib_lzo2_lzo1x_decompress" = x""yes; then
:
+if test "x$ac_cv_lib_lzo2_lzo1x_decompress" = xyes; then :
zlib="$zlib -DHAVE_LZO1X -llzo2"
fi
@@ -6347,7 +6345,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for io_setup in
-laio" >&5
$as_echo_n "checking for io_setup in -laio... " >&6; }
-if test "${ac_cv_lib_aio_io_setup+set}" = set; then :
+if ${ac_cv_lib_aio_io_setup+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6381,7 +6379,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_aio_io_setup" >&5
$as_echo "$ac_cv_lib_aio_io_setup" >&6; }
-if test "x$ac_cv_lib_aio_io_setup" = x""yes; then :
+if test "x$ac_cv_lib_aio_io_setup" = xyes; then :
system_aio="y"
else
system_aio="n"
@@ -6390,7 +6388,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MD5 in
-lcrypto" >&5
$as_echo_n "checking for MD5 in -lcrypto... " >&6; }
-if test "${ac_cv_lib_crypto_MD5+set}" = set; then :
+if ${ac_cv_lib_crypto_MD5+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6424,7 +6422,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_crypto_MD5" >&5
$as_echo "$ac_cv_lib_crypto_MD5" >&6; }
-if test "x$ac_cv_lib_crypto_MD5" = x""yes; then :
+if test "x$ac_cv_lib_crypto_MD5" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBCRYPTO 1
_ACEOF
@@ -6437,11 +6435,11 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "ext2fs/ext2fs.h"
"ac_cv_header_ext2fs_ext2fs_h" "$ac_includes_default"
-if test "x$ac_cv_header_ext2fs_ext2fs_h" = x""yes; then :
+if test "x$ac_cv_header_ext2fs_ext2fs_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ext2fs_open2 in
-lext2fs" >&5
$as_echo_n "checking for ext2fs_open2 in -lext2fs... " >&6; }
-if test "${ac_cv_lib_ext2fs_ext2fs_open2+set}" = set; then :
+if ${ac_cv_lib_ext2fs_ext2fs_open2+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6475,7 +6473,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_ext2fs_ext2fs_open2" >&5
$as_echo "$ac_cv_lib_ext2fs_ext2fs_open2" >&6; }
-if test "x$ac_cv_lib_ext2fs_ext2fs_open2" = x""yes; then :
+if test "x$ac_cv_lib_ext2fs_ext2fs_open2" = xyes; then :
$as_echo "#define INCLUDE_EXTFS_H <ext2fs/ext2fs.h>"
>>confdefs.h
@@ -6489,11 +6487,11 @@ fi
ac_fn_c_check_header_mongrel "$LINENO" "ext4fs/ext2fs.h"
"ac_cv_header_ext4fs_ext2fs_h" "$ac_includes_default"
-if test "x$ac_cv_header_ext4fs_ext2fs_h" = x""yes; then :
+if test "x$ac_cv_header_ext4fs_ext2fs_h" = xyes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ext2fs_open2 in
-lext4fs" >&5
$as_echo_n "checking for ext2fs_open2 in -lext4fs... " >&6; }
-if test "${ac_cv_lib_ext4fs_ext2fs_open2+set}" = set; then :
+if ${ac_cv_lib_ext4fs_ext2fs_open2+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6527,7 +6525,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_ext4fs_ext2fs_open2" >&5
$as_echo "$ac_cv_lib_ext4fs_ext2fs_open2" >&6; }
-if test "x$ac_cv_lib_ext4fs_ext2fs_open2" = x""yes; then :
+if test "x$ac_cv_lib_ext4fs_ext2fs_open2" = xyes; then :
$as_echo "#define INCLUDE_EXTFS_H <ext4fs/ext2fs.h>"
>>confdefs.h
@@ -6544,7 +6542,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcry_md_hash_buffer
in -lgcrypt" >&5
$as_echo_n "checking for gcry_md_hash_buffer in -lgcrypt... "
>&6; }
-if test "${ac_cv_lib_gcrypt_gcry_md_hash_buffer+set}" = set; then :
+if ${ac_cv_lib_gcrypt_gcry_md_hash_buffer+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6578,7 +6576,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_gcrypt_gcry_md_hash_buffer" >&5
$as_echo "$ac_cv_lib_gcrypt_gcry_md_hash_buffer" >&6; }
-if test "x$ac_cv_lib_gcrypt_gcry_md_hash_buffer" = x""yes;
then :
+if test "x$ac_cv_lib_gcrypt_gcry_md_hash_buffer" = xyes; then :
libgcrypt="y"
else
libgcrypt="n"
@@ -6588,7 +6586,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread
flag" >&5
$as_echo_n "checking for pthread flag... " >&6; }
-if test "${ax_cv_pthread_flags+set}" = set; then :
+if ${ax_cv_pthread_flags+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -6656,7 +6654,7 @@ $as_echo "$ax_cv_pthread_flags" >&6; }
CPPFLAGS="$CPPFLAGS -Werror"
ac_fn_c_check_header_mongrel "$LINENO" "libutil.h"
"ac_cv_header_libutil_h" "$ac_includes_default"
-if test "x$ac_cv_header_libutil_h" = x""yes; then :
+if test "x$ac_cv_header_libutil_h" = xyes; then :
$as_echo "#define INCLUDE_LIBUTIL_H <libutil.h>"
>>confdefs.h
@@ -6670,7 +6668,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty et
al" >&5
$as_echo_n "checking for openpty et al... " >&6; }
-if test "${ax_cv_ptyfuncs_libs+set}" = set; then :
+if ${ax_cv_ptyfuncs_libs+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -6679,7 +6677,7 @@ else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in
\`$ac_pwd'':" >&5
$as_echo "$as_me: error: in \`$ac_pwd'':" >&2;}
as_fn_error $? "Unable to find library for openpty and login_tty
-See \`config.log'' for more details" "$LINENO" 5 ; }
+See \`config.log'' for more details" "$LINENO" 5; }
fi
saved_LIBS="$LIBS"
@@ -6717,7 +6715,7 @@ $as_echo "$ax_cv_ptyfuncs_libs" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for yajl_alloc in
-lyajl" >&5
$as_echo_n "checking for yajl_alloc in -lyajl... " >&6; }
-if test "${ac_cv_lib_yajl_yajl_alloc+set}" = set; then :
+if ${ac_cv_lib_yajl_yajl_alloc+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6751,7 +6749,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_yajl_yajl_alloc" >&5
$as_echo "$ac_cv_lib_yajl_yajl_alloc" >&6; }
-if test "x$ac_cv_lib_yajl_yajl_alloc" = x""yes; then :
+if test "x$ac_cv_lib_yajl_yajl_alloc" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBYAJL 1
_ACEOF
@@ -6764,7 +6762,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflateCopy in
-lz" >&5
$as_echo_n "checking for deflateCopy in -lz... " >&6; }
-if test "${ac_cv_lib_z_deflateCopy+set}" = set; then :
+if ${ac_cv_lib_z_deflateCopy+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6798,7 +6796,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_z_deflateCopy" >&5
$as_echo "$ac_cv_lib_z_deflateCopy" >&6; }
-if test "x$ac_cv_lib_z_deflateCopy" = x""yes; then :
+if test "x$ac_cv_lib_z_deflateCopy" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBZ 1
_ACEOF
@@ -6811,7 +6809,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libiconv_open in
-liconv" >&5
$as_echo_n "checking for libiconv_open in -liconv... " >&6; }
-if test "${ac_cv_lib_iconv_libiconv_open+set}" = set; then :
+if ${ac_cv_lib_iconv_libiconv_open+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
@@ -6845,7 +6843,7 @@ LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result:
$ac_cv_lib_iconv_libiconv_open" >&5
$as_echo "$ac_cv_lib_iconv_libiconv_open" >&6; }
-if test "x$ac_cv_lib_iconv_libiconv_open" = x""yes; then :
+if test "x$ac_cv_lib_iconv_libiconv_open" = xyes; then :
libiconv="y"
else
libiconv="n"
@@ -6857,7 +6855,7 @@ fi
for ac_header in yajl/yajl_version.h
do :
ac_fn_c_check_header_mongrel "$LINENO"
"yajl/yajl_version.h" "ac_cv_header_yajl_yajl_version_h"
"$ac_includes_default"
-if test "x$ac_cv_header_yajl_yajl_version_h" = x""yes; then
:
+if test "x$ac_cv_header_yajl_yajl_version_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_YAJL_YAJL_VERSION_H 1
_ACEOF
@@ -6931,10 +6929,21 @@ $as_echo "$as_me: WARNING: cache variable $ac_var
contains a newline" >&2;} ;;
:end'' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :;
else
if test -w "$cache_file"; then
- test "x$cache_file" != "x/dev/null" &&
+ if test "x$cache_file" != "x/dev/null"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: updating cache
$cache_file" >&5
$as_echo "$as_me: updating cache $cache_file" >&6;}
- cat confcache >$cache_file
+ if test ! -f "$cache_file" || test -h "$cache_file";
then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache
$cache_file" >&5
$as_echo "$as_me: not updating unwritable cache $cache_file"
>&6;}
@@ -6966,7 +6975,7 @@ LTLIBOBJS=$ac_ltlibobjs
-: ${CONFIG_STATUS=./config.status}
+: "${CONFIG_STATUS=./config.status}"
ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
@@ -7067,6 +7076,7 @@ fi
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
+as_myself case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
@@ -7262,16 +7272,16 @@ if (echo >conf$$.file) 2>/dev/null; then
# ... but there are two gotchas:
# 1) On MSYS, both `ln -s file dir'' and `ln file dir''
fail.
# 2) DJGPP < 2.04 has no symlinks; `ln -s'' creates a wrapper
executable.
- # In both cases, we have to default to `cp -p''.
+ # In both cases, we have to default to `cp -pR''.
ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe
||
- as_ln_s=''cp -p''
+ as_ln_s=''cp -pR''
elif ln conf$$.file conf$$ 2>/dev/null; then
as_ln_s=ln
else
- as_ln_s=''cp -p''
+ as_ln_s=''cp -pR''
fi
else
- as_ln_s=''cp -p''
+ as_ln_s=''cp -pR''
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
@@ -7331,28 +7341,16 @@ else
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x=''test -x''
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option- fi
- as_test_x=''
- eval sh -c ''\''''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in #(
- -*)set "./$1";;
- esac;
- case `ls -ld''$as_ls_L_option'' "$1" 2>/dev/null`
in #((
- ???[sx]*):;;*)false;;esac;fi
- ''\'''' sh
- ''
-fi
-as_executable_p=$as_test_x
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x=''test -x''
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed
''y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g''"
@@ -7374,7 +7372,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF ||
ac_write_fail=1
# values after options handling.
ac_log="
This file was extended by Xen Hypervisor $as_me 4.3, which was
-generated by GNU Autoconf 2.67. Invocation command line was
+generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -7437,10 +7435,10 @@ cat >>$CONFIG_STATUS <<_ACEOF ||
ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed ''s/^
//; s/[\\""\`\$]/\\\\&/g''`"
ac_cs_version="\\
Xen Hypervisor config.status 4.3
-configured by $0, generated by GNU Autoconf 2.67,
+configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
-Copyright (C) 2010 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@@ -7529,7 +7527,7 @@ fi
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
- set X ''$SHELL'' ''$0'' $ac_configure_args
\$ac_configure_extra_args --no-create --no-recursion
+ set X $SHELL ''$0'' $ac_configure_args
\$ac_configure_extra_args --no-create --no-recursion
shift
\$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL=''$SHELL''
@@ -7561,7 +7559,7 @@ do
"../config/Tools.mk") CONFIG_FILES="$CONFIG_FILES
../config/Tools.mk" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h"
;;
- *) as_fn_error $? "invalid argument: \`$ac_config_target''"
"$LINENO" 5 ;;
+ *) as_fn_error $? "invalid argument: \`$ac_config_target''"
"$LINENO" 5;;
esac
done
@@ -7583,9 +7581,10 @@ fi
# after its creation but before its name has been assigned to `$tmp''.
$debug ||
{
- tmp+ tmp= ac_tmp trap ''exit_status=$?
- { test -z "$tmp" || test ! -d "$tmp" || rm -fr
"$tmp"; } && exit $exit_status
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } &&
exit $exit_status
'' 0
trap ''as_fn_exit 1'' 1 2 13 15
}
@@ -7593,12 +7592,13 @@ $debug ||
{
tmp=`(umask 077 && mktemp -d "./confXXXXXX")
2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
+ test -d "$tmp"
} ||
{
tmp=./conf$$-$RANDOM
(umask 077 && mkdir "$tmp")
} || as_fn_error $? "cannot create a temporary directory in ."
"$LINENO" 5
+ac_tmp=$tmp
# Set up the scripts for CONFIG_FILES section.
# No need to generate them if there are no CONFIG_FILES.
@@ -7620,7 +7620,7 @@ else
ac_cs_awk_cr=$ac_cr
fi
-echo ''BEGIN {'' >"$tmp/subs1.awk" &&
+echo ''BEGIN {'' >"$ac_tmp/subs1.awk" &&
_ACEOF
@@ -7648,7 +7648,7 @@ done
rm -f conf$$subs.sh
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
_ACEOF
sed -n ''
h
@@ -7696,7 +7696,7 @@ t delim
rm -f conf$$subs.awk
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
_ACAWK
-cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
for (key in S) S_is_set[key] = 1
FS = ""
@@ -7728,7 +7728,7 @@ if sed "s/$ac_cr//" < /dev/null >
/dev/null 2>&1; then
sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
else
cat
-fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
|| as_fn_error $? "could not setup config files machinery"
"$LINENO" 5
_ACEOF
@@ -7762,7 +7762,7 @@ fi # test -n "$CONFIG_FILES"
# No need to generate them if there are no CONFIG_HEADERS.
# This happens for instance with `./config.status Makefile''.
if test -n "$CONFIG_HEADERS"; then
-cat >"$tmp/defines.awk" <<\_ACAWK ||
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
BEGIN {
_ACEOF
@@ -7774,8 +7774,8 @@ _ACEOF
# handling of long lines.
ac_delim=''%!_!# ''
for ac_last_try in false false :; do
- ac_t=`sed -n "/$ac_delim/p" confdefs.h`
- if test -z "$ac_t"; then
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
break
elif $ac_last_try; then
as_fn_error $? "could not make $CONFIG_HEADERS"
"$LINENO" 5
@@ -7876,7 +7876,7 @@ do
esac
case $ac_mode$ac_tag in
:[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag''"
"$LINENO" 5 ;;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag''"
"$LINENO" 5;;
:[FH]-) ac_tag=-:-;;
:[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
esac
@@ -7895,7 +7895,7 @@ do
for ac_f
do
case $ac_f in
- -) ac_f="$tmp/stdin";;
+ -) ac_f="$ac_tmp/stdin";;
*) # Look for the file first in the build tree, then in the source tree
# (if the path is not absolute). The absolute path cannot be DOS-style,
# because $ac_f cannot contain `:''.
@@ -7904,7 +7904,7 @@ do
[\\/$]*) false;;
*) test -f "$srcdir/$ac_f" &&
ac_f="$srcdir/$ac_f";;
esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f''"
"$LINENO" 5 ;;
+ as_fn_error 1 "cannot find input file: \`$ac_f''"
"$LINENO" 5;;
esac
case $ac_f in *\''*) ac_f=`$as_echo "$ac_f" | sed
"s/''/''\\\\\\\\''''/g"`;; esac
as_fn_append ac_file_inputs " ''$ac_f''"
@@ -7930,8 +7930,8 @@ $as_echo "$as_me: creating $ac_file"
>&6;}
esac
case $ac_tag in
- *:-:* | *:-) cat >"$tmp/stdin" \
- || as_fn_error $? "could not create $ac_file"
"$LINENO" 5 ;;
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file"
"$LINENO" 5 ;;
esac
;;
esac
@@ -8061,21 +8061,22 @@ s&@abs_top_builddir@&$ac_abs_top_builddir&;t
t
s&@INSTALL@&$ac_INSTALL&;t t
$ac_datarootdir_hack
"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f
"$tmp/subs.awk" >$tmp/out \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f
"$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file"
"$LINENO" 5
test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n ''/\${datarootdir}/p''
"$tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n ''/^[ ]*datarootdir[ ]*:*=/p''
"$tmp/out"`; test -z "$ac_out"; } &&
+ { ac_out=`sed -n ''/\${datarootdir}/p''
"$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n ''/^[ ]*datarootdir[ ]*:*=/p'' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a
reference to the variable \`datarootdir''
which seems to be undefined. Please make sure it is defined" >&5
$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable
\`datarootdir''
which seems to be undefined. Please make sure it is defined" >&2;}
- rm -f "$tmp/stdin"
+ rm -f "$ac_tmp/stdin"
case $ac_file in
- -) cat "$tmp/out" && rm -f "$tmp/out";;
- *) rm -f "$ac_file" && mv "$tmp/out"
"$ac_file";;
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out"
"$ac_file";;
esac \
|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
;;
@@ -8086,20 +8087,20 @@ which seems to be undefined. Please make sure it is
defined" >&2;}
if test x"$ac_file" != x-; then
{
$as_echo "/* $configure_input */" \
- && eval ''$AWK -f "$tmp/defines.awk"''
"$ac_file_inputs"
- } >"$tmp/config.h" \
+ && eval ''$AWK -f
"$ac_tmp/defines.awk"'' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
|| as_fn_error $? "could not create $ac_file"
"$LINENO" 5
- if diff "$ac_file" "$tmp/config.h" >/dev/null
2>&1; then
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null
2>&1; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged"
>&5
$as_echo "$as_me: $ac_file is unchanged" >&6;}
else
rm -f "$ac_file"
- mv "$tmp/config.h" "$ac_file" \
+ mv "$ac_tmp/config.h" "$ac_file" \
|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
fi
else
$as_echo "/* $configure_input */" \
- && eval ''$AWK -f "$tmp/defines.awk"''
"$ac_file_inputs" \
+ && eval ''$AWK -f
"$ac_tmp/defines.awk"'' "$ac_file_inputs" \
|| as_fn_error $? "could not create -" "$LINENO" 5
fi
;;
--
1.7.10.4
Add the code base for vtpm-stubdom to the stubdom
heirarchy. Makefile changes in later patch.
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
stubdom/vtpm/Makefile | 37 +++++
stubdom/vtpm/minios.cfg | 14 ++
stubdom/vtpm/vtpm.c | 404 ++++++++++++++++++++++++++++++++++++++++++++++
stubdom/vtpm/vtpm.h | 36 +++++
stubdom/vtpm/vtpm_cmd.c | 256 +++++++++++++++++++++++++++++
stubdom/vtpm/vtpm_cmd.h | 31 ++++
stubdom/vtpm/vtpm_pcrs.c | 43 +++++
stubdom/vtpm/vtpm_pcrs.h | 53 ++++++
stubdom/vtpm/vtpmblk.c | 307 +++++++++++++++++++++++++++++++++++
stubdom/vtpm/vtpmblk.h | 31 ++++
10 files changed, 1212 insertions(+)
create mode 100644 stubdom/vtpm/Makefile
create mode 100644 stubdom/vtpm/minios.cfg
create mode 100644 stubdom/vtpm/vtpm.c
create mode 100644 stubdom/vtpm/vtpm.h
create mode 100644 stubdom/vtpm/vtpm_cmd.c
create mode 100644 stubdom/vtpm/vtpm_cmd.h
create mode 100644 stubdom/vtpm/vtpm_pcrs.c
create mode 100644 stubdom/vtpm/vtpm_pcrs.h
create mode 100644 stubdom/vtpm/vtpmblk.c
create mode 100644 stubdom/vtpm/vtpmblk.h
diff --git a/stubdom/vtpm/Makefile b/stubdom/vtpm/Makefile
new file mode 100644
index 0000000..686c0ea
--- /dev/null
+++ b/stubdom/vtpm/Makefile
@@ -0,0 +1,37 @@
+# Copyright (c) 2010-2012 United States Government, as represented by
+# the Secretary of Defense. All rights reserved.
+#
+# THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+# ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+# INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+# DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+# SOFTWARE.
+#
+
+XEN_ROOT=../..
+
+PSSL_DIR=../polarssl-$(XEN_TARGET_ARCH)/library
+PSSL_OBJS=aes.o sha1.o entropy.o ctr_drbg.o sha4.o
+
+TARGET=vtpm.a
+OBJS=vtpm.o vtpm_cmd.o vtpmblk.o vtpm_pcrs.o
+
+
+CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)/build
+CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)/tpm
+CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)/crypto
+CPPFLAGS+=-I../tpm_emulator-$(XEN_TARGET_ARCH)
+
+$(TARGET): $(OBJS)
+ ar -cr $@ $(OBJS) $(TPMEMU_OBJS) $(foreach
obj,$(PSSL_OBJS),$(PSSL_DIR)/$(obj))
+
+$(OBJS): vtpm_manager.h
+
+vtpm_manager.h:
+ ln -s ../vtpmmgr/vtpm_manager.h vtpm_manager.h
+
+clean:
+ -rm $(TARGET) $(OBJS) vtpm_manager.h
+
+.PHONY: clean
diff --git a/stubdom/vtpm/minios.cfg b/stubdom/vtpm/minios.cfg
new file mode 100644
index 0000000..31652ee
--- /dev/null
+++ b/stubdom/vtpm/minios.cfg
@@ -0,0 +1,14 @@
+CONFIG_TPMFRONT=y
+CONFIG_TPM_TIS=n
+CONFIG_TPMBACK=y
+CONFIG_START_NETWORK=n
+CONFIG_TEST=n
+CONFIG_PCIFRONT=n
+CONFIG_BLKFRONT=y
+CONFIG_NETFRONT=n
+CONFIG_FBFRONT=n
+CONFIG_KBDFRONT=n
+CONFIG_CONSFRONT=n
+CONFIG_XENBUS=y
+CONFIG_LWIP=n
+CONFIG_XC=n
diff --git a/stubdom/vtpm/vtpm.c b/stubdom/vtpm/vtpm.c
new file mode 100644
index 0000000..71aef78
--- /dev/null
+++ b/stubdom/vtpm/vtpm.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <syslog.h>
+#include <stdbool.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <xen/xen.h>
+#include <tpmback.h>
+#include <tpmfront.h>
+
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+
+#include "tpm/tpm_emulator_extern.h"
+#include "tpm/tpm_marshalling.h"
+#include "vtpm.h"
+#include "vtpm_cmd.h"
+#include "vtpm_pcrs.h"
+#include "vtpmblk.h"
+
+#define TPM_LOG_INFO LOG_INFO
+#define TPM_LOG_ERROR LOG_ERR
+#define TPM_LOG_DEBUG LOG_DEBUG
+
+/* Global commandline options - default values */
+struct Opt_args opt_args = {
+ .startup = ST_CLEAR,
+ .loglevel = TPM_LOG_INFO,
+ .hwinitpcrs = VTPM_PCRNONE,
+ .tpmconf = 0,
+ .enable_maint_cmds = false,
+};
+
+static uint32_t badords[32];
+static unsigned int n_badords = 0;
+
+entropy_context entropy;
+ctr_drbg_context ctr_drbg;
+
+struct tpmfront_dev* tpmfront_dev;
+
+void vtpm_get_extern_random_bytes(void *buf, size_t nbytes)
+{
+ ctr_drbg_random(&ctr_drbg, buf, nbytes);
+}
+
+int vtpm_read_from_file(uint8_t **data, size_t *data_length) {
+ return read_vtpmblk(tpmfront_dev, data, data_length);
+}
+
+int vtpm_write_to_file(uint8_t *data, size_t data_length) {
+ return write_vtpmblk(tpmfront_dev, data, data_length);
+}
+
+int vtpm_extern_init_fake(void) {
+ return 0;
+}
+
+void vtpm_extern_release_fake(void) {
+}
+
+
+void vtpm_log(int priority, const char *fmt, ...)
+{
+ if(opt_args.loglevel >= priority) {
+ va_list v;
+ va_start(v, fmt);
+ vprintf(fmt, v);
+ va_end(v);
+ }
+}
+
+static uint64_t vtpm_get_ticks(void)
+{
+ static uint64_t old_t = 0;
+ uint64_t new_t, res_t;
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ new_t = (uint64_t)tv.tv_sec * 1000000 + (uint64_t)tv.tv_usec;
+ res_t = (old_t > 0) ? new_t - old_t : 0;
+ old_t = new_t;
+ return res_t;
+}
+
+
+static int tpm_entropy_source(void* dummy, unsigned char* data, size_t len,
size_t* olen) {
+ UINT32 sz = len;
+ TPM_RESULT rc = VTPM_GetRandom(tpmfront_dev, data, &sz);
+ *olen = sz;
+ return rc == TPM_SUCCESS ? 0 : POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
+}
+
+int init_random(void) {
+ /* Initialize the rng */
+ entropy_init(&entropy);
+ entropy_add_source(&entropy, tpm_entropy_source, NULL, 0);
+ entropy_gather(&entropy);
+ ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, NULL, 0);
+ ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_OFF );
+
+ return 0;
+}
+
+int check_ordinal(tpmcmd_t* tpmcmd) {
+ TPM_COMMAND_CODE ord;
+ UINT32 len = 4;
+ BYTE* ptr;
+ unsigned int i;
+
+ if(tpmcmd->req_len < 10) {
+ return true;
+ }
+
+ ptr = tpmcmd->req + 6;
+ tpm_unmarshal_UINT32(&ptr, &len, &ord);
+
+ for(i = 0; i < n_badords; ++i) {
+ if(ord == badords[i]) {
+ error("Disabled command ordinal (%" PRIu32")
requested!\n");
+ return false;
+ }
+ }
+ return true;
+}
+
+static void main_loop(void) {
+ tpmcmd_t* tpmcmd = NULL;
+ domid_t domid; /* Domid of frontend */
+ unsigned int handle; /* handle of frontend */
+ int res = -1;
+
+ info("VTPM Initializing\n");
+
+ /* Set required tpm config args */
+ opt_args.tpmconf |= TPM_CONF_STRONG_PERSISTENCE;
+ opt_args.tpmconf &= ~TPM_CONF_USE_INTERNAL_PRNG;
+ opt_args.tpmconf |= TPM_CONF_GENERATE_EK;
+ opt_args.tpmconf |= TPM_CONF_GENERATE_SEED_DAA;
+
+ /* Initialize the emulator */
+ tpm_emulator_init(opt_args.startup, opt_args.tpmconf);
+
+ /* Initialize any requested PCRs with hardware TPM values */
+ if(vtpm_initialize_hw_pcrs(tpmfront_dev, opt_args.hwinitpcrs) !=
TPM_SUCCESS) {
+ error("Failed to initialize PCRs with hardware TPM values");
+ goto abort_postpcrs;
+ }
+
+ /* Wait for the frontend domain to connect */
+ info("Waiting for frontend domain to connect..");
+ if(tpmback_wait_for_frontend_connect(&domid, &handle) == 0) {
+ info("VTPM attached to Frontend %u/%u", (unsigned int) domid,
handle);
+ } else {
+ error("Unable to attach to a frontend");
+ }
+
+ tpmcmd = tpmback_req(domid, handle);
+ while(tpmcmd) {
+ /* Handle the request */
+ if(tpmcmd->req_len) {
+ tpmcmd->resp = NULL;
+ tpmcmd->resp_len = 0;
+
+ /* First check for disabled ordinals */
+ if(!check_ordinal(tpmcmd)) {
+ create_error_response(tpmcmd, TPM_BAD_ORDINAL);
+ }
+ /* If not disabled, do the command */
+ else {
+ if((res = tpm_handle_command(tpmcmd->req, tpmcmd->req_len,
&tpmcmd->resp, &tpmcmd->resp_len)) != 0) {
+ error("tpm_handle_command() failed");
+ create_error_response(tpmcmd, TPM_FAIL);
+ }
+ }
+ }
+
+ /* Send the response */
+ tpmback_resp(tpmcmd);
+
+ /* Wait for the next request */
+ tpmcmd = tpmback_req(domid, handle);
+
+ }
+
+abort_postpcrs:
+ info("VTPM Shutting down\n");
+
+ tpm_emulator_shutdown();
+}
+
+int parse_cmd_line(int argc, char** argv)
+{
+ char sval[25];
+ char* logstr = NULL;
+ /* Parse the command strings */
+ for(unsigned int i = 1; i < argc; ++i) {
+ if (sscanf(argv[i], "loglevel=%25s", sval) == 1){
+ if (!strcmp(sval, "debug")) {
+ opt_args.loglevel = TPM_LOG_DEBUG;
+ logstr = "debug";
+ }
+ else if (!strcmp(sval, "info")) {
+ logstr = "info";
+ opt_args.loglevel = TPM_LOG_INFO;
+ }
+ else if (!strcmp(sval, "error")) {
+ logstr = "error";
+ opt_args.loglevel = TPM_LOG_ERROR;
+ }
+ }
+ else if (!strcmp(argv[i], "clear")) {
+ opt_args.startup = ST_CLEAR;
+ }
+ else if (!strcmp(argv[i], "save")) {
+ opt_args.startup = ST_SAVE;
+ }
+ else if (!strcmp(argv[i], "deactivated")) {
+ opt_args.startup = ST_DEACTIVATED;
+ }
+ else if (!strncmp(argv[i], "maintcmds=", 10)) {
+ if(!strcmp(argv[i] + 10, "1")) {
+ opt_args.enable_maint_cmds = true;
+ } else if(!strcmp(argv[i] + 10, "0")) {
+ opt_args.enable_maint_cmds = false;
+ }
+ }
+ else if(!strncmp(argv[i], "hwinitpcr=", 10)) {
+ char *pch = argv[i] + 10;
+ unsigned int v1, v2;
+ pch = strtok(pch, ",");
+ while(pch != NULL) {
+ if(!strcmp(pch, "all")) {
+ //Set all
+ opt_args.hwinitpcrs = VTPM_PCRALL;
+ } else if(!strcmp(pch, "none")) {
+ //Set none
+ opt_args.hwinitpcrs = VTPM_PCRNONE;
+ } else if(sscanf(pch, "%u", &v1) == 1) {
+ //Set one
+ if(v1 >= TPM_NUM_PCR) {
+ error("hwinitpcr error: Invalid PCR index %u", v1);
+ return -1;
+ }
+ opt_args.hwinitpcrs |= (1 << v1);
+ } else if(sscanf(pch, "%u-%u", &v1, &v2) == 2) {
+ //Set range
+ if(v1 >= TPM_NUM_PCR) {
+ error("hwinitpcr error: Invalid PCR index %u", v1);
+ return -1;
+ }
+ if(v2 >= TPM_NUM_PCR) {
+ error("hwinitpcr error: Invalid PCR index %u", v1);
+ return -1;
+ }
+ if(v2 < v1) {
+ unsigned tp = v1;
+ v1 = v2;
+ v2 = tp;
+ }
+ for(unsigned int i = v1; i <= v2; ++i) {
+ opt_args.hwinitpcrs |= (1 << i);
+ }
+ } else {
+ error("hwintipcr error: Invalid PCR specification :
%s", pch);
+ return -1;
+ }
+ pch = strtok(NULL, ",");
+ }
+ }
+ else {
+ error("Invalid command line option `%s''", argv[i]);
+ }
+
+ }
+
+ /* Check Errors and print results */
+ switch(opt_args.startup) {
+ case ST_CLEAR:
+ info("Startup mode is `clear''");
+ break;
+ case ST_SAVE:
+ info("Startup mode is `save''");
+ break;
+ case ST_DEACTIVATED:
+ info("Startup mode is `deactivated''");
+ break;
+ default:
+ error("Invalid startup mode %d", opt_args.startup);
+ return -1;
+ }
+
+ if(opt_args.hwinitpcrs & (VTPM_PCRALL))
+ {
+ char pcrstr[1024];
+ char* ptr = pcrstr;
+
+ pcrstr[0] = ''\0'';
+ info("The following PCRs will be initialized with values from the
hardware TPM:");
+ for(unsigned int i = 0; i < TPM_NUM_PCR; ++i) {
+ if(opt_args.hwinitpcrs & (1 << i)) {
+ ptr += sprintf(ptr, "%u, ", i);
+ }
+ }
+ /* get rid of the last comma if any numbers were printed */
+ *(ptr -2) = ''\0'';
+
+ info("\t%s", pcrstr);
+ } else {
+ info("All PCRs initialized to default values");
+ }
+
+ if(!opt_args.enable_maint_cmds) {
+ info("TPM Maintenance Commands disabled");
+ badords[n_badords++] = TPM_ORD_CreateMaintenanceArchive;
+ badords[n_badords++] = TPM_ORD_LoadMaintenanceArchive;
+ badords[n_badords++] = TPM_ORD_KillMaintenanceFeature;
+ badords[n_badords++] = TPM_ORD_LoadManuMaintPub;
+ badords[n_badords++] = TPM_ORD_ReadManuMaintPub;
+ } else {
+ info("TPM Maintenance Commands enabled");
+ }
+
+ info("Log level set to %s", logstr);
+
+ return 0;
+}
+
+void cleanup_opt_args(void) {
+}
+
+int main(int argc, char **argv)
+{
+ //FIXME: initializing blkfront without this sleep causes the domain to crash
on boot
+ sleep(2);
+
+ /* Setup extern function pointers */
+ tpm_extern_init = vtpm_extern_init_fake;
+ tpm_extern_release = vtpm_extern_release_fake;
+ tpm_malloc = malloc;
+ tpm_free = free;
+ tpm_log = vtpm_log;
+ tpm_get_ticks = vtpm_get_ticks;
+ tpm_get_extern_random_bytes = vtpm_get_extern_random_bytes;
+ tpm_write_to_storage = vtpm_write_to_file;
+ tpm_read_from_storage = vtpm_read_from_file;
+
+ info("starting TPM Emulator (1.2.%d.%d-%d)", VERSION_MAJOR,
VERSION_MINOR, VERSION_BUILD);
+ if(parse_cmd_line(argc, argv)) {
+ error("Error parsing commandline\n");
+ return -1;
+ }
+
+ /* Initialize devices */
+ init_tpmback();
+ if((tpmfront_dev = init_tpmfront(NULL)) == NULL) {
+ error("Unable to initialize tpmfront device");
+ goto abort_posttpmfront;
+ }
+
+ /* Seed the RNG with entropy from hardware TPM */
+ if(init_random()) {
+ error("Unable to initialize RNG");
+ goto abort_postrng;
+ }
+
+ /* Initialize blkfront device */
+ if(init_vtpmblk(tpmfront_dev)) {
+ error("Unable to initialize Blkfront persistent storage");
+ goto abort_postvtpmblk;
+ }
+
+ /* Run main loop */
+ main_loop();
+
+ /* Shutdown blkfront */
+ shutdown_vtpmblk();
+abort_postvtpmblk:
+abort_postrng:
+
+ /* Close devices */
+ shutdown_tpmfront(tpmfront_dev);
+abort_posttpmfront:
+ shutdown_tpmback();
+
+ cleanup_opt_args();
+
+ return 0;
+}
diff --git a/stubdom/vtpm/vtpm.h b/stubdom/vtpm/vtpm.h
new file mode 100644
index 0000000..5919e44
--- /dev/null
+++ b/stubdom/vtpm/vtpm.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#ifndef VTPM_H
+#define VTPM_H
+
+#include <stdbool.h>
+
+/* For testing */
+#define VERS_CMD
"\x00\xC1\x00\x00\x00\x16\x00\x00\x00\x65\x00\x00\x00\x05\x00\x00\x00\x04\x00\x00\x01\x03"
+#define VERS_CMD_LEN 22
+
+/* Global commandline options */
+struct Opt_args {
+ enum StartUp {
+ ST_CLEAR = 1,
+ ST_SAVE = 2,
+ ST_DEACTIVATED = 3
+ } startup;
+ unsigned long hwinitpcrs;
+ int loglevel;
+ uint32_t tpmconf;
+ bool enable_maint_cmds;
+};
+extern struct Opt_args opt_args;
+
+#endif
diff --git a/stubdom/vtpm/vtpm_cmd.c b/stubdom/vtpm/vtpm_cmd.c
new file mode 100644
index 0000000..7eae98b
--- /dev/null
+++ b/stubdom/vtpm/vtpm_cmd.c
@@ -0,0 +1,256 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#include <types.h>
+#include <xen/xen.h>
+#include <mm.h>
+#include <gnttab.h>
+#include "tpm/tpm_marshalling.h"
+#include "vtpm_manager.h"
+#include "vtpm_cmd.h"
+#include <tpmback.h>
+
+#define TRYFAILGOTO(C) \
+ if((C)) { \
+ status = TPM_FAIL; \
+ goto abort_egress; \
+ }
+#define TRYFAILGOTOMSG(C, msg) \
+ if((C)) { \
+ status = TPM_FAIL; \
+ error(msg); \
+ goto abort_egress; \
+ }
+#define CHECKSTATUSGOTO(ret, fname) \
+ if((ret) != TPM_SUCCESS) { \
+ error("%s failed with error code (%lu)", fname, (unsigned long)
ret); \
+ status = ord; \
+ goto abort_egress; \
+ }
+
+#define ERR_MALFORMED "Malformed response from backend"
+#define ERR_TPMFRONT "Error sending command through frontend device"
+
+struct shpage {
+ void* page;
+ grant_ref_t grantref;
+};
+
+typedef struct shpage shpage_t;
+
+static inline int pack_header(uint8_t** bptr, UINT32* len, TPM_TAG tag, UINT32
size, TPM_COMMAND_CODE ord)
+{
+ return *bptr == NULL ||
+ tpm_marshal_UINT16(bptr, len, tag) ||
+ tpm_marshal_UINT32(bptr, len, size) ||
+ tpm_marshal_UINT32(bptr, len, ord);
+}
+
+static inline int unpack_header(uint8_t** bptr, UINT32* len, TPM_TAG* tag,
UINT32* size, TPM_COMMAND_CODE* ord)
+{
+ return *bptr == NULL ||
+ tpm_unmarshal_UINT16(bptr, len, tag) ||
+ tpm_unmarshal_UINT32(bptr, len, size) ||
+ tpm_unmarshal_UINT32(bptr, len, ord);
+}
+
+int create_error_response(tpmcmd_t* tpmcmd, TPM_RESULT errorcode)
+{
+ TPM_TAG tag;
+ UINT32 len = tpmcmd->req_len;
+ uint8_t* respptr;
+ uint8_t* cmdptr = tpmcmd->req;
+
+ if(!tpm_unmarshal_UINT16(&cmdptr, &len, &tag)) {
+ switch (tag) {
+ case TPM_TAG_RQU_COMMAND:
+ tag = TPM_TAG_RSP_COMMAND;
+ break;
+ case TPM_TAG_RQU_AUTH1_COMMAND:
+ tag = TPM_TAG_RQU_AUTH2_COMMAND;
+ break;
+ case TPM_TAG_RQU_AUTH2_COMMAND:
+ tag = TPM_TAG_RQU_AUTH2_COMMAND;
+ break;
+ }
+ } else {
+ tag = TPM_TAG_RSP_COMMAND;
+ }
+
+ tpmcmd->resp_len = len = 10;
+ tpmcmd->resp = respptr = tpm_malloc(tpmcmd->resp_len);
+
+ return pack_header(&respptr, &len, tag, len, errorcode);
+}
+
+TPM_RESULT VTPM_GetRandom(struct tpmfront_dev* tpmfront_dev, BYTE* bytes,
UINT32 *numbytes) {
+ TPM_RESULT status = TPM_SUCCESS;
+ uint8_t* cmdbuf, *resp, *bptr;
+ size_t resplen = 0;
+ UINT32 len;
+
+ /*Ask the real tpm for random bytes for the seed */
+ TPM_TAG tag = TPM_TAG_RQU_COMMAND;
+ UINT32 size;
+ TPM_COMMAND_CODE ord = TPM_ORD_GetRandom;
+ len = size = sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE) +
sizeof(UINT32);
+
+ /*Create the raw tpm command */
+ bptr = cmdbuf = malloc(size);
+ TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord));
+ TRYFAILGOTO(tpm_marshal_UINT32(&bptr, &len, *numbytes));
+
+ /* Send cmd, wait for response */
+ TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp,
&resplen),
+ ERR_TPMFRONT);
+
+ bptr = resp; len = resplen;
+ TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size,
&ord), ERR_MALFORMED);
+
+ //Check return status of command
+ CHECKSTATUSGOTO(ord, "TPM_GetRandom()");
+
+ // Get the number of random bytes in the response
+ TRYFAILGOTOMSG(tpm_unmarshal_UINT32(&bptr, &len, &size),
ERR_MALFORMED);
+ *numbytes = size;
+
+ //Get the random bytes out, tpm may give us less bytes than what we wanrt
+ TRYFAILGOTOMSG(tpm_unmarshal_BYTE_ARRAY(&bptr, &len, bytes,
*numbytes), ERR_MALFORMED);
+
+ goto egress;
+abort_egress:
+egress:
+ free(cmdbuf);
+ return status;
+
+}
+
+TPM_RESULT VTPM_LoadHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t** data,
size_t* data_length)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ uint8_t* bptr, *resp;
+ uint8_t* cmdbuf = NULL;
+ size_t resplen = 0;
+ UINT32 len;
+
+ TPM_TAG tag = VTPM_TAG_REQ;
+ UINT32 size;
+ TPM_COMMAND_CODE ord = VTPM_ORD_LOADHASHKEY;
+
+ /*Create the command*/
+ len = size = VTPM_COMMAND_HEADER_SIZE;
+ bptr = cmdbuf = malloc(size);
+ TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord));
+
+ /* Send the command to vtpm_manager */
+ info("Requesting Encryption key from backend");
+ TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp,
&resplen), ERR_TPMFRONT);
+
+ /* Unpack response header */
+ bptr = resp;
+ len = resplen;
+ TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size,
&ord), ERR_MALFORMED);
+
+ /* Check return code */
+ CHECKSTATUSGOTO(ord, "VTPM_LoadHashKey()");
+
+ /* Get the size of the key */
+ *data_length = size - VTPM_COMMAND_HEADER_SIZE;
+
+ /* Copy the key bits */
+ *data = malloc(*data_length);
+ memcpy(*data, bptr, *data_length);
+
+ goto egress;
+abort_egress:
+ error("VTPM_LoadHashKey failed");
+egress:
+ free(cmdbuf);
+ return status;
+}
+
+TPM_RESULT VTPM_SaveHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t* data,
size_t data_length)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ uint8_t* bptr, *resp;
+ uint8_t* cmdbuf = NULL;
+ size_t resplen = 0;
+ UINT32 len;
+
+ TPM_TAG tag = VTPM_TAG_REQ;
+ UINT32 size;
+ TPM_COMMAND_CODE ord = VTPM_ORD_SAVEHASHKEY;
+
+ /*Create the command*/
+ len = size = VTPM_COMMAND_HEADER_SIZE + data_length;
+ bptr = cmdbuf = malloc(size);
+ TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord));
+ memcpy(bptr, data, data_length);
+ bptr += data_length;
+
+ /* Send the command to vtpm_manager */
+ info("Sending encryption key to backend");
+ TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp,
&resplen), ERR_TPMFRONT);
+
+ /* Unpack response header */
+ bptr = resp;
+ len = resplen;
+ TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size,
&ord), ERR_MALFORMED);
+
+ /* Check return code */
+ CHECKSTATUSGOTO(ord, "VTPM_SaveHashKey()");
+
+ goto egress;
+abort_egress:
+ error("VTPM_SaveHashKey failed");
+egress:
+ free(cmdbuf);
+ return status;
+}
+
+TPM_RESULT VTPM_PCRRead(struct tpmfront_dev* tpmfront_dev, UINT32 pcrIndex,
BYTE* outDigest)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ uint8_t *cmdbuf, *resp, *bptr;
+ size_t resplen = 0;
+ UINT32 len;
+
+ /*Just send a TPM_PCRRead Command to the HW tpm */
+ TPM_TAG tag = TPM_TAG_RQU_COMMAND;
+ UINT32 size;
+ TPM_COMMAND_CODE ord = TPM_ORD_PCRRead;
+ len = size = sizeof(TPM_TAG) + sizeof(UINT32) + sizeof(TPM_COMMAND_CODE) +
sizeof(UINT32);
+
+ /*Create the raw tpm cmd */
+ bptr = cmdbuf = malloc(size);
+ TRYFAILGOTO(pack_header(&bptr, &len, tag, size, ord));
+ TRYFAILGOTO(tpm_marshal_UINT32(&bptr, &len, pcrIndex));
+
+ /*Send Cmd wait for response */
+ TRYFAILGOTOMSG(tpmfront_cmd(tpmfront_dev, cmdbuf, size, &resp,
&resplen), ERR_TPMFRONT);
+
+ bptr = resp; len = resplen;
+ TRYFAILGOTOMSG(unpack_header(&bptr, &len, &tag, &size,
&ord), ERR_MALFORMED);
+
+ //Check return status of command
+ CHECKSTATUSGOTO(ord, "TPM_PCRRead");
+
+ //Get the ptr value
+ memcpy(outDigest, bptr, sizeof(TPM_PCRVALUE));
+
+ goto egress;
+abort_egress:
+egress:
+ free(cmdbuf);
+ return status;
+
+}
diff --git a/stubdom/vtpm/vtpm_cmd.h b/stubdom/vtpm/vtpm_cmd.h
new file mode 100644
index 0000000..b0bfa22
--- /dev/null
+++ b/stubdom/vtpm/vtpm_cmd.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#ifndef MANAGER_H
+#define MANAGER_H
+
+#include <tpmfront.h>
+#include <tpmback.h>
+#include "tpm/tpm_structures.h"
+
+/* Create a command response error header */
+int create_error_response(tpmcmd_t* tpmcmd, TPM_RESULT errorcode);
+/* Request random bytes from hardware tpm, returns 0 on success */
+TPM_RESULT VTPM_GetRandom(struct tpmfront_dev* tpmfront_dev, BYTE* bytes,
UINT32* numbytes);
+/* Retreive 256 bit AES encryption key from manager */
+TPM_RESULT VTPM_LoadHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t** data,
size_t* data_length);
+/* Manager securely saves our 256 bit AES encryption key */
+TPM_RESULT VTPM_SaveHashKey(struct tpmfront_dev* tpmfront_dev, uint8_t* data,
size_t data_length);
+/* Send a TPM_PCRRead command passthrough the manager to the hw tpm */
+TPM_RESULT VTPM_PCRRead(struct tpmfront_dev* tpmfront_dev, UINT32 pcrIndex,
BYTE* outDigest);
+
+#endif
diff --git a/stubdom/vtpm/vtpm_pcrs.c b/stubdom/vtpm/vtpm_pcrs.c
new file mode 100644
index 0000000..22a6cef
--- /dev/null
+++ b/stubdom/vtpm/vtpm_pcrs.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#include "vtpm_pcrs.h"
+#include "vtpm_cmd.h"
+#include "tpm/tpm_data.h"
+
+#define PCR_VALUE tpmData.permanent.data.pcrValue
+
+static int write_pcr_direct(unsigned int pcrIndex, uint8_t* val) {
+ if(pcrIndex > TPM_NUM_PCR) {
+ return TPM_BADINDEX;
+ }
+ memcpy(&PCR_VALUE[pcrIndex], val, sizeof(TPM_PCRVALUE));
+ return TPM_SUCCESS;
+}
+
+TPM_RESULT vtpm_initialize_hw_pcrs(struct tpmfront_dev* tpmfront_dev, unsigned
long pcrs)
+{
+ TPM_RESULT rc = TPM_SUCCESS;
+ uint8_t digest[sizeof(TPM_PCRVALUE)];
+
+ for(unsigned int i = 0; i < TPM_NUM_PCR; ++i) {
+ if(pcrs & 1 << i) {
+ if((rc = VTPM_PCRRead(tpmfront_dev, i, digest)) != TPM_SUCCESS) {
+ error("TPM_PCRRead failed with error : %d", rc);
+ return rc;
+ }
+ write_pcr_direct(i, digest);
+ }
+ }
+
+ return rc;
+}
diff --git a/stubdom/vtpm/vtpm_pcrs.h b/stubdom/vtpm/vtpm_pcrs.h
new file mode 100644
index 0000000..11835f9
--- /dev/null
+++ b/stubdom/vtpm/vtpm_pcrs.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#ifndef VTPM_PCRS_H
+#define VTPM_PCRS_H
+
+#include "tpm/tpm_structures.h"
+
+#define VTPM_PCR0 1
+#define VTPM_PCR1 1 << 1
+#define VTPM_PCR2 1 << 2
+#define VTPM_PCR3 1 << 3
+#define VTPM_PCR4 1 << 4
+#define VTPM_PCR5 1 << 5
+#define VTPM_PCR6 1 << 6
+#define VTPM_PCR7 1 << 7
+#define VTPM_PCR8 1 << 8
+#define VTPM_PCR9 1 << 9
+#define VTPM_PCR10 1 << 10
+#define VTPM_PCR11 1 << 11
+#define VTPM_PCR12 1 << 12
+#define VTPM_PCR13 1 << 13
+#define VTPM_PCR14 1 << 14
+#define VTPM_PCR15 1 << 15
+#define VTPM_PCR16 1 << 16
+#define VTPM_PCR17 1 << 17
+#define VTPM_PCR18 1 << 18
+#define VTPM_PCR19 1 << 19
+#define VTPM_PCR20 1 << 20
+#define VTPM_PCR21 1 << 21
+#define VTPM_PCR22 1 << 22
+#define VTPM_PCR23 1 << 23
+
+#define VTPM_PCRALL (1 << TPM_NUM_PCR) - 1
+#define VTPM_PCRNONE 0
+
+#define VTPM_NUMPCRS 24
+
+struct tpmfront_dev;
+
+TPM_RESULT vtpm_initialize_hw_pcrs(struct tpmfront_dev* tpmfront_dev, unsigned
long pcrs);
+
+
+#endif
diff --git a/stubdom/vtpm/vtpmblk.c b/stubdom/vtpm/vtpmblk.c
new file mode 100644
index 0000000..b343bd8
--- /dev/null
+++ b/stubdom/vtpm/vtpmblk.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#include <mini-os/byteorder.h>
+#include "vtpmblk.h"
+#include "tpm/tpm_marshalling.h"
+#include "vtpm_cmd.h"
+#include "polarssl/aes.h"
+#include "polarssl/sha1.h"
+#include <blkfront.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+
+/*Encryption key and block sizes */
+#define BLKSZ 16
+
+static struct blkfront_dev* blkdev = NULL;
+static int blkfront_fd = -1;
+
+int init_vtpmblk(struct tpmfront_dev* tpmfront_dev)
+{
+ struct blkfront_info blkinfo;
+ info("Initializing persistent NVM storage\n");
+
+ if((blkdev = init_blkfront(NULL, &blkinfo)) == NULL) {
+ error("BLKIO: ERROR Unable to initialize blkfront");
+ return -1;
+ }
+ if (blkinfo.info & VDISK_READONLY || blkinfo.mode != O_RDWR) {
+ error("BLKIO: ERROR block device is read only!");
+ goto error;
+ }
+ if((blkfront_fd = blkfront_open(blkdev)) == -1) {
+ error("Unable to open blkfront file descriptor!");
+ goto error;
+ }
+
+ return 0;
+error:
+ shutdown_blkfront(blkdev);
+ blkdev = NULL;
+ return -1;
+}
+
+void shutdown_vtpmblk(void)
+{
+ close(blkfront_fd);
+ blkfront_fd = -1;
+ blkdev = NULL;
+}
+
+int write_vtpmblk_raw(uint8_t *data, size_t data_length)
+{
+ int rc;
+ uint32_t lenbuf;
+ debug("Begin Write data=%p len=%u", data, data_length);
+
+ lenbuf = cpu_to_be32((uint32_t)data_length);
+
+ lseek(blkfront_fd, 0, SEEK_SET);
+ if((rc = write(blkfront_fd, (uint8_t*)&lenbuf, 4)) != 4) {
+ error("write(length) failed! error was %s", strerror(errno));
+ return -1;
+ }
+ if((rc = write(blkfront_fd, data, data_length)) != data_length) {
+ error("write(data) failed! error was %s", strerror(errno));
+ return -1;
+ }
+
+ info("Wrote %u bytes to NVM persistent storage", data_length);
+
+ return 0;
+}
+
+int read_vtpmblk_raw(uint8_t **data, size_t *data_length)
+{
+ int rc;
+ uint32_t lenbuf;
+
+ lseek(blkfront_fd, 0, SEEK_SET);
+ if(( rc = read(blkfront_fd, (uint8_t*)&lenbuf, 4)) != 4) {
+ error("read(length) failed! error was %s", strerror(errno));
+ return -1;
+ }
+ *data_length = (size_t) cpu_to_be32(lenbuf);
+ if(*data_length == 0) {
+ error("read 0 data_length for NVM");
+ return -1;
+ }
+
+ *data = tpm_malloc(*data_length);
+ if((rc = read(blkfront_fd, *data, *data_length)) != *data_length) {
+ error("read(data) failed! error was %s", strerror(errno));
+ return -1;
+ }
+
+ info("Read %u bytes from NVM persistent storage", *data_length);
+ return 0;
+}
+
+int encrypt_vtpmblk(uint8_t* clear, size_t clear_len, uint8_t** cipher, size_t*
cipher_len, uint8_t* symkey)
+{
+ int rc = 0;
+ uint8_t iv[BLKSZ];
+ aes_context aes_ctx;
+ UINT32 temp;
+ int mod;
+
+ uint8_t* clbuf = NULL;
+
+ uint8_t* ivptr;
+ int ivlen;
+
+ uint8_t* cptr; //Cipher block pointer
+ int clen; //Cipher block length
+
+ /*Create a new 256 bit encryption key */
+ if(symkey == NULL) {
+ rc = -1;
+ goto abort_egress;
+ }
+ tpm_get_extern_random_bytes(symkey, NVMKEYSZ);
+
+ /*Setup initialization vector - random bits and then 4 bytes clear text size
at the end*/
+ temp = sizeof(UINT32);
+ ivlen = BLKSZ - temp;
+ tpm_get_extern_random_bytes(iv, ivlen);
+ ivptr = iv + ivlen;
+ tpm_marshal_UINT32(&ivptr, &temp, (UINT32) clear_len);
+
+ /*The clear text needs to be padded out to a multiple of BLKSZ */
+ mod = clear_len % BLKSZ;
+ clen = mod ? clear_len + BLKSZ - mod : clear_len;
+ clbuf = malloc(clen);
+ if (clbuf == NULL) {
+ rc = -1;
+ goto abort_egress;
+ }
+ memcpy(clbuf, clear, clear_len);
+ /* zero out the padding bits - FIXME: better / more secure way to handle
these? */
+ if(clen - clear_len) {
+ memset(clbuf + clear_len, 0, clen - clear_len);
+ }
+
+ /* Setup the ciphertext buffer */
+ *cipher_len = BLKSZ + clen; /*iv + ciphertext */
+ cptr = *cipher = malloc(*cipher_len);
+ if (*cipher == NULL) {
+ rc = -1;
+ goto abort_egress;
+ }
+
+ /* Copy the IV to cipher text blob*/
+ memcpy(cptr, iv, BLKSZ);
+ cptr += BLKSZ;
+
+ /* Setup encryption */
+ aes_setkey_enc(&aes_ctx, symkey, 256);
+
+ /* Do encryption now */
+ aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, clen, iv, clbuf, cptr);
+
+ goto egress;
+abort_egress:
+egress:
+ free(clbuf);
+ return rc;
+}
+int decrypt_vtpmblk(uint8_t* cipher, size_t cipher_len, uint8_t** clear,
size_t* clear_len, uint8_t* symkey)
+{
+ int rc = 0;
+ uint8_t iv[BLKSZ];
+ uint8_t* ivptr;
+ UINT32 u32, temp;
+ aes_context aes_ctx;
+
+ uint8_t* cptr = cipher; //cipher block pointer
+ int clen = cipher_len; //cipher block length
+
+ /* Pull out the initialization vector */
+ memcpy(iv, cipher, BLKSZ);
+ cptr += BLKSZ;
+ clen -= BLKSZ;
+
+ /* Setup the clear text buffer */
+ if((*clear = malloc(clen)) == NULL) {
+ rc = -1;
+ goto abort_egress;
+ }
+
+ /* Get the length of clear text from last 4 bytes of iv */
+ temp = sizeof(UINT32);
+ ivptr = iv + BLKSZ - temp;
+ tpm_unmarshal_UINT32(&ivptr, &temp, &u32);
+ *clear_len = u32;
+
+ /* Setup decryption */
+ aes_setkey_dec(&aes_ctx, symkey, 256);
+
+ /* Do decryption now */
+ if ((clen % BLKSZ) != 0) {
+ error("Decryption Error: Cipher block size was not a multiple of
%u", BLKSZ);
+ rc = -1;
+ goto abort_egress;
+ }
+ aes_crypt_cbc(&aes_ctx, AES_DECRYPT, clen, iv, cptr, *clear);
+
+ goto egress;
+abort_egress:
+egress:
+ return rc;
+}
+
+int write_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t* data, size_t
data_length) {
+ int rc;
+ uint8_t* cipher = NULL;
+ size_t cipher_len = 0;
+ uint8_t hashkey[HASHKEYSZ];
+ uint8_t* symkey = hashkey + HASHSZ;
+
+ /* Encrypt the data */
+ if((rc = encrypt_vtpmblk(data, data_length, &cipher, &cipher_len,
symkey))) {
+ goto abort_egress;
+ }
+ /* Write to disk */
+ if((rc = write_vtpmblk_raw(cipher, cipher_len))) {
+ goto abort_egress;
+ }
+ /* Get sha1 hash of data */
+ sha1(cipher, cipher_len, hashkey);
+
+ /* Send hash and key to manager */
+ if((rc = VTPM_SaveHashKey(tpmfront_dev, hashkey, HASHKEYSZ)) != TPM_SUCCESS)
{
+ goto abort_egress;
+ }
+ goto egress;
+abort_egress:
+egress:
+ free(cipher);
+ return rc;
+}
+
+int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t** data, size_t
*data_length) {
+ int rc;
+ uint8_t* cipher = NULL;
+ size_t cipher_len = 0;
+ size_t keysize;
+ uint8_t* hashkey = NULL;
+ uint8_t hash[HASHSZ];
+ uint8_t* symkey;
+
+ /* Retreive the hash and the key from the manager */
+ if((rc = VTPM_LoadHashKey(tpmfront_dev, &hashkey, &keysize)) !=
TPM_SUCCESS) {
+ goto abort_egress;
+ }
+ if(keysize != HASHKEYSZ) {
+ error("Manager returned a hashkey of invalid size! expected %d,
actual %d", NVMKEYSZ, keysize);
+ rc = -1;
+ goto abort_egress;
+ }
+ symkey = hashkey + HASHSZ;
+
+ /* Read from disk now */
+ if((rc = read_vtpmblk_raw(&cipher, &cipher_len))) {
+ goto abort_egress;
+ }
+
+ /* Compute the hash of the cipher text and compare */
+ sha1(cipher, cipher_len, hash);
+ if(memcmp(hash, hashkey, HASHSZ)) {
+ int i;
+ error("NVM Storage Checksum failed!");
+ printf("Expected: ");
+ for(i = 0; i < HASHSZ; ++i) {
+ printf("%02hhX ", hashkey[i]);
+ }
+ printf("\n");
+ printf("Actual: ");
+ for(i = 0; i < HASHSZ; ++i) {
+ printf("%02hhX ", hash[i]);
+ }
+ printf("\n");
+ rc = -1;
+ goto abort_egress;
+ }
+
+ /* Decrypt the blob */
+ if((rc = decrypt_vtpmblk(cipher, cipher_len, data, data_length, symkey))) {
+ goto abort_egress;
+ }
+ goto egress;
+abort_egress:
+egress:
+ free(cipher);
+ free(hashkey);
+ return rc;
+}
diff --git a/stubdom/vtpm/vtpmblk.h b/stubdom/vtpm/vtpmblk.h
new file mode 100644
index 0000000..282ce6a
--- /dev/null
+++ b/stubdom/vtpm/vtpmblk.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+#ifndef NVM_H
+#define NVM_H
+#include <mini-os/types.h>
+#include <xen/xen.h>
+#include <tpmfront.h>
+
+#define NVMKEYSZ 32
+#define HASHSZ 20
+#define HASHKEYSZ (NVMKEYSZ + HASHSZ)
+
+int init_vtpmblk(struct tpmfront_dev* tpmfront_dev);
+void shutdown_vtpmblk(void);
+
+/* Encrypts and writes data to blk device */
+int write_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t *data, size_t
data_length);
+/* Reads, Decrypts, and returns data from blk device */
+int read_vtpmblk(struct tpmfront_dev* tpmfront_dev, uint8_t **data, size_t
*data_length);
+
+#endif
--
1.7.10.4
Add the code base for vtpmmgrdom. Makefile changes
next patch.
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
stubdom/vtpmmgr/Makefile | 32 ++
stubdom/vtpmmgr/init.c | 553 +++++++++++++++++++++
stubdom/vtpmmgr/log.c | 151 ++++++
stubdom/vtpmmgr/log.h | 85 ++++
stubdom/vtpmmgr/marshal.h | 528 ++++++++++++++++++++
stubdom/vtpmmgr/minios.cfg | 14 +
stubdom/vtpmmgr/tcg.h | 707 +++++++++++++++++++++++++++
stubdom/vtpmmgr/tpm.c | 938 ++++++++++++++++++++++++++++++++++++
stubdom/vtpmmgr/tpm.h | 218 +++++++++
stubdom/vtpmmgr/tpmrsa.c | 175 +++++++
stubdom/vtpmmgr/tpmrsa.h | 67 +++
stubdom/vtpmmgr/uuid.h | 50 ++
stubdom/vtpmmgr/vtpm_cmd_handler.c | 152 ++++++
stubdom/vtpmmgr/vtpm_manager.h | 64 +++
stubdom/vtpmmgr/vtpm_storage.c | 783 ++++++++++++++++++++++++++++++
stubdom/vtpmmgr/vtpm_storage.h | 68 +++
stubdom/vtpmmgr/vtpmmgr.c | 93 ++++
stubdom/vtpmmgr/vtpmmgr.h | 77 +++
18 files changed, 4755 insertions(+)
create mode 100644 stubdom/vtpmmgr/Makefile
create mode 100644 stubdom/vtpmmgr/init.c
create mode 100644 stubdom/vtpmmgr/log.c
create mode 100644 stubdom/vtpmmgr/log.h
create mode 100644 stubdom/vtpmmgr/marshal.h
create mode 100644 stubdom/vtpmmgr/minios.cfg
create mode 100644 stubdom/vtpmmgr/tcg.h
create mode 100644 stubdom/vtpmmgr/tpm.c
create mode 100644 stubdom/vtpmmgr/tpm.h
create mode 100644 stubdom/vtpmmgr/tpmrsa.c
create mode 100644 stubdom/vtpmmgr/tpmrsa.h
create mode 100644 stubdom/vtpmmgr/uuid.h
create mode 100644 stubdom/vtpmmgr/vtpm_cmd_handler.c
create mode 100644 stubdom/vtpmmgr/vtpm_manager.h
create mode 100644 stubdom/vtpmmgr/vtpm_storage.c
create mode 100644 stubdom/vtpmmgr/vtpm_storage.h
create mode 100644 stubdom/vtpmmgr/vtpmmgr.c
create mode 100644 stubdom/vtpmmgr/vtpmmgr.h
diff --git a/stubdom/vtpmmgr/Makefile b/stubdom/vtpmmgr/Makefile
new file mode 100644
index 0000000..88c83c3
--- /dev/null
+++ b/stubdom/vtpmmgr/Makefile
@@ -0,0 +1,32 @@
+# Copyright (c) 2010-2012 United States Government, as represented by
+# the Secretary of Defense. All rights reserved.
+#
+# THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+# ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+# INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+# DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+# SOFTWARE.
+#
+
+XEN_ROOT=../..
+
+PSSL_DIR=../polarssl-$(XEN_TARGET_ARCH)/library
+PSSL_OBJS=aes.o sha1.o entropy.o ctr_drbg.o bignum.o sha4.o havege.o timing.o
entropy_poll.o
+
+TARGET=vtpmmgr.a
+OBJS=vtpmmgr.o vtpm_cmd_handler.o vtpm_storage.o init.o tpmrsa.o tpm.o log.o
+
+CFLAGS+=-Werror -Iutil -Icrypto -Itcs
+CFLAGS+=-Wno-declaration-after-statement -Wno-unused-label
+
+build: $(TARGET)
+$(TARGET): $(OBJS)
+ ar -rcs $@ $^ $(foreach obj,$(PSSL_OBJS),$(PSSL_DIR)/$(obj))
+
+clean:
+ rm -f $(TARGET) $(OBJS)
+
+distclean: clean
+
+.PHONY: clean distclean
diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
new file mode 100644
index 0000000..a158020
--- /dev/null
+++ b/stubdom/vtpmmgr/init.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <xen/xen.h>
+#include <mini-os/tpmback.h>
+#include <mini-os/tpmfront.h>
+#include <mini-os/tpm_tis.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <polarssl/sha1.h>
+
+#include "log.h"
+#include "vtpmmgr.h"
+#include "vtpm_storage.h"
+#include "tpm.h"
+#include "marshal.h"
+
+struct Opts {
+ enum {
+ TPMDRV_TPM_TIS,
+ TPMDRV_TPMFRONT,
+ } tpmdriver;
+ unsigned long tpmiomem;
+ unsigned int tpmirq;
+ unsigned int tpmlocality;
+ int gen_owner_auth;
+};
+
+// --------------------------- Well Known Auths --------------------------
+const TPM_AUTHDATA WELLKNOWN_SRK_AUTH = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+const TPM_AUTHDATA WELLKNOWN_OWNER_AUTH = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+
+struct vtpm_globals vtpm_globals = {
+ .tpm_fd = -1,
+ .storage_key = TPM_KEY_INIT,
+ .storage_key_handle = 0,
+ .oiap = { .AuthHandle = 0 }
+};
+
+static int tpm_entropy_source(void* dummy, unsigned char* data, size_t len,
size_t* olen) {
+ UINT32 sz = len;
+ TPM_RESULT rc = TPM_GetRandom(&sz, data);
+ *olen = sz;
+ return rc == TPM_SUCCESS ? 0 : POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
+}
+
+static TPM_RESULT check_tpm_version(void) {
+ TPM_RESULT status;
+ UINT32 rsize;
+ BYTE* res = NULL;
+ TPM_CAP_VERSION_INFO vinfo;
+
+ TPMTRYRETURN(TPM_GetCapability(
+ TPM_CAP_VERSION_VAL,
+ 0,
+ NULL,
+ &rsize,
+ &res));
+ if(rsize < 4) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Invalid size returned by
GetCapability!\n");
+ status = TPM_BAD_PARAMETER;
+ goto abort_egress;
+ }
+
+ unpack_TPM_CAP_VERSION_INFO(res, &vinfo, UNPACK_ALIAS);
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Hardware TPM:\n");
+ vtpmloginfo(VTPM_LOG_VTPM, " version: %hhd %hhd %hhd %hhd\n",
+ vinfo.version.major, vinfo.version.minor, vinfo.version.revMajor,
vinfo.version.revMinor);
+ vtpmloginfo(VTPM_LOG_VTPM, " specLevel: %hd\n", vinfo.specLevel);
+ vtpmloginfo(VTPM_LOG_VTPM, " errataRev: %hhd\n", vinfo.errataRev);
+ vtpmloginfo(VTPM_LOG_VTPM, " vendorID: %c%c%c%c\n",
+ vinfo.tpmVendorID[0], vinfo.tpmVendorID[1],
+ vinfo.tpmVendorID[2], vinfo.tpmVendorID[3]);
+ vtpmloginfo(VTPM_LOG_VTPM, " vendorSpecificSize: %hd\n",
vinfo.vendorSpecificSize);
+ vtpmloginfo(VTPM_LOG_VTPM, " vendorSpecific: ");
+ for(int i = 0; i < vinfo.vendorSpecificSize; ++i) {
+ vtpmloginfomore(VTPM_LOG_VTPM, "%02hhx",
vinfo.vendorSpecific[i]);
+ }
+ vtpmloginfomore(VTPM_LOG_VTPM, "\n");
+
+abort_egress:
+ free(res);
+ return status;
+}
+
+static TPM_RESULT flush_tpm(void) {
+ TPM_RESULT status = TPM_SUCCESS;
+ const TPM_RESOURCE_TYPE reslist[] = { TPM_RT_KEY, TPM_RT_AUTH, TPM_RT_TRANS,
TPM_RT_COUNTER, TPM_RT_DAA_TPM, TPM_RT_CONTEXT };
+ BYTE* keylist = NULL;
+ UINT32 keylistSize;
+ BYTE* ptr;
+
+ //Iterate through each resource type and flush all handles
+ for(int i = 0; i < sizeof(reslist) / sizeof(TPM_RESOURCE_TYPE); ++i) {
+ TPM_RESOURCE_TYPE beres = cpu_to_be32(reslist[i]);
+ UINT16 size;
+ TPMTRYRETURN(TPM_GetCapability(
+ TPM_CAP_HANDLE,
+ sizeof(TPM_RESOURCE_TYPE),
+ (BYTE*)(&beres),
+ &keylistSize,
+ &keylist));
+
+ ptr = keylist;
+ ptr = unpack_UINT16(ptr, &size);
+
+ //Flush each handle
+ if(size) {
+ vtpmloginfo(VTPM_LOG_VTPM, "Flushing %u handle(s) of type
%lu\n", size, (unsigned long) reslist[i]);
+ for(int j = 0; j < size; ++j) {
+ TPM_HANDLE h;
+ ptr = unpack_TPM_HANDLE(ptr, &h);
+ TPMTRYRETURN(TPM_FlushSpecific(h, reslist[i]));
+ }
+ }
+
+ free(keylist);
+ keylist = NULL;
+ }
+
+ goto egress;
+abort_egress:
+ free(keylist);
+egress:
+ return status;
+}
+
+
+static TPM_RESULT try_take_ownership(void) {
+ TPM_RESULT status = TPM_SUCCESS;
+ TPM_PUBKEY pubEK = TPM_PUBKEY_INIT;
+
+ // If we can read PubEK then there is no owner and we should take it.
+ status = TPM_ReadPubek(&pubEK);
+
+ switch(status) {
+ case TPM_DISABLED_CMD:
+ //Cannot read ek? TPM has owner
+ vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an
owner. Creating Keys off existing SRK.\n");
+ status = TPM_SUCCESS;
+ break;
+ case TPM_NO_ENDORSEMENT:
+ {
+ //If theres no ek, we have to create one
+ TPM_KEY_PARMS keyInfo = {
+ .algorithmID = TPM_ALG_RSA,
+ .encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1,
+ .sigScheme = TPM_SS_NONE,
+ .parmSize = 12,
+ .parms.rsa = {
+ .keyLength = RSA_KEY_SIZE,
+ .numPrimes = 2,
+ .exponentSize = 0,
+ .exponent = NULL,
+ },
+ };
+ TPMTRYRETURN(TPM_CreateEndorsementKeyPair(&keyInfo,
&pubEK));
+ }
+ //fall through to take ownership
+ case TPM_SUCCESS:
+ {
+ //Construct the Srk
+ TPM_KEY srk = {
+ .ver = TPM_STRUCT_VER_1_1,
+ .keyUsage = TPM_KEY_STORAGE,
+ .keyFlags = 0x00,
+ .authDataUsage = TPM_AUTH_ALWAYS,
+ .algorithmParms = {
+ .algorithmID = TPM_ALG_RSA,
+ .encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1,
+ .sigScheme = TPM_SS_NONE,
+ .parmSize = 12,
+ .parms.rsa = {
+ .keyLength = RSA_KEY_SIZE,
+ .numPrimes = 2,
+ .exponentSize = 0,
+ .exponent = NULL,
+ },
+ },
+ .PCRInfoSize = 0,
+ .pubKey = {
+ .keyLength = 0,
+ .key = NULL,
+ },
+ .encDataSize = 0,
+ };
+
+ TPMTRYRETURN(TPM_TakeOwnership(
+ &pubEK,
+ (const TPM_AUTHDATA*)&vtpm_globals.owner_auth,
+ (const TPM_AUTHDATA*)&vtpm_globals.srk_auth,
+ &srk,
+ NULL,
+ &vtpm_globals.oiap));
+
+ TPMTRYRETURN(TPM_DisablePubekRead(
+ (const TPM_AUTHDATA*)&vtpm_globals.owner_auth,
+ &vtpm_globals.oiap));
+ }
+ break;
+ default:
+ break;
+ }
+abort_egress:
+ free_TPM_PUBKEY(&pubEK);
+ return status;
+}
+
+static void init_storage_key(TPM_KEY* key) {
+ key->ver.major = 1;
+ key->ver.minor = 1;
+ key->ver.revMajor = 0;
+ key->ver.revMinor = 0;
+
+ key->keyUsage = TPM_KEY_BIND;
+ key->keyFlags = 0;
+ key->authDataUsage = TPM_AUTH_ALWAYS;
+
+ TPM_KEY_PARMS* p = &key->algorithmParms;
+ p->algorithmID = TPM_ALG_RSA;
+ p->encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
+ p->sigScheme = TPM_SS_NONE;
+ p->parmSize = 12;
+
+ TPM_RSA_KEY_PARMS* r = &p->parms.rsa;
+ r->keyLength = RSA_KEY_SIZE;
+ r->numPrimes = 2;
+ r->exponentSize = 0;
+ r->exponent = NULL;
+
+ key->PCRInfoSize = 0;
+ key->encDataSize = 0;
+ key->encData = NULL;
+}
+
+static int parse_auth_string(char* authstr, BYTE* target, const TPM_AUTHDATA
wellknown, int allowrandom) {
+ int rc;
+ /* well known owner auth */
+ if(!strcmp(authstr, "well-known")) {
+ memcpy(target, wellknown, sizeof(TPM_AUTHDATA));
+ }
+ /* Create a randomly generated owner auth */
+ else if(allowrandom && !strcmp(authstr, "random")) {
+ return 1;
+ }
+ /* owner auth is a raw hash */
+ else if(!strncmp(authstr, "hash:", 5)) {
+ authstr += 5;
+ if((rc = strlen(authstr)) != 40) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Supplied owner auth hex string
`%s'' must be exactly 40 characters (20 bytes) long, length=%d\n",
authstr, rc);
+ return -1;
+ }
+ for(int j = 0; j < 20; ++j) {
+ if(sscanf(authstr, "%hhX", target + j) != 1) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Supplied owner auth string
`%s'' is not a valid hex string\n", authstr);
+ return -1;
+ }
+ authstr += 2;
+ }
+ }
+ /* owner auth is a string that will be hashed */
+ else if(!strncmp(authstr, "text:", 5)) {
+ authstr += 5;
+ sha1((const unsigned char*)authstr, strlen(authstr), target);
+ }
+ else {
+ vtpmlogerror(VTPM_LOG_VTPM, "Invalid auth string %s\n",
authstr);
+ return -1;
+ }
+
+ return 0;
+}
+
+int parse_cmdline_opts(int argc, char** argv, struct Opts* opts)
+{
+ int rc;
+ int i;
+
+ //Set defaults
+ memcpy(vtpm_globals.owner_auth, WELLKNOWN_OWNER_AUTH, sizeof(TPM_AUTHDATA));
+ memcpy(vtpm_globals.srk_auth, WELLKNOWN_SRK_AUTH, sizeof(TPM_AUTHDATA));
+
+ for(i = 1; i < argc; ++i) {
+ if(!strncmp(argv[i], "owner_auth:", 10)) {
+ if((rc = parse_auth_string(argv[i] + 10, vtpm_globals.owner_auth,
WELLKNOWN_OWNER_AUTH, 1)) < 0) {
+ goto err_invalid;
+ }
+ if(rc == 1) {
+ opts->gen_owner_auth = 1;
+ }
+ }
+ else if(!strncmp(argv[i], "srk_auth:", 8)) {
+ if((rc = parse_auth_string(argv[i] + 8, vtpm_globals.srk_auth,
WELLKNOWN_SRK_AUTH, 0)) != 0) {
+ goto err_invalid;
+ }
+ }
+ else if(!strncmp(argv[i], "tpmdriver=", 10)) {
+ if(!strcmp(argv[i] + 10, "tpm_tis")) {
+ opts->tpmdriver = TPMDRV_TPM_TIS;
+ } else if(!strcmp(argv[i] + 10, "tpmfront")) {
+ opts->tpmdriver = TPMDRV_TPMFRONT;
+ } else {
+ goto err_invalid;
+ }
+ }
+ else if(!strncmp(argv[i], "tpmiomem=",9)) {
+ if(sscanf(argv[i] + 9, "0x%lX", &opts->tpmiomem) !=
1) {
+ goto err_invalid;
+ }
+ }
+ else if(!strncmp(argv[i], "tpmirq=",7)) {
+ if(!strcmp(argv[i] + 7, "probe")) {
+ opts->tpmirq = TPM_PROBE_IRQ;
+ } else if( sscanf(argv[i] + 7, "%u", &opts->tpmirq)
!= 1) {
+ goto err_invalid;
+ }
+ }
+ else if(!strncmp(argv[i], "tpmlocality=",12)) {
+ if(sscanf(argv[i] + 12, "%u", &opts->tpmlocality) !=
1 || opts->tpmlocality > 4) {
+ goto err_invalid;
+ }
+ }
+ }
+
+ switch(opts->tpmdriver) {
+ case TPMDRV_TPM_TIS:
+ vtpmloginfo(VTPM_LOG_VTPM, "Option: Using tpm_tis
driver\n");
+ break;
+ case TPMDRV_TPMFRONT:
+ vtpmloginfo(VTPM_LOG_VTPM, "Option: Using tpmfront
driver\n");
+ break;
+ }
+
+ return 0;
+err_invalid:
+ vtpmlogerror(VTPM_LOG_VTPM, "Invalid Option %s\n", argv[i]);
+ return -1;
+}
+
+
+
+static TPM_RESULT vtpmmgr_create(void) {
+ TPM_RESULT status = TPM_SUCCESS;
+ TPM_AUTH_SESSION osap = TPM_AUTH_SESSION_INIT;
+ TPM_AUTHDATA sharedsecret;
+
+ // Take ownership if TPM is unowned
+ TPMTRYRETURN(try_take_ownership());
+
+ // Generate storage key''s auth
+ memset(&vtpm_globals.storage_key_usage_auth, 0, sizeof(TPM_AUTHDATA));
+
+ TPMTRYRETURN( TPM_OSAP(
+ TPM_ET_KEYHANDLE,
+ TPM_SRK_KEYHANDLE,
+ (const TPM_AUTHDATA*)&vtpm_globals.srk_auth,
+ &sharedsecret,
+ &osap) );
+
+ init_storage_key(&vtpm_globals.storage_key);
+
+ //initialize the storage key
+ TPMTRYRETURN( TPM_CreateWrapKey(
+ TPM_SRK_KEYHANDLE,
+ (const TPM_AUTHDATA*)&sharedsecret,
+ (const TPM_AUTHDATA*)&vtpm_globals.storage_key_usage_auth,
+ (const TPM_AUTHDATA*)&vtpm_globals.storage_key_usage_auth,
+ &vtpm_globals.storage_key,
+ &osap) );
+
+ //Load Storage Key
+ TPMTRYRETURN( TPM_LoadKey(
+ TPM_SRK_KEYHANDLE,
+ &vtpm_globals.storage_key,
+ &vtpm_globals.storage_key_handle,
+ (const TPM_AUTHDATA*) &vtpm_globals.srk_auth,
+ &vtpm_globals.oiap));
+
+ //Make sure TPM has commited changes
+ TPMTRYRETURN( TPM_SaveState() );
+
+ //Create new disk image
+ TPMTRYRETURN(vtpm_storage_new_header());
+
+ goto egress;
+abort_egress:
+egress:
+ vtpmloginfo(VTPM_LOG_VTPM, "Finished initialized new VTPM
manager\n");
+
+ //End the OSAP session
+ if(osap.AuthHandle) {
+ TPM_TerminateHandle(osap.AuthHandle);
+ }
+
+ return status;
+}
+
+TPM_RESULT vtpmmgr_init(int argc, char** argv) {
+ TPM_RESULT status = TPM_SUCCESS;
+
+ /* Default commandline options */
+ struct Opts opts = {
+ .tpmdriver = TPMDRV_TPM_TIS,
+ .tpmiomem = TPM_BASEADDR,
+ .tpmirq = 0,
+ .tpmlocality = 0,
+ .gen_owner_auth = 0,
+ };
+
+ if(parse_cmdline_opts(argc, argv, &opts) != 0) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Command line parsing failed!
exiting..\n");
+ status = TPM_BAD_PARAMETER;
+ goto abort_egress;
+ }
+
+ //Setup storage system
+ if(vtpm_storage_init() != 0) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Unable to initialize storage
subsystem!\n");
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+
+ //Setup tpmback device
+ init_tpmback();
+
+ //Setup tpm access
+ switch(opts.tpmdriver) {
+ case TPMDRV_TPM_TIS:
+ {
+ struct tpm_chip* tpm;
+ if((tpm = init_tpm_tis(opts.tpmiomem,
TPM_TIS_LOCL_INT_TO_FLAG(opts.tpmlocality), opts.tpmirq)) == NULL) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Unable to initialize tpmfront
device\n");
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+ vtpm_globals.tpm_fd = tpm_tis_open(tpm);
+ tpm_tis_request_locality(tpm, opts.tpmlocality);
+ }
+ break;
+ case TPMDRV_TPMFRONT:
+ {
+ struct tpmfront_dev* tpmfront_dev;
+ if((tpmfront_dev = init_tpmfront(NULL)) == NULL) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Unable to initialize tpmfront
device\n");
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+ vtpm_globals.tpm_fd = tpmfront_open(tpmfront_dev);
+ }
+ break;
+ }
+
+ //Get the version of the tpm
+ TPMTRYRETURN(check_tpm_version());
+
+ // Blow away all stale handles left in the tpm
+ if(flush_tpm() != TPM_SUCCESS) {
+ vtpmlogerror(VTPM_LOG_VTPM, "VTPM_FlushResources failed, continuing
anyway..\n");
+ }
+
+ /* Initialize the rng */
+ entropy_init(&vtpm_globals.entropy);
+ entropy_add_source(&vtpm_globals.entropy, tpm_entropy_source, NULL, 0);
+ entropy_gather(&vtpm_globals.entropy);
+ ctr_drbg_init(&vtpm_globals.ctr_drbg, entropy_func,
&vtpm_globals.entropy, NULL, 0);
+ ctr_drbg_set_prediction_resistance( &vtpm_globals.ctr_drbg,
CTR_DRBG_PR_OFF );
+
+ // Generate Auth for Owner
+ if(opts.gen_owner_auth) {
+ vtpmmgr_rand(vtpm_globals.owner_auth, sizeof(TPM_AUTHDATA));
+ }
+
+ // Create OIAP session for service''s authorized commands
+ TPMTRYRETURN( TPM_OIAP(&vtpm_globals.oiap) );
+
+ /* Load the Manager data, if it fails create a new manager */
+ if (vtpm_storage_load_header() != TPM_SUCCESS) {
+ /* If the OIAP session was closed by an error, create a new one */
+ if(vtpm_globals.oiap.AuthHandle == 0) {
+ TPMTRYRETURN( TPM_OIAP(&vtpm_globals.oiap) );
+ }
+ vtpmloginfo(VTPM_LOG_VTPM, "Failed to read manager file. Assuming
first time initialization.\n");
+ TPMTRYRETURN( vtpmmgr_create() );
+ }
+
+ goto egress;
+abort_egress:
+ vtpmmgr_shutdown();
+egress:
+ return status;
+}
+
+void vtpmmgr_shutdown(void)
+{
+ /* Cleanup resources */
+ free_TPM_KEY(&vtpm_globals.storage_key);
+
+ /* Cleanup TPM resources */
+ TPM_EvictKey(vtpm_globals.storage_key_handle);
+ TPM_TerminateHandle(vtpm_globals.oiap.AuthHandle);
+
+ /* Close tpmback */
+ shutdown_tpmback();
+
+ /* Close the storage system and blkfront */
+ vtpm_storage_shutdown();
+
+ /* Close tpmfront/tpm_tis */
+ close(vtpm_globals.tpm_fd);
+
+ vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n");
+}
diff --git a/stubdom/vtpmmgr/log.c b/stubdom/vtpmmgr/log.c
new file mode 100644
index 0000000..a82c913
--- /dev/null
+++ b/stubdom/vtpmmgr/log.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "tcg.h"
+
+char *module_names[] = { "",
+ "TPM",
+ "TPM",
+ "VTPM",
+ "VTPM",
+ "TXDATA",
+ };
+// Helper code for the consts, eg. to produce messages for error codes.
+
+typedef struct error_code_entry_t {
+ TPM_RESULT code;
+ char * code_name;
+ char * msg;
+} error_code_entry_t;
+
+static const error_code_entry_t error_msgs [] = {
+ { TPM_SUCCESS, "TPM_SUCCESS", "Successful completion of the
operation" },
+ { TPM_AUTHFAIL, "TPM_AUTHFAIL", "Authentication failed"
},
+ { TPM_BADINDEX, "TPM_BADINDEX", "The index to a PCR, DIR or
other register is incorrect" },
+ { TPM_BAD_PARAMETER, "TPM_BAD_PARAMETER", "One or more
parameter is bad" },
+ { TPM_AUDITFAILURE, "TPM_AUDITFAILURE", "An operation
completed successfully but the auditing of that operation failed." },
+ { TPM_CLEAR_DISABLED, "TPM_CLEAR_DISABLED", "The clear disable
flag is set and all clear operations now require physical access" },
+ { TPM_DEACTIVATED, "TPM_DEACTIVATED", "The TPM is
deactivated" },
+ { TPM_DISABLED, "TPM_DISABLED", "The TPM is disabled" },
+ { TPM_DISABLED_CMD, "TPM_DISABLED_CMD", "The target command
has been disabled" },
+ { TPM_FAIL, "TPM_FAIL", "The operation failed" },
+ { TPM_BAD_ORDINAL, "TPM_BAD_ORDINAL", "The ordinal was unknown
or inconsistent" },
+ { TPM_INSTALL_DISABLED, "TPM_INSTALL_DISABLED", "The ability
to install an owner is disabled" },
+ { TPM_INVALID_KEYHANDLE, "TPM_INVALID_KEYHANDLE", "The key
handle presented was invalid" },
+ { TPM_KEYNOTFOUND, "TPM_KEYNOTFOUND", "The target key was not
found" },
+ { TPM_INAPPROPRIATE_ENC, "TPM_INAPPROPRIATE_ENC",
"Unacceptable encryption scheme" },
+ { TPM_MIGRATEFAIL, "TPM_MIGRATEFAIL", "Migration authorization
failed" },
+ { TPM_INVALID_PCR_INFO, "TPM_INVALID_PCR_INFO", "PCR
information could not be interpreted" },
+ { TPM_NOSPACE, "TPM_NOSPACE", "No room to load key." },
+ { TPM_NOSRK, "TPM_NOSRK", "There is no SRK set" },
+ { TPM_NOTSEALED_BLOB, "TPM_NOTSEALED_BLOB", "An encrypted blob
is invalid or was not created by this TPM" },
+ { TPM_OWNER_SET, "TPM_OWNER_SET", "There is already an
Owner" },
+ { TPM_RESOURCES, "TPM_RESOURCES", "The TPM has insufficient
internal resources to perform the requested action." },
+ { TPM_SHORTRANDOM, "TPM_SHORTRANDOM", "A random string was too
short" },
+ { TPM_SIZE, "TPM_SIZE", "The TPM does not have the space to
perform the operation." },
+ { TPM_WRONGPCRVAL, "TPM_WRONGPCRVAL", "The named PCR value
does not match the current PCR value." },
+ { TPM_BAD_PARAM_SIZE, "TPM_BAD_PARAM_SIZE", "The paramSize
argument to the command has the incorrect value" },
+ { TPM_SHA_THREAD, "TPM_SHA_THREAD", "There is no existing
SHA-1 thread." },
+ { TPM_SHA_ERROR, "TPM_SHA_ERROR", "The calculation is unable
to proceed because the existing SHA-1 thread has already encountered an
error." },
+ { TPM_FAILEDSELFTEST, "TPM_FAILEDSELFTEST", "Self-test has
failed and the TPM has shutdown." },
+ { TPM_AUTH2FAIL, "TPM_AUTH2FAIL", "The authorization for the
second key in a 2 key function failed authorization" },
+ { TPM_BADTAG, "TPM_BADTAG", "The tag value sent to for a
command is invalid" },
+ { TPM_IOERROR, "TPM_IOERROR", "An IO error occurred
transmitting information to the TPM" },
+ { TPM_ENCRYPT_ERROR, "TPM_ENCRYPT_ERROR", "The encryption
process had a problem." },
+ { TPM_DECRYPT_ERROR, "TPM_DECRYPT_ERROR", "The decryption
process did not complete." },
+ { TPM_INVALID_AUTHHANDLE, "TPM_INVALID_AUTHHANDLE", "An
invalid handle was used." },
+ { TPM_NO_ENDORSEMENT, "TPM_NO_ENDORSEMENT", "The TPM does not
a EK installed" },
+ { TPM_INVALID_KEYUSAGE, "TPM_INVALID_KEYUSAGE", "The usage of
a key is not allowed" },
+ { TPM_WRONG_ENTITYTYPE, "TPM_WRONG_ENTITYTYPE", "The submitted
entity type is not allowed" },
+ { TPM_INVALID_POSTINIT, "TPM_INVALID_POSTINIT", "The command
was received in the wrong sequence relative to TPM_Init and a subsequent
TPM_Startup" },
+ { TPM_INAPPROPRIATE_SIG, "TPM_INAPPROPRIATE_SIG", "Signed data
cannot include additional DER information" },
+ { TPM_BAD_KEY_PROPERTY, "TPM_BAD_KEY_PROPERTY", "The key
properties in TPM_KEY_PARMs are not supported by this TPM" },
+
+ { TPM_BAD_MIGRATION, "TPM_BAD_MIGRATION", "The migration
properties of this key are incorrect." },
+ { TPM_BAD_SCHEME, "TPM_BAD_SCHEME", "The signature or
encryption scheme for this key is incorrect or not permitted in this
situation." },
+ { TPM_BAD_DATASIZE, "TPM_BAD_DATASIZE", "The size of the data
(or blob) parameter is bad or inconsistent with the referenced key" },
+ { TPM_BAD_MODE, "TPM_BAD_MODE", "A mode parameter is bad, such
as capArea or subCapArea for TPM_GetCapability, phsicalPresence parameter for
TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob." },
+ { TPM_BAD_PRESENCE, "TPM_BAD_PRESENCE", "Either the
physicalPresence or physicalPresenceLock bits have the wrong value" },
+ { TPM_BAD_VERSION, "TPM_BAD_VERSION", "The TPM cannot perform
this version of the capability" },
+ { TPM_NO_WRAP_TRANSPORT, "TPM_NO_WRAP_TRANSPORT", "The TPM
does not allow for wrapped transport sessions" },
+ { TPM_AUDITFAIL_UNSUCCESSFUL, "TPM_AUDITFAIL_UNSUCCESSFUL",
"TPM audit construction failed and the underlying command was returning a
failure code also" },
+ { TPM_AUDITFAIL_SUCCESSFUL, "TPM_AUDITFAIL_SUCCESSFUL", "TPM
audit construction failed and the underlying command was returning success"
},
+ { TPM_NOTRESETABLE, "TPM_NOTRESETABLE", "Attempt to reset a
PCR register that does not have the resettable attribute" },
+ { TPM_NOTLOCAL, "TPM_NOTLOCAL", "Attempt to reset a PCR
register that requires locality and locality modifier not part of command
transport" },
+ { TPM_BAD_TYPE, "TPM_BAD_TYPE", "Make identity blob not
properly typed" },
+ { TPM_INVALID_RESOURCE, "TPM_INVALID_RESOURCE", "When saving
context identified resource type does not match actual resource" },
+ { TPM_NOTFIPS, "TPM_NOTFIPS", "The TPM is attempting to
execute a command only available when in FIPS mode" },
+ { TPM_INVALID_FAMILY, "TPM_INVALID_FAMILY", "The command is
attempting to use an invalid family ID" },
+ { TPM_NO_NV_PERMISSION, "TPM_NO_NV_PERMISSION", "The
permission to manipulate the NV storage is not available" },
+ { TPM_REQUIRES_SIGN, "TPM_REQUIRES_SIGN", "The operation
requires a signed command" },
+ { TPM_KEY_NOTSUPPORTED, "TPM_KEY_NOTSUPPORTED", "Wrong
operation to load an NV key" },
+ { TPM_AUTH_CONFLICT, "TPM_AUTH_CONFLICT", "NV_LoadKey blob
requires both owner and blob authorization" },
+ { TPM_AREA_LOCKED, "TPM_AREA_LOCKED", "The NV area is locked
and not writtable" },
+ { TPM_BAD_LOCALITY, "TPM_BAD_LOCALITY", "The locality is
incorrect for the attempted operation" },
+ { TPM_READ_ONLY, "TPM_READ_ONLY", "The NV area is read only
and can''t be written to" },
+ { TPM_PER_NOWRITE, "TPM_PER_NOWRITE", "There is no protection
on the write to the NV area" },
+ { TPM_FAMILYCOUNT, "TPM_FAMILYCOUNT", "The family count value
does not match" },
+ { TPM_WRITE_LOCKED, "TPM_WRITE_LOCKED", "The NV area has
already been written to" },
+ { TPM_BAD_ATTRIBUTES, "TPM_BAD_ATTRIBUTES", "The NV area
attributes conflict" },
+ { TPM_INVALID_STRUCTURE, "TPM_INVALID_STRUCTURE", "The
structure tag and version are invalid or inconsistent" },
+ { TPM_KEY_OWNER_CONTROL, "TPM_KEY_OWNER_CONTROL", "The key is
under control of the TPM Owner and can only be evicted by the TPM Owner."
},
+ { TPM_BAD_COUNTER, "TPM_BAD_COUNTER", "The counter handle is
incorrect" },
+ { TPM_NOT_FULLWRITE, "TPM_NOT_FULLWRITE", "The write is not a
complete write of the area" },
+ { TPM_CONTEXT_GAP, "TPM_CONTEXT_GAP", "The gap between saved
context counts is too large" },
+ { TPM_MAXNVWRITES, "TPM_MAXNVWRITES", "The maximum number of
NV writes without an owner has been exceeded" },
+ { TPM_NOOPERATOR, "TPM_NOOPERATOR", "No operator authorization
value is set" },
+ { TPM_RESOURCEMISSING, "TPM_RESOURCEMISSING", "The resource
pointed to by context is not loaded" },
+ { TPM_DELEGATE_LOCK, "TPM_DELEGATE_LOCK", "The delegate
administration is locked" },
+ { TPM_DELEGATE_FAMILY, "TPM_DELEGATE_FAMILY", "Attempt to
manage a family other then the delegated family" },
+ { TPM_DELEGATE_ADMIN, "TPM_DELEGATE_ADMIN", "Delegation table
management not enabled" },
+ { TPM_TRANSPORT_EXCLUSIVE, "TPM_TRANSPORT_EXCLUSIVE", "There
was a command executed outside of an exclusive transport session" },
+};
+
+
+// helper function for the error codes:
+const char* tpm_get_error_name (TPM_RESULT code) {
+ // just do a linear scan for now
+ unsigned i;
+ for (i = 0; i < sizeof(error_msgs)/sizeof(error_msgs[0]); i++)
+ if (code == error_msgs[i].code)
+ return error_msgs[i].code_name;
+
+ return("Unknown Error Code");
+}
diff --git a/stubdom/vtpmmgr/log.h b/stubdom/vtpmmgr/log.h
new file mode 100644
index 0000000..5c7abf5
--- /dev/null
+++ b/stubdom/vtpmmgr/log.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef __VTPM_LOG_H__
+#define __VTPM_LOG_H__
+
+#include <stdint.h> // for uint32_t
+#include <stddef.h> // for pointer NULL
+#include <stdio.h>
+#include "tcg.h"
+
+// =========================== LOGGING =============================+
+// the logging module numbers
+#define VTPM_LOG_TPM 1
+#define VTPM_LOG_TPM_DEEP 2
+#define VTPM_LOG_VTPM 3
+#define VTPM_LOG_VTPM_DEEP 4
+#define VTPM_LOG_TXDATA 5
+
+extern char *module_names[];
+
+// Default to standard logging
+#ifndef LOGGING_MODULES
+#define LOGGING_MODULES (BITMASK(VTPM_LOG_VTPM)|BITMASK(VTPM_LOG_TPM))
+#endif
+
+// bit-access macros
+#define BITMASK(idx) ( 1U << (idx) )
+#define GETBIT(num,idx) ( ((num) & BITMASK(idx)) >> idx )
+#define SETBIT(num,idx) (num) |= BITMASK(idx)
+#define CLEARBIT(num,idx) (num) &= ( ~ BITMASK(idx) )
+
+#define vtpmloginfo(module, fmt, args...) \
+ if (GETBIT (LOGGING_MODULES, module) == 1) { \
+ fprintf (stdout, "INFO[%s]: " fmt, module_names[module], ##args);
\
+ }
+
+#define vtpmloginfomore(module, fmt, args...) \
+ if (GETBIT (LOGGING_MODULES, module) == 1) { \
+ fprintf (stdout, fmt,##args); \
+ }
+
+#define vtpmlogerror(module, fmt, args...) \
+ fprintf (stderr, "ERROR[%s]: " fmt, module_names[module], ##args);
+
+//typedef UINT32 tpm_size_t;
+
+// helper function for the error codes:
+const char* tpm_get_error_name (TPM_RESULT code);
+
+#endif // _VTPM_LOG_H_
diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h
new file mode 100644
index 0000000..77d32f0
--- /dev/null
+++ b/stubdom/vtpmmgr/marshal.h
@@ -0,0 +1,528 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef MARSHAL_H
+#define MARSHAL_H
+
+#include <stdlib.h>
+#include <mini-os/byteorder.h>
+#include <mini-os/endian.h>
+#include "tcg.h"
+
+typedef enum UnpackPtr {
+ UNPACK_ALIAS,
+ UNPACK_ALLOC
+} UnpackPtr;
+
+inline BYTE* pack_BYTE(BYTE* ptr, BYTE t) {
+ ptr[0] = t;
+ return ++ptr;
+}
+
+inline BYTE* unpack_BYTE(BYTE* ptr, BYTE* t) {
+ t[0] = ptr[0];
+ return ++ptr;
+}
+
+#define pack_BOOL(p, t) pack_BYTE(p, t)
+#define unpack_BOOL(p, t) unpack_BYTE(p, t)
+
+inline BYTE* pack_UINT16(BYTE* ptr, UINT16 t) {
+ BYTE* b = (BYTE*)&t;
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ ptr[0] = b[1];
+ ptr[1] = b[0];
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ ptr[0] = b[0];
+ ptr[1] = b[1];
+#endif
+ return ptr + sizeof(UINT16);
+}
+
+inline BYTE* unpack_UINT16(BYTE* ptr, UINT16* t) {
+ BYTE* b = (BYTE*)t;
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ b[0] = ptr[1];
+ b[1] = ptr[0];
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ b[0] = ptr[0];
+ b[1] = ptr[1];
+#endif
+ return ptr + sizeof(UINT16);
+}
+
+inline BYTE* pack_UINT32(BYTE* ptr, UINT32 t) {
+ BYTE* b = (BYTE*)&t;
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ ptr[3] = b[0];
+ ptr[2] = b[1];
+ ptr[1] = b[2];
+ ptr[0] = b[3];
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ ptr[0] = b[0];
+ ptr[1] = b[1];
+ ptr[2] = b[2];
+ ptr[3] = b[3];
+#endif
+ return ptr + sizeof(UINT32);
+}
+
+inline BYTE* unpack_UINT32(BYTE* ptr, UINT32* t) {
+ BYTE* b = (BYTE*)t;
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ b[0] = ptr[3];
+ b[1] = ptr[2];
+ b[2] = ptr[1];
+ b[3] = ptr[0];
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ b[0] = ptr[0];
+ b[1] = ptr[1];
+ b[2] = ptr[2];
+ b[3] = ptr[3];
+#endif
+ return ptr + sizeof(UINT32);
+}
+
+#define pack_TPM_RESULT(p, t) pack_UINT32(p, t)
+#define pack_TPM_PCRINDEX(p, t) pack_UINT32(p, t)
+#define pack_TPM_DIRINDEX(p, t) pack_UINT32(p, t)
+#define pack_TPM_HANDLE(p, t) pack_UINT32(p, t)
+#define pack_TPM_AUTHHANDLE(p, t) pack_TPM_HANDLE(p, t)
+#define pack_TCPA_HASHHANDLE(p, t) pack_TPM_HANDLE(p, t)
+#define pack_TCPA_HMACHANDLE(p, t) pack_TPM_HANDLE(p, t)
+#define pack_TCPA_ENCHANDLE(p, t) pack_TPM_HANDLE(p, t)
+#define pack_TPM_KEY_HANDLE(p, t) pack_TPM_HANDLE(p, t)
+#define pack_TCPA_ENTITYHANDLE(p, t) pack_TPM_HANDLE(p, t)
+#define pack_TPM_RESOURCE_TYPE(p, t) pack_UINT32(p, t)
+#define pack_TPM_COMMAND_CODE(p, t) pack_UINT32(p, t)
+#define pack_TPM_PROTOCOL_ID(p, t) pack_UINT16(p, t)
+#define pack_TPM_AUTH_DATA_USAGE(p, t) pack_BYTE(p, t)
+#define pack_TPM_ENTITY_TYPE(p, t) pack_UINT16(p, t)
+#define pack_TPM_ALGORITHM_ID(p, t) pack_UINT32(p, t)
+#define pack_TPM_KEY_USAGE(p, t) pack_UINT16(p, t)
+#define pack_TPM_STARTUP_TYPE(p, t) pack_UINT16(p, t)
+#define pack_TPM_CAPABILITY_AREA(p, t) pack_UINT32(p, t)
+#define pack_TPM_ENC_SCHEME(p, t) pack_UINT16(p, t)
+#define pack_TPM_SIG_SCHEME(p, t) pack_UINT16(p, t)
+#define pack_TPM_MIGRATE_SCHEME(p, t) pack_UINT16(p, t)
+#define pack_TPM_PHYSICAL_PRESENCE(p, t) pack_UINT16(p, t)
+#define pack_TPM_KEY_FLAGS(p, t) pack_UINT32(p, t)
+
+#define unpack_TPM_RESULT(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_PCRINDEX(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_DIRINDEX(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_HANDLE(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_AUTHHANDLE(p, t) unpack_TPM_HANDLE(p, t)
+#define unpack_TCPA_HASHHANDLE(p, t) unpack_TPM_HANDLE(p, t)
+#define unpack_TCPA_HMACHANDLE(p, t) unpack_TPM_HANDLE(p, t)
+#define unpack_TCPA_ENCHANDLE(p, t) unpack_TPM_HANDLE(p, t)
+#define unpack_TPM_KEY_HANDLE(p, t) unpack_TPM_HANDLE(p, t)
+#define unpack_TCPA_ENTITYHANDLE(p, t) unpack_TPM_HANDLE(p, t)
+#define unpack_TPM_RESOURCE_TYPE(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_COMMAND_CODE(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_PROTOCOL_ID(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_AUTH_DATA_USAGE(p, t) unpack_BYTE(p, t)
+#define unpack_TPM_ENTITY_TYPE(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_ALGORITHM_ID(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_KEY_USAGE(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_STARTUP_TYPE(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_CAPABILITY_AREA(p, t) unpack_UINT32(p, t)
+#define unpack_TPM_ENC_SCHEME(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_SIG_SCHEME(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_MIGRATE_SCHEME(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_PHYSICAL_PRESENCE(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_KEY_FLAGS(p, t) unpack_UINT32(p, t)
+
+#define pack_TPM_AUTH_HANDLE(p, t) pack_UINT32(p, t);
+#define pack_TCS_CONTEXT_HANDLE(p, t) pack_UINT32(p, t);
+#define pack_TCS_KEY_HANDLE(p, t) pack_UINT32(p, t);
+
+#define unpack_TPM_AUTH_HANDLE(p, t) unpack_UINT32(p, t);
+#define unpack_TCS_CONTEXT_HANDLE(p, t) unpack_UINT32(p, t);
+#define unpack_TCS_KEY_HANDLE(p, t) unpack_UINT32(p, t);
+
+inline BYTE* pack_BUFFER(BYTE* ptr, const BYTE* buf, UINT32 size) {
+ memcpy(ptr, buf, size);
+ return ptr + size;
+}
+
+inline BYTE* unpack_BUFFER(BYTE* ptr, BYTE* buf, UINT32 size) {
+ memcpy(buf, ptr, size);
+ return ptr + size;
+}
+
+inline BYTE* unpack_ALIAS(BYTE* ptr, BYTE** buf, UINT32 size) {
+ *buf = ptr;
+ return ptr + size;
+}
+
+inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) {
+ if(size) {
+ *buf = malloc(size);
+ memcpy(*buf, ptr, size);
+ } else {
+ *buf = NULL;
+ }
+ return ptr + size;
+}
+
+inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) {
+ if(alloc == UNPACK_ALLOC) {
+ return unpack_ALLOC(ptr, buf, size);
+ } else {
+ return unpack_ALIAS(ptr, buf, size);
+ }
+}
+
+inline BYTE* pack_TPM_AUTHDATA(BYTE* ptr, const TPM_AUTHDATA* d) {
+ return pack_BUFFER(ptr, *d, TPM_DIGEST_SIZE);
+}
+
+inline BYTE* unpack_TPM_AUTHDATA(BYTE* ptr, TPM_AUTHDATA* d) {
+ return unpack_BUFFER(ptr, *d, TPM_DIGEST_SIZE);
+}
+
+#define pack_TPM_SECRET(p, t) pack_TPM_AUTHDATA(p, t)
+#define pack_TPM_ENCAUTH(p, t) pack_TPM_AUTHDATA(p, t)
+#define pack_TPM_PAYLOAD_TYPE(p, t) pack_BYTE(p, t)
+#define pack_TPM_TAG(p, t) pack_UINT16(p, t)
+#define pack_TPM_STRUCTURE_TAG(p, t) pack_UINT16(p, t)
+
+#define unpack_TPM_SECRET(p, t) unpack_TPM_AUTHDATA(p, t)
+#define unpack_TPM_ENCAUTH(p, t) unpack_TPM_AUTHDATA(p, t)
+#define unpack_TPM_PAYLOAD_TYPE(p, t) unpack_BYTE(p, t)
+#define unpack_TPM_TAG(p, t) unpack_UINT16(p, t)
+#define unpack_TPM_STRUCTURE_TAG(p, t) unpack_UINT16(p, t)
+
+inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) {
+ ptr[0] = t->major;
+ ptr[1] = t->minor;
+ ptr[2] = t->revMajor;
+ ptr[3] = t->revMinor;
+ return ptr + 4;
+}
+
+inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) {
+ t->major = ptr[0];
+ t->minor = ptr[1];
+ t->revMajor = ptr[2];
+ t->revMinor = ptr[3];
+ return ptr + 4;
+}
+
+inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO*
v) {
+ ptr = pack_TPM_STRUCTURE_TAG(ptr, v->tag);
+ ptr = pack_TPM_VERSION(ptr, &v->version);
+ ptr = pack_UINT16(ptr, v->specLevel);
+ ptr = pack_BYTE(ptr, v->errataRev);
+ ptr = pack_BUFFER(ptr, v->tpmVendorID, sizeof(v->tpmVendorID));
+ ptr = pack_UINT16(ptr, v->vendorSpecificSize);
+ ptr = pack_BUFFER(ptr, v->vendorSpecific, v->vendorSpecificSize);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v,
UnpackPtr alloc) {
+ ptr = unpack_TPM_STRUCTURE_TAG(ptr, &v->tag);
+ ptr = unpack_TPM_VERSION(ptr, &v->version);
+ ptr = unpack_UINT16(ptr, &v->specLevel);
+ ptr = unpack_BYTE(ptr, &v->errataRev);
+ ptr = unpack_BUFFER(ptr, v->tpmVendorID, sizeof(v->tpmVendorID));
+ ptr = unpack_UINT16(ptr, &v->vendorSpecificSize);
+ ptr = unpack_PTR(ptr, &v->vendorSpecific, v->vendorSpecificSize,
alloc);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_DIGEST(BYTE* ptr, const TPM_DIGEST* d) {
+ return pack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE);
+}
+
+inline BYTE* unpack_TPM_DIGEST(BYTE* ptr, TPM_DIGEST* d) {
+ return unpack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE);
+}
+
+#define pack_TPM_PCRVALUE(ptr, d) pack_TPM_DIGEST(ptr, d);
+#define unpack_TPM_PCRVALUE(ptr, d) unpack_TPM_DIGEST(ptr, d);
+
+#define pack_TPM_COMPOSITE_HASH(ptr, d) pack_TPM_DIGEST(ptr, d);
+#define unpack_TPM_COMPOSITE_HASH(ptr, d) unpack_TPM_DIGEST(ptr, d);
+
+#define pack_TPM_DIRVALUE(ptr, d) pack_TPM_DIGEST(ptr, d);
+#define unpack_TPM_DIRVALUE(ptr, d) unpack_TPM_DIGEST(ptr, d);
+
+#define pack_TPM_HMAC(ptr, d) pack_TPM_DIGEST(ptr, d);
+#define unpack_TPM_HMAC(ptr, d) unpack_TPM_DIGEST(ptr, d);
+
+#define pack_TPM_CHOSENID_HASH(ptr, d) pack_TPM_DIGEST(ptr, d);
+#define unpack_TPM_CHOSENID_HASH(ptr, d) unpack_TPM_DIGEST(ptr, d);
+
+inline BYTE* pack_TPM_NONCE(BYTE* ptr, const TPM_NONCE* n) {
+ return pack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE);
+}
+
+inline BYTE* unpack_TPM_NONCE(BYTE* ptr, TPM_NONCE* n) {
+ return unpack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE);
+}
+
+inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const
TPM_SYMMETRIC_KEY_PARMS* k) {
+ ptr = pack_UINT32(ptr, k->keyLength);
+ ptr = pack_UINT32(ptr, k->blockSize);
+ ptr = pack_UINT32(ptr, k->ivSize);
+ return pack_BUFFER(ptr, k->IV, k->ivSize);
+}
+
+inline BYTE* unpack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, TPM_SYMMETRIC_KEY_PARMS*
k, UnpackPtr alloc) {
+ ptr = unpack_UINT32(ptr, &k->keyLength);
+ ptr = unpack_UINT32(ptr, &k->blockSize);
+ ptr = unpack_UINT32(ptr, &k->ivSize);
+ return unpack_PTR(ptr, &k->IV, k->ivSize, alloc);
+}
+
+inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) {
+ ptr = pack_UINT32(ptr, k->keyLength);
+ ptr = pack_UINT32(ptr, k->numPrimes);
+ ptr = pack_UINT32(ptr, k->exponentSize);
+ return pack_BUFFER(ptr, k->exponent, k->exponentSize);
+}
+
+inline BYTE* unpack_TPM_RSA_KEY_PARMS(BYTE* ptr, TPM_RSA_KEY_PARMS* k,
UnpackPtr alloc) {
+ ptr = unpack_UINT32(ptr, &k->keyLength);
+ ptr = unpack_UINT32(ptr, &k->numPrimes);
+ ptr = unpack_UINT32(ptr, &k->exponentSize);
+ return unpack_PTR(ptr, &k->exponent, k->exponentSize, alloc);
+}
+
+inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) {
+ ptr = pack_TPM_ALGORITHM_ID(ptr, k->algorithmID);
+ ptr = pack_TPM_ENC_SCHEME(ptr, k->encScheme);
+ ptr = pack_TPM_SIG_SCHEME(ptr, k->sigScheme);
+ ptr = pack_UINT32(ptr, k->parmSize);
+
+ if(k->parmSize) {
+ switch(k->algorithmID) {
+ case TPM_ALG_RSA:
+ return pack_TPM_RSA_KEY_PARMS(ptr, &k->parms.rsa);
+ case TPM_ALG_AES128:
+ case TPM_ALG_AES192:
+ case TPM_ALG_AES256:
+ return pack_TPM_SYMMETRIC_KEY_PARMS(ptr, &k->parms.sym);
+ }
+ }
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_KEY_PARMS(BYTE* ptr, TPM_KEY_PARMS* k, UnpackPtr alloc)
{
+ ptr = unpack_TPM_ALGORITHM_ID(ptr, &k->algorithmID);
+ ptr = unpack_TPM_ENC_SCHEME(ptr, &k->encScheme);
+ ptr = unpack_TPM_SIG_SCHEME(ptr, &k->sigScheme);
+ ptr = unpack_UINT32(ptr, &k->parmSize);
+
+ if(k->parmSize) {
+ switch(k->algorithmID) {
+ case TPM_ALG_RSA:
+ return unpack_TPM_RSA_KEY_PARMS(ptr, &k->parms.rsa, alloc);
+ case TPM_ALG_AES128:
+ case TPM_ALG_AES192:
+ case TPM_ALG_AES256:
+ return unpack_TPM_SYMMETRIC_KEY_PARMS(ptr, &k->parms.sym,
alloc);
+ }
+ }
+ return ptr;
+}
+
+inline BYTE* pack_TPM_STORE_PUBKEY(BYTE* ptr, const TPM_STORE_PUBKEY* k) {
+ ptr = pack_UINT32(ptr, k->keyLength);
+ ptr = pack_BUFFER(ptr, k->key, k->keyLength);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_STORE_PUBKEY(BYTE* ptr, TPM_STORE_PUBKEY* k, UnpackPtr
alloc) {
+ ptr = unpack_UINT32(ptr, &k->keyLength);
+ ptr = unpack_PTR(ptr, &k->key, k->keyLength, alloc);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_PUBKEY(BYTE* ptr, const TPM_PUBKEY* k) {
+ ptr = pack_TPM_KEY_PARMS(ptr, &k->algorithmParms);
+ return pack_TPM_STORE_PUBKEY(ptr, &k->pubKey);
+}
+
+inline BYTE* unpack_TPM_PUBKEY(BYTE* ptr, TPM_PUBKEY* k, UnpackPtr alloc) {
+ ptr = unpack_TPM_KEY_PARMS(ptr, &k->algorithmParms, alloc);
+ return unpack_TPM_STORE_PUBKEY(ptr, &k->pubKey, alloc);
+}
+
+inline BYTE* pack_TPM_PCR_SELECTION(BYTE* ptr, const TPM_PCR_SELECTION* p) {
+ ptr = pack_UINT16(ptr, p->sizeOfSelect);
+ ptr = pack_BUFFER(ptr, p->pcrSelect, p->sizeOfSelect);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_PCR_SELECTION(BYTE* ptr, TPM_PCR_SELECTION* p,
UnpackPtr alloc) {
+ ptr = unpack_UINT16(ptr, &p->sizeOfSelect);
+ ptr = unpack_PTR(ptr, &p->pcrSelect, p->sizeOfSelect, alloc);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) {
+ ptr = pack_TPM_PCR_SELECTION(ptr, &p->pcrSelection);
+ ptr = pack_TPM_COMPOSITE_HASH(ptr, &p->digestAtRelease);
+ ptr = pack_TPM_COMPOSITE_HASH(ptr, &p->digestAtCreation);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_PCR_INFO(BYTE* ptr, TPM_PCR_INFO* p, UnpackPtr alloc) {
+ ptr = unpack_TPM_PCR_SELECTION(ptr, &p->pcrSelection, alloc);
+ ptr = unpack_TPM_COMPOSITE_HASH(ptr, &p->digestAtRelease);
+ ptr = unpack_TPM_COMPOSITE_HASH(ptr, &p->digestAtCreation);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) {
+ ptr = pack_TPM_PCR_SELECTION(ptr, &p->select);
+ ptr = pack_UINT32(ptr, p->valueSize);
+ ptr = pack_BUFFER(ptr, (const BYTE*)p->pcrValue, p->valueSize);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_PCR_COMPOSITE(BYTE* ptr, TPM_PCR_COMPOSITE* p,
UnpackPtr alloc) {
+ ptr = unpack_TPM_PCR_SELECTION(ptr, &p->select, alloc);
+ ptr = unpack_UINT32(ptr, &p->valueSize);
+ ptr = unpack_PTR(ptr, (BYTE**)&p->pcrValue, p->valueSize, alloc);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) {
+ ptr = pack_TPM_VERSION(ptr, &k->ver);
+ ptr = pack_TPM_KEY_USAGE(ptr, k->keyUsage);
+ ptr = pack_TPM_KEY_FLAGS(ptr, k->keyFlags);
+ ptr = pack_TPM_AUTH_DATA_USAGE(ptr, k->authDataUsage);
+ ptr = pack_TPM_KEY_PARMS(ptr, &k->algorithmParms);
+ ptr = pack_UINT32(ptr, k->PCRInfoSize);
+ if(k->PCRInfoSize) {
+ ptr = pack_TPM_PCR_INFO(ptr, &k->PCRInfo);
+ }
+ ptr = pack_TPM_STORE_PUBKEY(ptr, &k->pubKey);
+ ptr = pack_UINT32(ptr, k->encDataSize);
+ return pack_BUFFER(ptr, k->encData, k->encDataSize);
+}
+
+inline BYTE* unpack_TPM_KEY(BYTE* ptr, TPM_KEY* k, UnpackPtr alloc) {
+ ptr = unpack_TPM_VERSION(ptr, &k->ver);
+ ptr = unpack_TPM_KEY_USAGE(ptr, &k->keyUsage);
+ ptr = unpack_TPM_KEY_FLAGS(ptr, &k->keyFlags);
+ ptr = unpack_TPM_AUTH_DATA_USAGE(ptr, &k->authDataUsage);
+ ptr = unpack_TPM_KEY_PARMS(ptr, &k->algorithmParms, alloc);
+ ptr = unpack_UINT32(ptr, &k->PCRInfoSize);
+ if(k->PCRInfoSize) {
+ ptr = unpack_TPM_PCR_INFO(ptr, &k->PCRInfo, alloc);
+ }
+ ptr = unpack_TPM_STORE_PUBKEY(ptr, &k->pubKey, alloc);
+ ptr = unpack_UINT32(ptr, &k->encDataSize);
+ return unpack_PTR(ptr, &k->encData, k->encDataSize, alloc);
+}
+
+inline BYTE* pack_TPM_BOUND_DATA(BYTE* ptr, const TPM_BOUND_DATA* b, UINT32
payloadSize) {
+ ptr = pack_TPM_VERSION(ptr, &b->ver);
+ ptr = pack_TPM_PAYLOAD_TYPE(ptr, b->payload);
+ return pack_BUFFER(ptr, b->payloadData, payloadSize);
+}
+
+inline BYTE* unpack_TPM_BOUND_DATA(BYTE* ptr, TPM_BOUND_DATA* b, UINT32
payloadSize, UnpackPtr alloc) {
+ ptr = unpack_TPM_VERSION(ptr, &b->ver);
+ ptr = unpack_TPM_PAYLOAD_TYPE(ptr, &b->payload);
+ return unpack_PTR(ptr, &b->payloadData, payloadSize, alloc);
+}
+
+inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) {
+ ptr = pack_TPM_VERSION(ptr, &d->ver);
+ ptr = pack_UINT32(ptr, d->sealInfoSize);
+ if(d->sealInfoSize) {
+ ptr = pack_TPM_PCR_INFO(ptr, &d->sealInfo);
+ }
+ ptr = pack_UINT32(ptr, d->encDataSize);
+ ptr = pack_BUFFER(ptr, d->encData, d->encDataSize);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_STORED_DATA(BYTE* ptr, TPM_STORED_DATA* d, UnpackPtr
alloc) {
+ ptr = unpack_TPM_VERSION(ptr, &d->ver);
+ ptr = unpack_UINT32(ptr, &d->sealInfoSize);
+ if(d->sealInfoSize) {
+ ptr = unpack_TPM_PCR_INFO(ptr, &d->sealInfo, alloc);
+ }
+ ptr = unpack_UINT32(ptr, &d->encDataSize);
+ ptr = unpack_PTR(ptr, &d->encData, d->encDataSize, alloc);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) {
+ ptr = pack_TPM_AUTH_HANDLE(ptr, auth->AuthHandle);
+ ptr = pack_TPM_NONCE(ptr, &auth->NonceOdd);
+ ptr = pack_BOOL(ptr, auth->fContinueAuthSession);
+ ptr = pack_TPM_AUTHDATA(ptr, &auth->HMAC);
+ return ptr;
+}
+
+inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) {
+ ptr = unpack_TPM_NONCE(ptr, &auth->NonceEven);
+ ptr = unpack_BOOL(ptr, &auth->fContinueAuthSession);
+ ptr = unpack_TPM_AUTHDATA(ptr, &auth->HMAC);
+ return ptr;
+}
+
+inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr,
+ TPM_TAG tag,
+ UINT32 size,
+ TPM_COMMAND_CODE ord) {
+ ptr = pack_UINT16(ptr, tag);
+ ptr = pack_UINT32(ptr, size);
+ return pack_UINT32(ptr, ord);
+}
+
+inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr,
+ TPM_TAG* tag,
+ UINT32* size,
+ TPM_COMMAND_CODE* ord) {
+ ptr = unpack_UINT16(ptr, tag);
+ ptr = unpack_UINT32(ptr, size);
+ ptr = unpack_UINT32(ptr, ord);
+ return ptr;
+}
+
+#define pack_TPM_RSP_HEADER(p, t, s, r) pack_TPM_RQU_HEADER(p, t, s, r);
+#define unpack_TPM_RSP_HEADER(p, t, s, r) unpack_TPM_RQU_HEADER(p, t, s, r);
+
+#endif
diff --git a/stubdom/vtpmmgr/minios.cfg b/stubdom/vtpmmgr/minios.cfg
new file mode 100644
index 0000000..3fb383d
--- /dev/null
+++ b/stubdom/vtpmmgr/minios.cfg
@@ -0,0 +1,14 @@
+CONFIG_TPMFRONT=y
+CONFIG_TPM_TIS=y
+CONFIG_TPMBACK=y
+CONFIG_START_NETWORK=n
+CONFIG_TEST=n
+CONFIG_PCIFRONT=n
+CONFIG_BLKFRONT=y
+CONFIG_NETFRONT=n
+CONFIG_FBFRONT=n
+CONFIG_KBDFRONT=n
+CONFIG_CONSFRONT=n
+CONFIG_XENBUS=y
+CONFIG_LWIP=n
+CONFIG_XC=n
diff --git a/stubdom/vtpmmgr/tcg.h b/stubdom/vtpmmgr/tcg.h
new file mode 100644
index 0000000..7687eae
--- /dev/null
+++ b/stubdom/vtpmmgr/tcg.h
@@ -0,0 +1,707 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005 Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef __TCG_H__
+#define __TCG_H__
+
+#include <stdlib.h>
+#include <stdint.h>
+
+// **************************** CONSTANTS *********************************
+
+// BOOL values
+#define TRUE 0x01
+#define FALSE 0x00
+
+#define TCPA_MAX_BUFFER_LENGTH 0x2000
+
+//
+// TPM_COMMAND_CODE values
+#define TPM_PROTECTED_ORDINAL 0x00000000UL
+#define TPM_UNPROTECTED_ORDINAL 0x80000000UL
+#define TPM_CONNECTION_ORDINAL 0x40000000UL
+#define TPM_VENDOR_ORDINAL 0x20000000UL
+
+#define TPM_ORD_OIAP (10UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_OSAP (11UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ChangeAuth (12UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_TakeOwnership (13UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ChangeAuthAsymStart (14UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ChangeAuthAsymFinish (15UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ChangeAuthOwner (16UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Extend (20UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_PcrRead (21UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Quote (22UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Seal (23UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Unseal (24UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_DirWriteAuth (25UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_DirRead (26UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_UnBind (30UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CreateWrapKey (31UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadKey (32UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetPubKey (33UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_EvictKey (34UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CreateMigrationBlob (40UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReWrapKey (41UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ConvertMigrationBlob (42UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_AuthorizeMigrationKey (43UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CreateMaintenanceArchive (44UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadMaintenanceArchive (45UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_KillMaintenanceFeature (46UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadManuMaintPub (47UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReadManuMaintPub (48UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CertifyKey (50UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Sign (60UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetRandom (70UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_StirRandom (71UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SelfTestFull (80UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SelfTestStartup (81UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CertifySelfTest (82UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ContinueSelfTest (83UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetTestResult (84UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Reset (90UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_OwnerClear (91UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_DisableOwnerClear (92UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ForceClear (93UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_DisableForceClear (94UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetCapabilitySigned (100UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetCapability (101UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetCapabilityOwner (102UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_OwnerSetDisable (110UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_PhysicalEnable (111UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_PhysicalDisable (112UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SetOwnerInstall (113UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_PhysicalSetDeactivated (114UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SetTempDeactivated (115UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CreateEndorsementKeyPair (120UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_MakeIdentity (121UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ActivateIdentity (122UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReadPubek (124UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_OwnerReadPubek (125UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_DisablePubekRead (126UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetAuditEvent (130UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetAuditEventSigned (131UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetOrdinalAuditStatus (140UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SetOrdinalAuditStatus (141UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Terminate_Handle (150UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Init (151UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SaveState (152UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Startup (153UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SetRedirection (154UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SHA1Start (160UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SHA1Update (161UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SHA1Complete (162UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SHA1CompleteExtend (163UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_FieldUpgrade (170UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SaveKeyContext (180UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadKeyContext (181UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SaveAuthContext (182UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadAuthContext (183UL + TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_SaveContext (184UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_LoadContext (185UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_FlushSpecific (186UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_PCR_Reset (200UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_NV_DefineSpace (204UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_NV_WriteValue (205UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_NV_WriteValueAuth (206UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_NV_ReadValue (207UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_NV_ReadValueAuth (208UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_UpdateVerification (209UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_Manage (210UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_CreateKeyDelegation (212UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_CreateOwnerDelegation (213UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_VerifyDelegation (214UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_LoadOwnerDelegation (216UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_ReadAuth (217UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_Delegate_ReadTable (219UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_CreateCounter (220UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_IncrementCounter (221UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReadCounter (222UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReleaseCounter (223UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReleaseCounterOwner (224UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_EstablishTransport (230UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ExecuteTransport (231UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_ReleaseTransportSigned (232UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_GetTicks (241UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_TickStampBlob (242UL +
TPM_PROTECTED_ORDINAL)
+#define TPM_ORD_MAX (256UL +
TPM_PROTECTED_ORDINAL)
+
+#define TSC_ORD_PhysicalPresence (10UL + TPM_CONNECTION_ORDINAL)
+
+
+
+//
+// TPM_RESULT values
+//
+// just put in the whole table from spec 1.2
+
+#define TPM_BASE 0x0 // The start of TPM return codes
+#define TPM_VENDOR_ERROR 0x00000400 // Mask to indicate that the error code is
vendor specific for vendor specific commands
+#define TPM_NON_FATAL 0x00000800 // Mask to indicate that the error code is a
non-fatal failure.
+
+#define TPM_SUCCESS TPM_BASE // Successful completion of the operation
+#define TPM_AUTHFAIL TPM_BASE + 1 // Authentication failed
+#define TPM_BADINDEX TPM_BASE + 2 // The index to a PCR, DIR or other
register is incorrect
+#define TPM_BAD_PARAMETER TPM_BASE + 3 // One or more parameter is bad
+#define TPM_AUDITFAILURE TPM_BASE + 4 // An operation completed
successfully but the auditing of that operation failed.
+#define TPM_CLEAR_DISABLED TPM_BASE + 5 // The clear disable flag is set
and all clear operations now require physical access
+#define TPM_DEACTIVATED TPM_BASE + 6 // The TPM is deactivated
+#define TPM_DISABLED TPM_BASE + 7 // The TPM is disabled
+#define TPM_DISABLED_CMD TPM_BASE + 8 // The target command has been
disabled
+#define TPM_FAIL TPM_BASE + 9 // The operation failed
+#define TPM_BAD_ORDINAL TPM_BASE + 10 // The ordinal was unknown or
inconsistent
+#define TPM_INSTALL_DISABLED TPM_BASE + 11 // The ability to install an owner
is disabled
+#define TPM_INVALID_KEYHANDLE TPM_BASE + 12 // The key handle presented was
invalid
+#define TPM_KEYNOTFOUND TPM_BASE + 13 // The target key was not found
+#define TPM_INAPPROPRIATE_ENC TPM_BASE + 14 // Unacceptable encryption scheme
+#define TPM_MIGRATEFAIL TPM_BASE + 15 // Migration authorization failed
+#define TPM_INVALID_PCR_INFO TPM_BASE + 16 // PCR information could not be
interpreted
+#define TPM_NOSPACE TPM_BASE + 17 // No room to load key.
+#define TPM_NOSRK TPM_BASE + 18 // There is no SRK set
+#define TPM_NOTSEALED_BLOB TPM_BASE + 19 // An encrypted blob is invalid or
was not created by this TPM
+#define TPM_OWNER_SET TPM_BASE + 20 // There is already an Owner
+#define TPM_RESOURCES TPM_BASE + 21 // The TPM has insufficient internal
resources to perform the requested action.
+#define TPM_SHORTRANDOM TPM_BASE + 22 // A random string was too short
+#define TPM_SIZE TPM_BASE + 23 // The TPM does not have the space to
perform the operation.
+#define TPM_WRONGPCRVAL TPM_BASE + 24 // The named PCR value does not match
the current PCR value.
+#define TPM_BAD_PARAM_SIZE TPM_BASE + 25 // The paramSize argument to the
command has the incorrect value
+#define TPM_SHA_THREAD TPM_BASE + 26 // There is no existing SHA-1 thread.
+#define TPM_SHA_ERROR TPM_BASE + 27 // The calculation is unable to
proceed because the existing SHA-1 thread has already encountered an error.
+#define TPM_FAILEDSELFTEST TPM_BASE + 28 // Self-test has failed and the
TPM has shutdown.
+#define TPM_AUTH2FAIL TPM_BASE + 29 // The authorization for the second
key in a 2 key function failed authorization
+#define TPM_BADTAG TPM_BASE + 30 // The tag value sent to for a command
is invalid
+#define TPM_IOERROR TPM_BASE + 31 // An IO error occurred transmitting
information to the TPM
+#define TPM_ENCRYPT_ERROR TPM_BASE + 32 // The encryption process had a
problem.
+#define TPM_DECRYPT_ERROR TPM_BASE + 33 // The decryption process did not
complete.
+#define TPM_INVALID_AUTHHANDLE TPM_BASE + 34 // An invalid handle was used.
+#define TPM_NO_ENDORSEMENT TPM_BASE + 35 // The TPM does not a EK installed
+#define TPM_INVALID_KEYUSAGE TPM_BASE + 36 // The usage of a key is not
allowed
+#define TPM_WRONG_ENTITYTYPE TPM_BASE + 37 // The submitted entity type is
not allowed
+#define TPM_INVALID_POSTINIT TPM_BASE + 38 // The command was received in the
wrong sequence relative to TPM_Init and a subsequent TPM_Startup
+#define TPM_INAPPROPRIATE_SIG TPM_BASE + 39 // Signed data cannot include
additional DER information
+#define TPM_BAD_KEY_PROPERTY TPM_BASE + 40 // The key properties in
TPM_KEY_PARMs are not supported by this TPM
+
+#define TPM_BAD_MIGRATION TPM_BASE + 41 // The migration properties of
this key are incorrect.
+#define TPM_BAD_SCHEME TPM_BASE + 42 // The signature or encryption
scheme for this key is incorrect or not permitted in this situation.
+#define TPM_BAD_DATASIZE TPM_BASE + 43 // The size of the data (or blob)
parameter is bad or inconsistent with the referenced key
+#define TPM_BAD_MODE TPM_BASE + 44 // A mode parameter is bad, such as
capArea or subCapArea for TPM_GetCapability, phsicalPresence parameter for
TPM_PhysicalPresence, or migrationType for TPM_CreateMigrationBlob.
+#define TPM_BAD_PRESENCE TPM_BASE + 45 // Either the physicalPresence or
physicalPresenceLock bits have the wrong value
+#define TPM_BAD_VERSION TPM_BASE + 46 // The TPM cannot perform this
version of the capability
+#define TPM_NO_WRAP_TRANSPORT TPM_BASE + 47 // The TPM does not allow for
wrapped transport sessions
+#define TPM_AUDITFAIL_UNSUCCESSFUL TPM_BASE + 48 // TPM audit construction
failed and the underlying command was returning a failure code also
+#define TPM_AUDITFAIL_SUCCESSFUL TPM_BASE + 49 // TPM audit construction
failed and the underlying command was returning success
+#define TPM_NOTRESETABLE TPM_BASE + 50 // Attempt to reset a PCR register
that does not have the resettable attribute
+#define TPM_NOTLOCAL TPM_BASE + 51 // Attempt to reset a PCR register
that requires locality and locality modifier not part of command transport
+#define TPM_BAD_TYPE TPM_BASE + 52 // Make identity blob not properly
typed
+#define TPM_INVALID_RESOURCE TPM_BASE + 53 // When saving context
identified resource type does not match actual resource
+#define TPM_NOTFIPS TPM_BASE + 54 // The TPM is attempting to execute a
command only available when in FIPS mode
+#define TPM_INVALID_FAMILY TPM_BASE + 55 // The command is attempting to
use an invalid family ID
+#define TPM_NO_NV_PERMISSION TPM_BASE + 56 // The permission to manipulate
the NV storage is not available
+#define TPM_REQUIRES_SIGN TPM_BASE + 57 // The operation requires a signed
command
+#define TPM_KEY_NOTSUPPORTED TPM_BASE + 58 // Wrong operation to load an NV
key
+#define TPM_AUTH_CONFLICT TPM_BASE + 59 // NV_LoadKey blob requires both
owner and blob authorization
+#define TPM_AREA_LOCKED TPM_BASE + 60 // The NV area is locked and not
writtable
+#define TPM_BAD_LOCALITY TPM_BASE + 61 // The locality is incorrect for
the attempted operation
+#define TPM_READ_ONLY TPM_BASE + 62 // The NV area is read only and
can''t be written to
+#define TPM_PER_NOWRITE TPM_BASE + 63 // There is no protection on the
write to the NV area
+#define TPM_FAMILYCOUNT TPM_BASE + 64 // The family count value does not
match
+#define TPM_WRITE_LOCKED TPM_BASE + 65 // The NV area has already been
written to
+#define TPM_BAD_ATTRIBUTES TPM_BASE + 66 // The NV area attributes
conflict
+#define TPM_INVALID_STRUCTURE TPM_BASE + 67 // The structure tag and
version are invalid or inconsistent
+#define TPM_KEY_OWNER_CONTROL TPM_BASE + 68 // The key is under control of
the TPM Owner and can only be evicted by the TPM Owner.
+#define TPM_BAD_COUNTER TPM_BASE + 69 // The counter handle is incorrect
+#define TPM_NOT_FULLWRITE TPM_BASE + 70 // The write is not a complete
write of the area
+#define TPM_CONTEXT_GAP TPM_BASE + 71 // The gap between saved context
counts is too large
+#define TPM_MAXNVWRITES TPM_BASE + 72 // The maximum number of NV writes
without an owner has been exceeded
+#define TPM_NOOPERATOR TPM_BASE + 73 // No operator authorization value
is set
+#define TPM_RESOURCEMISSING TPM_BASE + 74 // The resource pointed to by
context is not loaded
+#define TPM_DELEGATE_LOCK TPM_BASE + 75 // The delegate administration is
locked
+#define TPM_DELEGATE_FAMILY TPM_BASE + 76 // Attempt to manage a family
other then the delegated family
+#define TPM_DELEGATE_ADMIN TPM_BASE + 77 // Delegation table management
not enabled
+#define TPM_TRANSPORT_EXCLUSIVE TPM_BASE + 78 // There was a command
executed outside of an exclusive transport session
+
+// TPM_STARTUP_TYPE values
+#define TPM_ST_CLEAR 0x0001
+#define TPM_ST_STATE 0x0002
+#define TPM_ST_DEACTIVATED 0x003
+
+// TPM_TAG values
+#define TPM_TAG_RQU_COMMAND 0x00c1
+#define TPM_TAG_RQU_AUTH1_COMMAND 0x00c2
+#define TPM_TAG_RQU_AUTH2_COMMAND 0x00c3
+#define TPM_TAG_RSP_COMMAND 0x00c4
+#define TPM_TAG_RSP_AUTH1_COMMAND 0x00c5
+#define TPM_TAG_RSP_AUTH2_COMMAND 0x00c6
+
+// TPM_PAYLOAD_TYPE values
+#define TPM_PT_ASYM 0x01
+#define TPM_PT_BIND 0x02
+#define TPM_PT_MIGRATE 0x03
+#define TPM_PT_MAINT 0x04
+#define TPM_PT_SEAL 0x05
+
+// TPM_ENTITY_TYPE values
+#define TPM_ET_KEYHANDLE 0x0001
+#define TPM_ET_OWNER 0x0002
+#define TPM_ET_DATA 0x0003
+#define TPM_ET_SRK 0x0004
+#define TPM_ET_KEY 0x0005
+
+/// TPM_ResourceTypes
+#define TPM_RT_KEY 0x00000001
+#define TPM_RT_AUTH 0x00000002
+#define TPM_RT_HASH 0x00000003
+#define TPM_RT_TRANS 0x00000004
+#define TPM_RT_CONTEXT 0x00000005
+#define TPM_RT_COUNTER 0x00000006
+#define TPM_RT_DELEGATE 0x00000007
+#define TPM_RT_DAA_TPM 0x00000008
+#define TPM_RT_DAA_V0 0x00000009
+#define TPM_RT_DAA_V1 0x0000000A
+
+
+
+// TPM_PROTOCOL_ID values
+#define TPM_PID_OIAP 0x0001
+#define TPM_PID_OSAP 0x0002
+#define TPM_PID_ADIP 0x0003
+#define TPM_PID_ADCP 0x0004
+#define TPM_PID_OWNER 0x0005
+
+// TPM_ALGORITHM_ID values
+#define TPM_ALG_RSA 0x00000001
+#define TPM_ALG_SHA 0x00000004
+#define TPM_ALG_HMAC 0x00000005
+#define TPM_ALG_AES128 0x00000006
+#define TPM_ALG_MFG1 0x00000007
+#define TPM_ALG_AES192 0x00000008
+#define TPM_ALG_AES256 0x00000009
+#define TPM_ALG_XOR 0x0000000A
+
+// TPM_ENC_SCHEME values
+#define TPM_ES_NONE 0x0001
+#define TPM_ES_RSAESPKCSv15 0x0002
+#define TPM_ES_RSAESOAEP_SHA1_MGF1 0x0003
+
+// TPM_SIG_SCHEME values
+#define TPM_SS_NONE 0x0001
+#define TPM_SS_RSASSAPKCS1v15_SHA1 0x0002
+#define TPM_SS_RSASSAPKCS1v15_DER 0x0003
+
+/*
+ * TPM_CAPABILITY_AREA Values for TPM_GetCapability ([TPM_Part2], Section 21.1)
+ */
+#define TPM_CAP_ORD 0x00000001
+#define TPM_CAP_ALG 0x00000002
+#define TPM_CAP_PID 0x00000003
+#define TPM_CAP_FLAG 0x00000004
+#define TPM_CAP_PROPERTY 0x00000005
+#define TPM_CAP_VERSION 0x00000006
+#define TPM_CAP_KEY_HANDLE 0x00000007
+#define TPM_CAP_CHECK_LOADED 0x00000008
+#define TPM_CAP_SYM_MODE 0x00000009
+#define TPM_CAP_KEY_STATUS 0x0000000C
+#define TPM_CAP_NV_LIST 0x0000000D
+#define TPM_CAP_MFR 0x00000010
+#define TPM_CAP_NV_INDEX 0x00000011
+#define TPM_CAP_TRANS_ALG 0x00000012
+#define TPM_CAP_HANDLE 0x00000014
+#define TPM_CAP_TRANS_ES 0x00000015
+#define TPM_CAP_AUTH_ENCRYPT 0x00000017
+#define TPM_CAP_SELECT_SIZE 0x00000018
+#define TPM_CAP_DA_LOGIC 0x00000019
+#define TPM_CAP_VERSION_VAL 0x0000001A
+
+/* subCap definitions ([TPM_Part2], Section 21.2) */
+#define TPM_CAP_PROP_PCR 0x00000101
+#define TPM_CAP_PROP_DIR 0x00000102
+#define TPM_CAP_PROP_MANUFACTURER 0x00000103
+#define TPM_CAP_PROP_KEYS 0x00000104
+#define TPM_CAP_PROP_MIN_COUNTER 0x00000107
+#define TPM_CAP_FLAG_PERMANENT 0x00000108
+#define TPM_CAP_FLAG_VOLATILE 0x00000109
+#define TPM_CAP_PROP_AUTHSESS 0x0000010A
+#define TPM_CAP_PROP_TRANSESS 0x0000010B
+#define TPM_CAP_PROP_COUNTERS 0x0000010C
+#define TPM_CAP_PROP_MAX_AUTHSESS 0x0000010D
+#define TPM_CAP_PROP_MAX_TRANSESS 0x0000010E
+#define TPM_CAP_PROP_MAX_COUNTERS 0x0000010F
+#define TPM_CAP_PROP_MAX_KEYS 0x00000110
+#define TPM_CAP_PROP_OWNER 0x00000111
+#define TPM_CAP_PROP_CONTEXT 0x00000112
+#define TPM_CAP_PROP_MAX_CONTEXT 0x00000113
+#define TPM_CAP_PROP_FAMILYROWS 0x00000114
+#define TPM_CAP_PROP_TIS_TIMEOUT 0x00000115
+#define TPM_CAP_PROP_STARTUP_EFFECT 0x00000116
+#define TPM_CAP_PROP_DELEGATE_ROW 0x00000117
+#define TPM_CAP_PROP_MAX_DAASESS 0x00000119
+#define TPM_CAP_PROP_DAASESS 0x0000011A
+#define TPM_CAP_PROP_CONTEXT_DIST 0x0000011B
+#define TPM_CAP_PROP_DAA_INTERRUPT 0x0000011C
+#define TPM_CAP_PROP_SESSIONS 0x0000011D
+#define TPM_CAP_PROP_MAX_SESSIONS 0x0000011E
+#define TPM_CAP_PROP_CMK_RESTRICTION 0x0000011F
+#define TPM_CAP_PROP_DURATION 0x00000120
+#define TPM_CAP_PROP_ACTIVE_COUNTER 0x00000122
+#define TPM_CAP_PROP_MAX_NV_AVAILABLE 0x00000123
+#define TPM_CAP_PROP_INPUT_BUFFER 0x00000124
+
+// TPM_KEY_USAGE values
+#define TPM_KEY_EK 0x0000
+#define TPM_KEY_SIGNING 0x0010
+#define TPM_KEY_STORAGE 0x0011
+#define TPM_KEY_IDENTITY 0x0012
+#define TPM_KEY_AUTHCHANGE 0X0013
+#define TPM_KEY_BIND 0x0014
+#define TPM_KEY_LEGACY 0x0015
+
+// TPM_AUTH_DATA_USAGE values
+#define TPM_AUTH_NEVER 0x00
+#define TPM_AUTH_ALWAYS 0x01
+
+// Key Handle of owner and srk
+#define TPM_OWNER_KEYHANDLE 0x40000001
+#define TPM_SRK_KEYHANDLE 0x40000000
+
+
+
+// *************************** TYPEDEFS *********************************
+typedef unsigned char BYTE;
+typedef unsigned char BOOL;
+typedef uint16_t UINT16;
+typedef uint32_t UINT32;
+typedef uint64_t UINT64;
+
+typedef UINT32 TPM_RESULT;
+typedef UINT32 TPM_PCRINDEX;
+typedef UINT32 TPM_DIRINDEX;
+typedef UINT32 TPM_HANDLE;
+typedef TPM_HANDLE TPM_AUTHHANDLE;
+typedef TPM_HANDLE TCPA_HASHHANDLE;
+typedef TPM_HANDLE TCPA_HMACHANDLE;
+typedef TPM_HANDLE TCPA_ENCHANDLE;
+typedef TPM_HANDLE TPM_KEY_HANDLE;
+typedef TPM_HANDLE TCPA_ENTITYHANDLE;
+typedef UINT32 TPM_RESOURCE_TYPE;
+typedef UINT32 TPM_COMMAND_CODE;
+typedef UINT16 TPM_PROTOCOL_ID;
+typedef BYTE TPM_AUTH_DATA_USAGE;
+typedef UINT16 TPM_ENTITY_TYPE;
+typedef UINT32 TPM_ALGORITHM_ID;
+typedef UINT16 TPM_KEY_USAGE;
+typedef UINT16 TPM_STARTUP_TYPE;
+typedef UINT32 TPM_CAPABILITY_AREA;
+typedef UINT16 TPM_ENC_SCHEME;
+typedef UINT16 TPM_SIG_SCHEME;
+typedef UINT16 TPM_MIGRATE_SCHEME;
+typedef UINT16 TPM_PHYSICAL_PRESENCE;
+typedef UINT32 TPM_KEY_FLAGS;
+
+#define TPM_DIGEST_SIZE 20 // Don''t change this
+typedef BYTE TPM_AUTHDATA[TPM_DIGEST_SIZE];
+typedef TPM_AUTHDATA TPM_SECRET;
+typedef TPM_AUTHDATA TPM_ENCAUTH;
+typedef BYTE TPM_PAYLOAD_TYPE;
+typedef UINT16 TPM_TAG;
+typedef UINT16 TPM_STRUCTURE_TAG;
+
+// Data Types of the TCS
+typedef UINT32 TCS_AUTHHANDLE; // Handle addressing a authorization session
+typedef UINT32 TCS_CONTEXT_HANDLE; // Basic context handle
+typedef UINT32 TCS_KEY_HANDLE; // Basic key handle
+
+// ************************* STRUCTURES **********************************
+
+typedef struct TPM_VERSION {
+ BYTE major;
+ BYTE minor;
+ BYTE revMajor;
+ BYTE revMinor;
+} TPM_VERSION;
+
+static const TPM_VERSION TPM_STRUCT_VER_1_1 = { 1,1,0,0 };
+
+typedef struct TPM_CAP_VERSION_INFO {
+ TPM_STRUCTURE_TAG tag;
+ TPM_VERSION version;
+ UINT16 specLevel;
+ BYTE errataRev;
+ BYTE tpmVendorID[4];
+ UINT16 vendorSpecificSize;
+ BYTE* vendorSpecific;
+} TPM_CAP_VERSION_INFO;
+
+inline void free_TPM_CAP_VERSION_INFO(TPM_CAP_VERSION_INFO* v) {
+ free(v->vendorSpecific);
+ v->vendorSpecific = NULL;
+}
+
+typedef struct TPM_DIGEST {
+ BYTE digest[TPM_DIGEST_SIZE];
+} TPM_DIGEST;
+
+typedef TPM_DIGEST TPM_PCRVALUE;
+typedef TPM_DIGEST TPM_COMPOSITE_HASH;
+typedef TPM_DIGEST TPM_DIRVALUE;
+typedef TPM_DIGEST TPM_HMAC;
+typedef TPM_DIGEST TPM_CHOSENID_HASH;
+
+typedef struct TPM_NONCE {
+ BYTE nonce[TPM_DIGEST_SIZE];
+} TPM_NONCE;
+
+typedef struct TPM_SYMMETRIC_KEY_PARMS {
+ UINT32 keyLength;
+ UINT32 blockSize;
+ UINT32 ivSize;
+ BYTE* IV;
+} TPM_SYMMETRIC_KEY_PARMS;
+
+inline void free_TPM_SYMMETRIC_KEY_PARMS(TPM_SYMMETRIC_KEY_PARMS* p) {
+ free(p->IV);
+ p->IV = NULL;
+}
+
+#define TPM_SYMMETRIC_KEY_PARMS_INIT { 0, 0, 0, NULL }
+
+typedef struct TPM_RSA_KEY_PARMS {
+ UINT32 keyLength;
+ UINT32 numPrimes;
+ UINT32 exponentSize;
+ BYTE* exponent;
+} TPM_RSA_KEY_PARMS;
+
+#define TPM_RSA_KEY_PARMS_INIT { 0, 0, 0, NULL }
+
+inline void free_TPM_RSA_KEY_PARMS(TPM_RSA_KEY_PARMS* p) {
+ free(p->exponent);
+ p->exponent = NULL;
+}
+
+typedef struct TPM_KEY_PARMS {
+ TPM_ALGORITHM_ID algorithmID;
+ TPM_ENC_SCHEME encScheme;
+ TPM_SIG_SCHEME sigScheme;
+ UINT32 parmSize;
+ union {
+ TPM_SYMMETRIC_KEY_PARMS sym;
+ TPM_RSA_KEY_PARMS rsa;
+ } parms;
+} TPM_KEY_PARMS;
+
+#define TPM_KEY_PARMS_INIT { 0, 0, 0, 0 }
+
+inline void free_TPM_KEY_PARMS(TPM_KEY_PARMS* p) {
+ if(p->parmSize) {
+ switch(p->algorithmID) {
+ case TPM_ALG_RSA:
+ free_TPM_RSA_KEY_PARMS(&p->parms.rsa);
+ break;
+ case TPM_ALG_AES128:
+ case TPM_ALG_AES192:
+ case TPM_ALG_AES256:
+ free_TPM_SYMMETRIC_KEY_PARMS(&p->parms.sym);
+ break;
+ }
+ }
+}
+
+typedef struct TPM_STORE_PUBKEY {
+ UINT32 keyLength;
+ BYTE* key;
+} TPM_STORE_PUBKEY;
+
+#define TPM_STORE_PUBKEY_INIT { 0, NULL }
+
+inline void free_TPM_STORE_PUBKEY(TPM_STORE_PUBKEY* p) {
+ free(p->key);
+ p->key = NULL;
+}
+
+typedef struct TPM_PUBKEY {
+ TPM_KEY_PARMS algorithmParms;
+ TPM_STORE_PUBKEY pubKey;
+} TPM_PUBKEY;
+
+#define TPM_PUBKEY_INIT { TPM_KEY_PARMS_INIT, TPM_STORE_PUBKEY_INIT }
+
+inline void free_TPM_PUBKEY(TPM_PUBKEY* k) {
+ free_TPM_KEY_PARMS(&k->algorithmParms);
+ free_TPM_STORE_PUBKEY(&k->pubKey);
+}
+
+typedef struct TPM_PCR_SELECTION {
+ UINT16 sizeOfSelect;
+ BYTE* pcrSelect;
+} TPM_PCR_SELECTION;
+
+#define TPM_PCR_SELECTION_INIT { 0, NULL }
+
+inline void free_TPM_PCR_SELECTION(TPM_PCR_SELECTION* p) {
+ free(p->pcrSelect);
+ p->pcrSelect = NULL;
+}
+
+typedef struct TPM_PCR_INFO {
+ TPM_PCR_SELECTION pcrSelection;
+ TPM_COMPOSITE_HASH digestAtRelease;
+ TPM_COMPOSITE_HASH digestAtCreation;
+} TPM_PCR_INFO;
+
+#define TPM_PCR_INFO_INIT { TPM_PCR_SELECTION_INIT }
+
+inline void free_TPM_PCR_INFO(TPM_PCR_INFO* p) {
+ free_TPM_PCR_SELECTION(&p->pcrSelection);
+}
+
+typedef struct TPM_PCR_COMPOSITE {
+ TPM_PCR_SELECTION select;
+ UINT32 valueSize;
+ TPM_PCRVALUE* pcrValue;
+} TPM_PCR_COMPOSITE;
+
+#define TPM_PCR_COMPOSITE_INIT { TPM_PCR_SELECTION_INIT, 0, NULL }
+
+inline void free_TPM_PCR_COMPOSITE(TPM_PCR_COMPOSITE* p) {
+ free_TPM_PCR_SELECTION(&p->select);
+ free(p->pcrValue);
+ p->pcrValue = NULL;
+}
+
+typedef struct TPM_KEY {
+ TPM_VERSION ver;
+ TPM_KEY_USAGE keyUsage;
+ TPM_KEY_FLAGS keyFlags;
+ TPM_AUTH_DATA_USAGE authDataUsage;
+ TPM_KEY_PARMS algorithmParms;
+ UINT32 PCRInfoSize;
+ TPM_PCR_INFO PCRInfo;
+ TPM_STORE_PUBKEY pubKey;
+ UINT32 encDataSize;
+ BYTE* encData;
+} TPM_KEY;
+
+#define TPM_KEY_INIT { .algorithmParms = TPM_KEY_PARMS_INIT,\
+ .PCRInfoSize = 0, .PCRInfo = TPM_PCR_INFO_INIT, \
+ .pubKey = TPM_STORE_PUBKEY_INIT, \
+ .encDataSize = 0, .encData = NULL }
+
+inline void free_TPM_KEY(TPM_KEY* k) {
+ if(k->PCRInfoSize) {
+ free_TPM_PCR_INFO(&k->PCRInfo);
+ }
+ free_TPM_STORE_PUBKEY(&k->pubKey);
+ free(k->encData);
+ k->encData = NULL;
+}
+
+typedef struct TPM_BOUND_DATA {
+ TPM_VERSION ver;
+ TPM_PAYLOAD_TYPE payload;
+ BYTE* payloadData;
+} TPM_BOUND_DATA;
+
+#define TPM_BOUND_DATA_INIT { .payloadData = NULL }
+
+inline void free_TPM_BOUND_DATA(TPM_BOUND_DATA* d) {
+ free(d->payloadData);
+ d->payloadData = NULL;
+}
+
+typedef struct TPM_STORED_DATA {
+ TPM_VERSION ver;
+ UINT32 sealInfoSize;
+ TPM_PCR_INFO sealInfo;
+ UINT32 encDataSize;
+ BYTE* encData;
+} TPM_STORED_DATA;
+
+#define TPM_STORED_DATA_INIT { .sealInfoSize = 0, sealInfo =
TPM_PCR_INFO_INIT,\
+ .encDataSize = 0, .encData = NULL }
+
+inline void free_TPM_STORED_DATA(TPM_STORED_DATA* d) {
+ if(d->sealInfoSize) {
+ free_TPM_PCR_INFO(&d->sealInfo);
+ }
+ free(d->encData);
+ d->encData = NULL;
+}
+
+typedef struct TPM_AUTH_SESSION {
+ TPM_AUTHHANDLE AuthHandle;
+ TPM_NONCE NonceOdd; // system
+ TPM_NONCE NonceEven; // TPM
+ BOOL fContinueAuthSession;
+ TPM_AUTHDATA HMAC;
+} TPM_AUTH_SESSION;
+
+#define TPM_AUTH_SESSION_INIT { .AuthHandle = 0, .fContinueAuthSession = FALSE
}
+
+// ---------------------- Functions for checking TPM_RESULTs -----------------
+
+#include <stdio.h>
+
+// FIXME: Review use of these and delete unneeded ones.
+
+// these are really badly dependent on local structure:
+// DEPENDS: local var ''status'' of type TPM_RESULT
+// DEPENDS: label ''abort_egress'' which cleans up and returns
the status
+#define ERRORDIE(s) do { status = s; \
+ fprintf (stderr, "*** ERRORDIE in %s at %s:
%i\n", __func__, __FILE__, __LINE__); \
+ goto abort_egress; } \
+ while (0)
+
+// DEPENDS: local var ''status'' of type TPM_RESULT
+// DEPENDS: label ''abort_egress'' which cleans up and returns
the status
+// Try command c. If it fails, set status to s and goto abort.
+#define TPMTRY(s,c) if (c != TPM_SUCCESS) { \
+ status = s; \
+ printf("ERROR in %s at %s:%i code: %s.\n",
__func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
+ goto abort_egress; \
+ } else {\
+ status = c; \
+ }
+
+// Try command c. If it fails, print error message, set status to actual return
code. Goto abort
+#define TPMTRYRETURN(c) do { status = c; \
+ if (status != TPM_SUCCESS) { \
+ fprintf(stderr, "ERROR in %s at %s:%i code:
%s.\n", __func__, __FILE__, __LINE__, tpm_get_error_name(status)); \
+ goto abort_egress; \
+ } \
+ } while(0)
+
+
+#endif //__TCPA_H__
diff --git a/stubdom/vtpmmgr/tpm.c b/stubdom/vtpmmgr/tpm.c
new file mode 100644
index 0000000..123a27c
--- /dev/null
+++ b/stubdom/vtpmmgr/tpm.c
@@ -0,0 +1,938 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <malloc.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <polarssl/sha1.h>
+
+#include "tcg.h"
+#include "tpm.h"
+#include "log.h"
+#include "marshal.h"
+#include "tpmrsa.h"
+#include "vtpmmgr.h"
+
+#define TCPA_MAX_BUFFER_LENGTH 0x2000
+
+#define TPM_BEGIN(TAG, ORD) \
+ const TPM_TAG intag = TAG;\
+TPM_TAG tag = intag;\
+UINT32 paramSize;\
+const TPM_COMMAND_CODE ordinal = ORD;\
+TPM_RESULT status = TPM_SUCCESS;\
+BYTE in_buf[TCPA_MAX_BUFFER_LENGTH];\
+BYTE out_buf[TCPA_MAX_BUFFER_LENGTH];\
+UINT32 out_len = sizeof(out_buf);\
+BYTE* ptr = in_buf;\
+/*Print a log message */\
+vtpmloginfo(VTPM_LOG_TPM, "%s\n", __func__);\
+/* Pack the header*/\
+ptr = pack_TPM_TAG(ptr, tag);\
+ptr += sizeof(UINT32);\
+ptr = pack_TPM_COMMAND_CODE(ptr, ordinal)\
+
+#define TPM_AUTH_BEGIN() \
+ sha1_context sha1_ctx;\
+BYTE* authbase = ptr - sizeof(TPM_COMMAND_CODE);\
+TPM_DIGEST paramDigest;\
+sha1_starts(&sha1_ctx)
+
+#define TPM_AUTH1_GEN(HMACkey, auth) do {\
+ sha1_finish(&sha1_ctx, paramDigest.digest);\
+ generateAuth(¶mDigest, HMACkey, auth);\
+ ptr = pack_TPM_AUTH_SESSION(ptr, auth);\
+} while(0)
+
+#define TPM_AUTH2_GEN(HMACkey, auth) do {\
+ generateAuth(¶mDigest, HMACkey, auth);\
+ ptr = pack_TPM_AUTH_SESSION(ptr, auth);\
+} while(0)
+
+#define TPM_TRANSMIT() do {\
+ /* Pack the command size */\
+ paramSize = ptr - in_buf;\
+ pack_UINT32(in_buf + sizeof(TPM_TAG), paramSize);\
+ if((status = TPM_TransmitData(in_buf, paramSize, out_buf, &out_len)) !=
TPM_SUCCESS) {\
+ goto abort_egress;\
+ }\
+} while(0)
+
+#define TPM_AUTH_VERIFY_BEGIN() do {\
+ UINT32 buf[2] = { cpu_to_be32(status), cpu_to_be32(ordinal) };\
+ sha1_starts(&sha1_ctx);\
+ sha1_update(&sha1_ctx, (unsigned char*)buf, sizeof(buf));\
+ authbase = ptr;\
+} while(0)
+
+#define TPM_AUTH1_VERIFY(HMACkey, auth) do {\
+ sha1_finish(&sha1_ctx, paramDigest.digest);\
+ ptr = unpack_TPM_AUTH_SESSION(ptr, auth);\
+ if((status = verifyAuth(¶mDigest, HMACkey, auth)) != TPM_SUCCESS) {\
+ goto abort_egress;\
+ }\
+} while(0)
+
+#define TPM_AUTH2_VERIFY(HMACkey, auth) do {\
+ ptr = unpack_TPM_AUTH_SESSION(ptr, auth);\
+ if((status = verifyAuth(¶mDigest, HMACkey, auth)) != TPM_SUCCESS) {\
+ goto abort_egress;\
+ }\
+} while(0)
+
+
+
+#define TPM_UNPACK_VERIFY() do { \
+ ptr = out_buf;\
+ ptr = unpack_TPM_RSP_HEADER(ptr, \
+ &(tag), &(paramSize), &(status));\
+ if((status) != TPM_SUCCESS || (tag) != (intag +3)) { \
+ vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s\n",
tpm_get_error_name(status));\
+ goto abort_egress;\
+ }\
+} while(0)
+
+#define TPM_AUTH_HASH() do {\
+ sha1_update(&sha1_ctx, authbase, ptr - authbase);\
+ authbase = ptr;\
+} while(0)
+
+#define TPM_AUTH_SKIP() do {\
+ authbase = ptr;\
+} while(0)
+
+#define TPM_AUTH_ERR_CHECK(auth) do {\
+ if(status != TPM_SUCCESS || auth->fContinueAuthSession == FALSE) {\
+ vtpmloginfo(VTPM_LOG_TPM, "Auth Session: 0x%x closed by TPM\n",
auth->AuthHandle);\
+ auth->AuthHandle = 0;\
+ }\
+} while(0)
+
+static void xorEncrypt(const TPM_SECRET* sharedSecret,
+ TPM_NONCE* nonce,
+ const TPM_AUTHDATA* inAuth0,
+ TPM_ENCAUTH outAuth0,
+ const TPM_AUTHDATA* inAuth1,
+ TPM_ENCAUTH outAuth1) {
+ BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)];
+ BYTE XORkey[TPM_DIGEST_SIZE];
+ BYTE* ptr = XORbuffer;
+ ptr = pack_TPM_SECRET(ptr, sharedSecret);
+ ptr = pack_TPM_NONCE(ptr, nonce);
+
+ sha1(XORbuffer, ptr - XORbuffer, XORkey);
+
+ if(inAuth0) {
+ for(int i = 0; i < TPM_DIGEST_SIZE; ++i) {
+ outAuth0[i] = XORkey[i] ^ (*inAuth0)[i];
+ }
+ }
+ if(inAuth1) {
+ for(int i = 0; i < TPM_DIGEST_SIZE; ++i) {
+ outAuth1[i] = XORkey[i] ^ (*inAuth1)[i];
+ }
+ }
+
+}
+
+static void generateAuth(const TPM_DIGEST* paramDigest,
+ const TPM_SECRET* HMACkey,
+ TPM_AUTH_SESSION *auth)
+{
+ //Generate new OddNonce
+ vtpmmgr_rand((BYTE*)auth->NonceOdd.nonce, sizeof(TPM_NONCE));
+
+ // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
+ BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
+ BYTE* ptr = hmacText;
+
+ ptr = pack_TPM_DIGEST(ptr, paramDigest);
+ ptr = pack_TPM_NONCE(ptr, &auth->NonceEven);
+ ptr = pack_TPM_NONCE(ptr, &auth->NonceOdd);
+ ptr = pack_BOOL(ptr, auth->fContinueAuthSession);
+
+ sha1_hmac((BYTE *) HMACkey, sizeof(TPM_DIGEST),
+ (BYTE *) hmacText, sizeof(hmacText),
+ auth->HMAC);
+}
+
+static TPM_RESULT verifyAuth(const TPM_DIGEST* paramDigest,
+ /*[IN]*/ const TPM_SECRET *HMACkey,
+ /*[IN,OUT]*/ TPM_AUTH_SESSION *auth)
+{
+
+ // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
+ TPM_AUTHDATA hm;
+ BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
+ BYTE* ptr = hmacText;
+
+ ptr = pack_TPM_DIGEST(ptr, paramDigest);
+ ptr = pack_TPM_NONCE(ptr, &auth->NonceEven);
+ ptr = pack_TPM_NONCE(ptr, &auth->NonceOdd);
+ ptr = pack_BOOL(ptr, auth->fContinueAuthSession);
+
+ sha1_hmac( (BYTE *) HMACkey, sizeof(TPM_DIGEST),
+ (BYTE *) hmacText, sizeof(hmacText),
+ hm);
+
+ // Compare correct HMAC with provided one.
+ if (memcmp(hm, auth->HMAC, sizeof(TPM_DIGEST)) == 0) { // 0 indicates
equality
+ return TPM_SUCCESS;
+ } else {
+ vtpmlogerror(VTPM_LOG_TPM, "Auth Session verification
failed!\n");
+ return TPM_AUTHFAIL;
+ }
+}
+
+
+
+// ------------------------------------------------------------------
+// Authorization Commands
+// ------------------------------------------------------------------
+
+TPM_RESULT TPM_OIAP(TPM_AUTH_SESSION* auth) // out
+{
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_OIAP);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
+ auth->fContinueAuthSession = TRUE;
+
+ ptr = unpack_UINT32(ptr, &auth->AuthHandle);
+ ptr = unpack_TPM_NONCE(ptr, &auth->NonceEven);
+
+ vtpmloginfo(VTPM_LOG_TPM, "Auth Session: 0x%x opened by
TPM_OIAP.\n", auth->AuthHandle);
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_OSAP(TPM_ENTITY_TYPE entityType, // in
+ UINT32 entityValue, // in
+ const TPM_AUTHDATA* usageAuth, //in
+ TPM_SECRET *sharedSecret, //out
+ TPM_AUTH_SESSION *auth)
+{
+ BYTE* nonceOddOSAP;
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_OSAP);
+
+ ptr = pack_TPM_ENTITY_TYPE(ptr, entityType);
+ ptr = pack_UINT32(ptr, entityValue);
+
+ //nonce Odd OSAP
+ nonceOddOSAP = ptr;
+ vtpmmgr_rand(ptr, TPM_DIGEST_SIZE);
+ ptr += TPM_DIGEST_SIZE;
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ ptr = unpack_UINT32(ptr, &auth->AuthHandle);
+ ptr = unpack_TPM_NONCE(ptr, &auth->NonceEven);
+
+ //Calculate session secret
+ sha1_context ctx;
+ sha1_hmac_starts(&ctx, *usageAuth, TPM_DIGEST_SIZE);
+ sha1_hmac_update(&ctx, ptr, TPM_DIGEST_SIZE); //ptr = nonceEvenOSAP
+ sha1_hmac_update(&ctx, nonceOddOSAP, TPM_DIGEST_SIZE);
+ sha1_hmac_finish(&ctx, *sharedSecret);
+
+ memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
+ auth->fContinueAuthSession = FALSE;
+
+ vtpmloginfo(VTPM_LOG_TPM, "Auth Session: 0x%x opened by
TPM_OSAP.\n", auth->AuthHandle);
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_TakeOwnership(
+ const TPM_PUBKEY *pubEK, //in
+ const TPM_AUTHDATA* ownerAuth, //in
+ const TPM_AUTHDATA* srkAuth, //in
+ const TPM_KEY* inSrk, //in
+ TPM_KEY* outSrk, //out, optional
+ TPM_AUTH_SESSION* auth) // in, out
+{
+ int keyAlloced = 0;
+ tpmrsa_context ek_rsa = TPMRSA_CTX_INIT;
+
+ TPM_BEGIN(TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_TakeOwnership);
+ TPM_AUTH_BEGIN();
+
+ tpmrsa_set_pubkey(&ek_rsa,
+ pubEK->pubKey.key, pubEK->pubKey.keyLength,
+ pubEK->algorithmParms.parms.rsa.exponent,
+ pubEK->algorithmParms.parms.rsa.exponentSize);
+
+ /* Pack the protocol ID */
+ ptr = pack_UINT16(ptr, TPM_PID_OWNER);
+
+ /* Pack the encrypted owner auth */
+ ptr = pack_UINT32(ptr, pubEK->algorithmParms.parms.rsa.keyLength / 8);
+ tpmrsa_pub_encrypt_oaep(&ek_rsa,
+ ctr_drbg_random, &vtpm_globals.ctr_drbg,
+ sizeof(TPM_SECRET),
+ (BYTE*) ownerAuth,
+ ptr);
+ ptr += pubEK->algorithmParms.parms.rsa.keyLength / 8;
+
+ /* Pack the encrypted srk auth */
+ ptr = pack_UINT32(ptr, pubEK->algorithmParms.parms.rsa.keyLength / 8);
+ tpmrsa_pub_encrypt_oaep(&ek_rsa,
+ ctr_drbg_random, &vtpm_globals.ctr_drbg,
+ sizeof(TPM_SECRET),
+ (BYTE*) srkAuth,
+ ptr);
+ ptr += pubEK->algorithmParms.parms.rsa.keyLength / 8;
+
+ /* Pack the Srk key */
+ ptr = pack_TPM_KEY(ptr, inSrk);
+
+ /* Hash everything up to here */
+ TPM_AUTH_HASH();
+
+ /* Generate the authorization */
+ TPM_AUTH1_GEN(ownerAuth, auth);
+
+ /* Send the command to the tpm*/
+ TPM_TRANSMIT();
+ /* Unpack and validate the header */
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ if(outSrk != NULL) {
+ /* If the user wants a copy of the srk we give it to them */
+ keyAlloced = 1;
+ ptr = unpack_TPM_KEY(ptr, outSrk, UNPACK_ALLOC);
+ } else {
+ /*otherwise just parse past it */
+ TPM_KEY temp;
+ ptr = unpack_TPM_KEY(ptr, &temp, UNPACK_ALIAS);
+ }
+
+ /* Hash the output key */
+ TPM_AUTH_HASH();
+
+ /* Verify authorizaton */
+ TPM_AUTH1_VERIFY(ownerAuth, auth);
+
+ goto egress;
+abort_egress:
+ if(keyAlloced) {
+ free_TPM_KEY(outSrk);
+ }
+egress:
+ tpmrsa_free(&ek_rsa);
+ TPM_AUTH_ERR_CHECK(auth);
+ return status;
+}
+
+
+TPM_RESULT TPM_DisablePubekRead (
+ const TPM_AUTHDATA* ownerAuth,
+ TPM_AUTH_SESSION* auth)
+{
+ TPM_BEGIN(TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_DisablePubekRead);
+ TPM_AUTH_BEGIN();
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_GEN(ownerAuth, auth);
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ TPM_AUTH1_VERIFY(ownerAuth, auth);
+
+abort_egress:
+ TPM_AUTH_ERR_CHECK(auth);
+ return status;
+}
+
+
+TPM_RESULT TPM_TerminateHandle(TPM_AUTHHANDLE handle) // in
+{
+ if(handle == 0) {
+ return TPM_SUCCESS;
+ }
+
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_Terminate_Handle);
+
+ ptr = pack_TPM_AUTHHANDLE(ptr, handle);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ vtpmloginfo(VTPM_LOG_TPM, "Auth Session: 0x%x closed by
TPM_TerminateHandle\n", handle);
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_Extend( TPM_PCRINDEX pcrNum, // in
+ TPM_DIGEST inDigest, // in
+ TPM_PCRVALUE* outDigest) // out
+{
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_Extend);
+
+ ptr = pack_TPM_PCRINDEX(ptr, pcrNum);
+ ptr = pack_TPM_DIGEST(ptr, &inDigest);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ ptr = unpack_TPM_PCRVALUE(ptr, outDigest);
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_Seal(
+ TPM_KEY_HANDLE keyHandle, // in
+ UINT32 pcrInfoSize, // in
+ TPM_PCR_INFO* pcrInfo, // in
+ UINT32 inDataSize, // in
+ const BYTE* inData, // in
+ TPM_STORED_DATA* sealedData, //out
+ const TPM_SECRET* osapSharedSecret, //in
+ const TPM_AUTHDATA* sealedDataAuth, //in
+ TPM_AUTH_SESSION* pubAuth // in, out
+ )
+{
+ int dataAlloced = 0;
+ TPM_BEGIN(TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_Seal);
+ TPM_AUTH_BEGIN();
+
+ TPM_AUTH_HASH();
+
+ ptr = pack_TPM_KEY_HANDLE(ptr, keyHandle);
+
+ TPM_AUTH_SKIP();
+
+ xorEncrypt(osapSharedSecret, &pubAuth->NonceEven,
+ sealedDataAuth, ptr,
+ NULL, NULL);
+ ptr += sizeof(TPM_ENCAUTH);
+
+ ptr = pack_UINT32(ptr, pcrInfoSize);
+ ptr = pack_TPM_PCR_INFO(ptr, pcrInfo);
+
+ ptr = pack_UINT32(ptr, inDataSize);
+ ptr = pack_BUFFER(ptr, inData, inDataSize);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_GEN(osapSharedSecret, pubAuth);
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ ptr = unpack_TPM_STORED_DATA(ptr, sealedData, UNPACK_ALLOC);
+ dataAlloced = 1;
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_VERIFY(osapSharedSecret, pubAuth);
+
+ goto egress;
+abort_egress:
+ if(dataAlloced) {
+ free_TPM_STORED_DATA(sealedData);
+ }
+egress:
+ TPM_AUTH_ERR_CHECK(pubAuth);
+ return status;
+}
+
+TPM_RESULT TPM_Unseal(
+ TPM_KEY_HANDLE parentHandle, // in
+ const TPM_STORED_DATA* sealedData,
+ UINT32* outSize, // out
+ BYTE** out, //out
+ const TPM_AUTHDATA* key_usage_auth, //in
+ const TPM_AUTHDATA* data_usage_auth, //in
+ TPM_AUTH_SESSION* keyAuth, // in, out
+ TPM_AUTH_SESSION* dataAuth // in, out
+ )
+{
+ TPM_BEGIN(TPM_TAG_RQU_AUTH2_COMMAND, TPM_ORD_Unseal);
+ TPM_AUTH_BEGIN();
+
+ TPM_AUTH_HASH();
+
+ ptr = pack_TPM_KEY_HANDLE(ptr, parentHandle);
+
+ TPM_AUTH_SKIP();
+
+ ptr = pack_TPM_STORED_DATA(ptr, sealedData);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_GEN(key_usage_auth, keyAuth);
+ TPM_AUTH2_GEN(data_usage_auth, dataAuth);
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ ptr = unpack_UINT32(ptr, outSize);
+ ptr = unpack_ALLOC(ptr, out, *outSize);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_VERIFY(key_usage_auth, keyAuth);
+ TPM_AUTH2_VERIFY(data_usage_auth, dataAuth);
+
+abort_egress:
+ TPM_AUTH_ERR_CHECK(keyAuth);
+ TPM_AUTH_ERR_CHECK(dataAuth);
+ return status;
+}
+
+TPM_RESULT TPM_Bind(
+ const TPM_KEY* key,
+ const BYTE* in,
+ UINT32 ilen,
+ BYTE* out)
+{
+ TPM_RESULT status;
+ tpmrsa_context rsa = TPMRSA_CTX_INIT;
+ TPM_BOUND_DATA boundData;
+ uint8_t plain[TCPA_MAX_BUFFER_LENGTH];
+ BYTE* ptr = plain;
+
+ vtpmloginfo(VTPM_LOG_TPM, "%s\n", __func__);
+
+ tpmrsa_set_pubkey(&rsa,
+ key->pubKey.key, key->pubKey.keyLength,
+ key->algorithmParms.parms.rsa.exponent,
+ key->algorithmParms.parms.rsa.exponentSize);
+
+ // Fill boundData''s accessory information
+ boundData.ver = TPM_STRUCT_VER_1_1;
+ boundData.payload = TPM_PT_BIND;
+ boundData.payloadData = (BYTE*)in;
+
+ //marshall the bound data object
+ ptr = pack_TPM_BOUND_DATA(ptr, &boundData, ilen);
+
+ // Encrypt the data
+ TPMTRYRETURN(tpmrsa_pub_encrypt_oaep(&rsa,
+ ctr_drbg_random, &vtpm_globals.ctr_drbg,
+ ptr - plain,
+ plain,
+ out));
+
+abort_egress:
+ tpmrsa_free(&rsa);
+ return status;
+
+}
+
+TPM_RESULT TPM_UnBind(
+ TPM_KEY_HANDLE keyHandle, // in
+ UINT32 ilen, //in
+ const BYTE* in, //
+ UINT32* olen, //
+ BYTE* out, //out
+ const TPM_AUTHDATA* usage_auth,
+ TPM_AUTH_SESSION* auth //in, out
+ )
+{
+ TPM_BEGIN(TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_UnBind);
+ TPM_AUTH_BEGIN();
+
+ TPM_AUTH_HASH();
+
+ ptr = pack_TPM_KEY_HANDLE(ptr, keyHandle);
+
+ TPM_AUTH_SKIP();
+
+ ptr = pack_UINT32(ptr, ilen);
+ ptr = pack_BUFFER(ptr, in, ilen);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_GEN(usage_auth, auth);
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ ptr = unpack_UINT32(ptr, olen);
+ if(*olen > ilen) {
+ vtpmlogerror(VTPM_LOG_TPM, "Output length < input
length!\n");
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+ ptr = unpack_BUFFER(ptr, out, *olen);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_VERIFY(usage_auth, auth);
+
+abort_egress:
+egress:
+ TPM_AUTH_ERR_CHECK(auth);
+ return status;
+}
+
+TPM_RESULT TPM_CreateWrapKey(
+ TPM_KEY_HANDLE hWrappingKey, // in
+ const TPM_AUTHDATA* osapSharedSecret,
+ const TPM_AUTHDATA* dataUsageAuth, //in
+ const TPM_AUTHDATA* dataMigrationAuth, //in
+ TPM_KEY* key, //in, out
+ TPM_AUTH_SESSION* pAuth) // in, out
+{
+ int keyAlloced = 0;
+ TPM_BEGIN(TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_CreateWrapKey);
+ TPM_AUTH_BEGIN();
+
+ TPM_AUTH_HASH();
+
+ ptr = pack_TPM_KEY_HANDLE(ptr, hWrappingKey);
+
+ TPM_AUTH_SKIP();
+
+ //Encrypted auths
+ xorEncrypt(osapSharedSecret, &pAuth->NonceEven,
+ dataUsageAuth, ptr,
+ dataMigrationAuth, ptr + sizeof(TPM_ENCAUTH));
+ ptr += sizeof(TPM_ENCAUTH) * 2;
+
+ ptr = pack_TPM_KEY(ptr, key);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_GEN(osapSharedSecret, pAuth);
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ keyAlloced = 1;
+ ptr = unpack_TPM_KEY(ptr, key, UNPACK_ALLOC);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_VERIFY(osapSharedSecret, pAuth);
+
+ goto egress;
+abort_egress:
+ if(keyAlloced) {
+ free_TPM_KEY(key);
+ }
+egress:
+ TPM_AUTH_ERR_CHECK(pAuth);
+ return status;
+}
+
+TPM_RESULT TPM_LoadKey(
+ TPM_KEY_HANDLE parentHandle, //
+ const TPM_KEY* key, //in
+ TPM_HANDLE* keyHandle, // out
+ const TPM_AUTHDATA* usage_auth,
+ TPM_AUTH_SESSION* auth)
+{
+ TPM_BEGIN(TPM_TAG_RQU_AUTH1_COMMAND, TPM_ORD_LoadKey);
+ TPM_AUTH_BEGIN();
+
+ TPM_AUTH_HASH();
+
+ ptr = pack_TPM_KEY_HANDLE(ptr, parentHandle);
+
+ TPM_AUTH_SKIP();
+
+ ptr = pack_TPM_KEY(ptr, key);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_GEN(usage_auth, auth);
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+ TPM_AUTH_VERIFY_BEGIN();
+
+ ptr = unpack_UINT32(ptr, keyHandle);
+
+ TPM_AUTH_HASH();
+
+ TPM_AUTH1_VERIFY(usage_auth, auth);
+
+ vtpmloginfo(VTPM_LOG_TPM, "Key Handle: 0x%x opened by
TPM_LoadKey\n", *keyHandle);
+
+abort_egress:
+ TPM_AUTH_ERR_CHECK(auth);
+ return status;
+}
+
+TPM_RESULT TPM_EvictKey( TPM_KEY_HANDLE hKey) // in
+{
+ if(hKey == 0) {
+ return TPM_SUCCESS;
+ }
+
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_EvictKey);
+
+ ptr = pack_TPM_KEY_HANDLE(ptr, hKey);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ vtpmloginfo(VTPM_LOG_TPM, "Key handle: 0x%x closed by
TPM_EvictKey\n", hKey);
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_FlushSpecific(TPM_HANDLE handle,
+ TPM_RESOURCE_TYPE rt) {
+ if(handle == 0) {
+ return TPM_SUCCESS;
+ }
+
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_FlushSpecific);
+
+ ptr = pack_TPM_HANDLE(ptr, handle);
+ ptr = pack_TPM_RESOURCE_TYPE(ptr, rt);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_GetRandom( UINT32* bytesRequested, // in, out
+ BYTE* randomBytes) // out
+{
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_GetRandom);
+
+ // check input params
+ if (bytesRequested == NULL || randomBytes == NULL){
+ return TPM_BAD_PARAMETER;
+ }
+
+ ptr = pack_UINT32(ptr, *bytesRequested);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ ptr = unpack_UINT32(ptr, bytesRequested);
+ ptr = unpack_BUFFER(ptr, randomBytes, *bytesRequested);
+
+abort_egress:
+ return status;
+}
+
+
+TPM_RESULT TPM_ReadPubek(
+ TPM_PUBKEY* pubEK //out
+ )
+{
+ BYTE* antiReplay = NULL;
+ BYTE* kptr = NULL;
+ BYTE digest[TPM_DIGEST_SIZE];
+ sha1_context ctx;
+
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_ReadPubek);
+
+ //antiReplay nonce
+ vtpmmgr_rand(ptr, TPM_DIGEST_SIZE);
+ antiReplay = ptr;
+ ptr += TPM_DIGEST_SIZE;
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ //unpack and allocate the key
+ kptr = ptr;
+ ptr = unpack_TPM_PUBKEY(ptr, pubEK, UNPACK_ALLOC);
+
+ //Verify the checksum
+ sha1_starts(&ctx);
+ sha1_update(&ctx, kptr, ptr - kptr);
+ sha1_update(&ctx, antiReplay, TPM_DIGEST_SIZE);
+ sha1_finish(&ctx, digest);
+
+ //ptr points to the checksum computed by TPM
+ if(memcmp(digest, ptr, TPM_DIGEST_SIZE)) {
+ vtpmlogerror(VTPM_LOG_TPM, "TPM_ReadPubek: Checksum returned by TPM
was invalid!\n");
+ status = TPM_FAIL;
+ goto abort_egress;
+ }
+
+ goto egress;
+abort_egress:
+ if(kptr != NULL) { //If we unpacked the pubEK, we have to free it
+ free_TPM_PUBKEY(pubEK);
+ }
+egress:
+ return status;
+}
+
+
+TPM_RESULT TPM_SaveState(void)
+{
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_SaveState);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_GetCapability(
+ TPM_CAPABILITY_AREA capArea,
+ UINT32 subCapSize,
+ const BYTE* subCap,
+ UINT32* respSize,
+ BYTE** resp)
+{
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_GetCapability);
+
+ ptr = pack_TPM_CAPABILITY_AREA(ptr, capArea);
+ ptr = pack_UINT32(ptr, subCapSize);
+ ptr = pack_BUFFER(ptr, subCap, subCapSize);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ ptr = unpack_UINT32(ptr, respSize);
+ ptr = unpack_ALLOC(ptr, resp, *respSize);
+
+abort_egress:
+ return status;
+}
+
+TPM_RESULT TPM_CreateEndorsementKeyPair(
+ const TPM_KEY_PARMS* keyInfo,
+ TPM_PUBKEY* pubEK)
+{
+ BYTE* kptr = NULL;
+ sha1_context ctx;
+ TPM_DIGEST checksum;
+ TPM_DIGEST hash;
+ TPM_NONCE antiReplay;
+ TPM_BEGIN(TPM_TAG_RQU_COMMAND, TPM_ORD_CreateEndorsementKeyPair);
+
+ //Make anti replay nonce
+ vtpmmgr_rand(antiReplay.nonce, sizeof(antiReplay.nonce));
+
+ ptr = pack_TPM_NONCE(ptr, &antiReplay);
+ ptr = pack_TPM_KEY_PARMS(ptr, keyInfo);
+
+ TPM_TRANSMIT();
+ TPM_UNPACK_VERIFY();
+
+ sha1_starts(&ctx);
+
+ kptr = ptr;
+ ptr = unpack_TPM_PUBKEY(ptr, pubEK, UNPACK_ALLOC);
+
+ /* Hash the pub key blob */
+ sha1_update(&ctx, kptr, ptr - kptr);
+ ptr = unpack_TPM_DIGEST(ptr, &checksum);
+
+ sha1_update(&ctx, antiReplay.nonce, sizeof(antiReplay.nonce));
+
+ sha1_finish(&ctx, hash.digest);
+ if(memcmp(checksum.digest, hash.digest, TPM_DIGEST_SIZE)) {
+ vtpmloginfo(VTPM_LOG_VTPM, "TPM_CreateEndorsementKey: Checkum
verification failed!\n");
+ status = TPM_FAIL;
+ goto abort_egress;
+ }
+
+ goto egress;
+abort_egress:
+ if(kptr) {
+ free_TPM_PUBKEY(pubEK);
+ }
+egress:
+ return status;
+}
+
+TPM_RESULT TPM_TransmitData(
+ BYTE* in,
+ UINT32 insize,
+ BYTE* out,
+ UINT32* outsize) {
+ TPM_RESULT status = TPM_SUCCESS;
+
+ UINT32 i;
+ vtpmloginfo(VTPM_LOG_TXDATA, "Sending buffer = 0x");
+ for(i = 0 ; i < insize ; i++)
+ vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", in[i]);
+
+ vtpmloginfomore(VTPM_LOG_TXDATA, "\n");
+
+ ssize_t size = 0;
+
+ // send the request
+ size = write (vtpm_globals.tpm_fd, in, insize);
+ if (size < 0) {
+ vtpmlogerror(VTPM_LOG_TXDATA, "write() failed : %s\n",
strerror(errno));
+ ERRORDIE (TPM_IOERROR);
+ }
+ else if ((UINT32) size < insize) {
+ vtpmlogerror(VTPM_LOG_TXDATA, "Wrote %d instead of %d
bytes!\n", (int) size, insize);
+ ERRORDIE (TPM_IOERROR);
+ }
+
+ // read the response
+ size = read (vtpm_globals.tpm_fd, out, *outsize);
+ if (size < 0) {
+ vtpmlogerror(VTPM_LOG_TXDATA, "read() failed : %s\n",
strerror(errno));
+ ERRORDIE (TPM_IOERROR);
+ }
+
+ vtpmloginfo(VTPM_LOG_TXDATA, "Receiving buffer = 0x");
+ for(i = 0 ; i < size ; i++)
+ vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out[i]);
+
+ vtpmloginfomore(VTPM_LOG_TXDATA, "\n");
+
+ *outsize = size;
+ goto egress;
+
+abort_egress:
+egress:
+ return status;
+}
diff --git a/stubdom/vtpmmgr/tpm.h b/stubdom/vtpmmgr/tpm.h
new file mode 100644
index 0000000..304e145
--- /dev/null
+++ b/stubdom/vtpmmgr/tpm.h
@@ -0,0 +1,218 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005/2006, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef __TPM_H__
+#define __TPM_H__
+
+#include "tcg.h"
+
+// ------------------------------------------------------------------
+// Exposed API
+// ------------------------------------------------------------------
+
+// TPM v1.1B Command Set
+
+// Authorzation
+TPM_RESULT TPM_OIAP(
+ TPM_AUTH_SESSION* auth //out
+ );
+
+TPM_RESULT TPM_OSAP (
+ TPM_ENTITY_TYPE entityType, // in
+ UINT32 entityValue, // in
+ const TPM_AUTHDATA* usageAuth, //in
+ TPM_SECRET *sharedSecret, //out
+ TPM_AUTH_SESSION *auth);
+
+TPM_RESULT TPM_TakeOwnership(
+ const TPM_PUBKEY *pubEK, //in
+ const TPM_AUTHDATA* ownerAuth, //in
+ const TPM_AUTHDATA* srkAuth, //in
+ const TPM_KEY* inSrk, //in
+ TPM_KEY* outSrk, //out, optional
+ TPM_AUTH_SESSION* auth // in, out
+ );
+
+TPM_RESULT TPM_DisablePubekRead (
+ const TPM_AUTHDATA* ownerAuth,
+ TPM_AUTH_SESSION* auth
+ );
+
+TPM_RESULT TPM_TerminateHandle ( TPM_AUTHHANDLE handle // in
+ );
+
+TPM_RESULT TPM_FlushSpecific ( TPM_HANDLE handle, // in
+ TPM_RESOURCE_TYPE resourceType //in
+ );
+
+// TPM Mandatory
+TPM_RESULT TPM_Extend ( TPM_PCRINDEX pcrNum, // in
+ TPM_DIGEST inDigest, // in
+ TPM_PCRVALUE* outDigest // out
+ );
+
+TPM_RESULT TPM_PcrRead ( TPM_PCRINDEX pcrNum, // in
+ TPM_PCRVALUE* outDigest // out
+ );
+
+TPM_RESULT TPM_Quote ( TCS_KEY_HANDLE keyHandle, // in
+ TPM_NONCE antiReplay, // in
+ UINT32* PcrDataSize, // in, out
+ BYTE** PcrData, // in, out
+ TPM_AUTH_SESSION* privAuth, // in, out
+ UINT32* sigSize, // out
+ BYTE** sig // out
+ );
+
+TPM_RESULT TPM_Seal(
+ TCS_KEY_HANDLE keyHandle, // in
+ UINT32 pcrInfoSize, // in
+ TPM_PCR_INFO* pcrInfo, // in
+ UINT32 inDataSize, // in
+ const BYTE* inData, // in
+ TPM_STORED_DATA* sealedData, //out
+ const TPM_SECRET* osapSharedSecret, //in
+ const TPM_AUTHDATA* sealDataAuth, //in
+ TPM_AUTH_SESSION* pubAuth // in, out
+ );
+
+TPM_RESULT TPM_Unseal (
+ TPM_KEY_HANDLE parentHandle, // in
+ const TPM_STORED_DATA* sealedData,
+ UINT32* outSize, // out
+ BYTE** out, //out
+ const TPM_AUTHDATA* key_usage_auth, //in
+ const TPM_AUTHDATA* data_usage_auth, //in
+ TPM_AUTH_SESSION* keyAuth, // in, out
+ TPM_AUTH_SESSION* dataAuth // in, out
+ );
+
+TPM_RESULT TPM_DirWriteAuth ( TPM_DIRINDEX dirIndex, // in
+ TPM_DIRVALUE newContents, // in
+ TPM_AUTH_SESSION* ownerAuth // in, out
+ );
+
+TPM_RESULT TPM_DirRead ( TPM_DIRINDEX dirIndex, // in
+ TPM_DIRVALUE* dirValue // out
+ );
+
+TPM_RESULT TPM_Bind(
+ const TPM_KEY* key, //in
+ const BYTE* in, //in
+ UINT32 ilen, //in
+ BYTE* out //out, must be at least cipher block size
+ );
+
+TPM_RESULT TPM_UnBind (
+ TCS_KEY_HANDLE keyHandle, // in
+ UINT32 ilen, //in
+ const BYTE* in, //
+ UINT32* outDataSize, // out
+ BYTE* outData, //out
+ const TPM_AUTHDATA* usage_auth,
+ TPM_AUTH_SESSION* auth //in, out
+ );
+
+TPM_RESULT TPM_CreateWrapKey (
+ TCS_KEY_HANDLE hWrappingKey, // in
+ const TPM_AUTHDATA* osapSharedSecret,
+ const TPM_AUTHDATA* dataUsageAuth, //in
+ const TPM_AUTHDATA* dataMigrationAuth, //in
+ TPM_KEY* key, //in
+ TPM_AUTH_SESSION* pAuth // in, out
+ );
+
+TPM_RESULT TPM_LoadKey (
+ TPM_KEY_HANDLE parentHandle, //
+ const TPM_KEY* key, //in
+ TPM_HANDLE* keyHandle, // out
+ const TPM_AUTHDATA* usage_auth,
+ TPM_AUTH_SESSION* auth
+ );
+
+TPM_RESULT TPM_GetPubKey ( TCS_KEY_HANDLE hKey, // in
+ TPM_AUTH_SESSION* pAuth, // in, out
+ UINT32* pcPubKeySize, // out
+ BYTE** prgbPubKey // out
+ );
+
+TPM_RESULT TPM_EvictKey ( TCS_KEY_HANDLE hKey // in
+ );
+
+TPM_RESULT TPM_FlushSpecific(TPM_HANDLE handle, //in
+ TPM_RESOURCE_TYPE rt //in
+ );
+
+TPM_RESULT TPM_Sign ( TCS_KEY_HANDLE keyHandle, // in
+ UINT32 areaToSignSize, // in
+ BYTE* areaToSign, // in
+ TPM_AUTH_SESSION* privAuth, // in, out
+ UINT32* sigSize, // out
+ BYTE** sig // out
+ );
+
+TPM_RESULT TPM_GetRandom ( UINT32* bytesRequested, // in, out
+ BYTE* randomBytes // out
+ );
+
+TPM_RESULT TPM_StirRandom ( UINT32 inDataSize, // in
+ BYTE* inData // in
+ );
+
+TPM_RESULT TPM_ReadPubek (
+ TPM_PUBKEY* pubEK //out
+ );
+
+TPM_RESULT TPM_GetCapability(
+ TPM_CAPABILITY_AREA capArea,
+ UINT32 subCapSize,
+ const BYTE* subCap,
+ UINT32* respSize,
+ BYTE** resp);
+
+TPM_RESULT TPM_SaveState(void);
+
+TPM_RESULT TPM_CreateEndorsementKeyPair(
+ const TPM_KEY_PARMS* keyInfo,
+ TPM_PUBKEY* pubEK);
+
+TPM_RESULT TPM_TransmitData(
+ BYTE* in,
+ UINT32 insize,
+ BYTE* out,
+ UINT32* outsize);
+
+#endif //TPM_H
diff --git a/stubdom/vtpmmgr/tpmrsa.c b/stubdom/vtpmmgr/tpmrsa.c
new file mode 100644
index 0000000..56094e7
--- /dev/null
+++ b/stubdom/vtpmmgr/tpmrsa.c
@@ -0,0 +1,175 @@
+/*
+ * The RSA public-key cryptosystem
+ *
+ * Copyright (C) 2006-2011, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+/*
+ * RSA was designed by Ron Rivest, Adi Shamir and Len Adleman.
+ *
+ * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf
+ * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
+ */
+
+#include "tcg.h"
+#include "polarssl/sha1.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "tpmrsa.h"
+
+#define HASH_LEN 20
+
+void tpmrsa_set_pubkey(tpmrsa_context* ctx,
+ const unsigned char* key,
+ int keylen,
+ const unsigned char* exponent,
+ int explen) {
+
+ tpmrsa_free(ctx);
+
+ if(explen == 0) { //Default e= 2^16+1
+ mpi_lset(&ctx->E, 65537);
+ } else {
+ mpi_read_binary(&ctx->E, exponent, explen);
+ }
+ mpi_read_binary(&ctx->N, key, keylen);
+
+ ctx->len = ( mpi_msb(&ctx->N) + 7) >> 3;
+}
+
+static TPM_RESULT tpmrsa_public( tpmrsa_context *ctx,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int ret;
+ size_t olen;
+ mpi T;
+
+ mpi_init( &T );
+
+ MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
+
+ if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
+ {
+ mpi_free( &T );
+ return TPM_ENCRYPT_ERROR;
+ }
+
+ olen = ctx->len;
+ MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N,
&ctx->RN ) );
+ MPI_CHK( mpi_write_binary( &T, output, olen ) );
+
+cleanup:
+
+ mpi_free( &T );
+
+ if( ret != 0 )
+ return TPM_ENCRYPT_ERROR;
+
+ return TPM_SUCCESS;
+}
+
+static void mgf_mask( unsigned char *dst, int dlen, unsigned char *src, int
slen)
+{
+ unsigned char mask[HASH_LEN];
+ unsigned char counter[4] = {0, 0, 0, 0};
+ int i;
+ sha1_context mctx;
+
+ //We always hash the src with the counter, so save the partial hash
+ sha1_starts(&mctx);
+ sha1_update(&mctx, src, slen);
+
+ // Generate and apply dbMask
+ while(dlen > 0) {
+ //Copy the sha1 context
+ sha1_context ctx = mctx;
+
+ //compute hash for input || counter
+ sha1_update(&ctx, counter, sizeof(counter));
+ sha1_finish(&ctx, mask);
+
+ //Apply the mask
+ for(i = 0; i < (dlen < HASH_LEN ? dlen : HASH_LEN); ++i) {
+ *(dst++) ^= mask[i];
+ }
+
+ //Increment counter
+ ++counter[3];
+
+ dlen -= HASH_LEN;
+ }
+}
+
+/*
+ * Add the message padding, then do an RSA operation
+ */
+TPM_RESULT tpmrsa_pub_encrypt_oaep( tpmrsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output )
+{
+ int ret;
+ int olen;
+ unsigned char* seed = output + 1;
+ unsigned char* db = output + HASH_LEN +1;
+
+ olen = ctx->len-1;
+
+ if( f_rng == NULL )
+ return TPM_ENCRYPT_ERROR;
+
+ if( ilen > olen - 2 * HASH_LEN - 1)
+ return TPM_ENCRYPT_ERROR;
+
+ output[0] = 0;
+
+ //Encoding parameter p
+ sha1((unsigned char*)"TCPA", 4, db);
+
+ //PS
+ memset(db + HASH_LEN, 0,
+ olen - ilen - 2 * HASH_LEN - 1);
+
+ //constant 1 byte
+ db[olen - ilen - HASH_LEN -1] = 0x01;
+
+ //input string
+ memcpy(db + olen - ilen - HASH_LEN,
+ input, ilen);
+
+ //Generate random seed
+ if( ( ret = f_rng( p_rng, seed, HASH_LEN ) ) != 0 )
+ return TPM_ENCRYPT_ERROR;
+
+ // maskedDB: Apply dbMask to DB
+ mgf_mask( db, olen - HASH_LEN, seed, HASH_LEN);
+
+ // maskedSeed: Apply seedMask to seed
+ mgf_mask( seed, HASH_LEN, db, olen - HASH_LEN);
+
+ // Do the crypto op
+ return tpmrsa_public(ctx, output, output);
+}
diff --git a/stubdom/vtpmmgr/tpmrsa.h b/stubdom/vtpmmgr/tpmrsa.h
new file mode 100644
index 0000000..59579e7
--- /dev/null
+++ b/stubdom/vtpmmgr/tpmrsa.h
@@ -0,0 +1,67 @@
+/**
+ * \file rsa.h
+ *
+ * \brief The RSA public-key cryptosystem
+ *
+ * Copyright (C) 2006-2010, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef TPMRSA_H
+#define TPMRSA_H
+
+#include "tcg.h"
+#include <polarssl/bignum.h>
+
+/* tpm software key */
+typedef struct
+{
+ size_t len; /*!< size(N) in chars */
+
+ mpi N; /*!< public modulus */
+ mpi E; /*!< public exponent */
+
+ mpi RN; /*!< cached R^2 mod N */
+}
+tpmrsa_context;
+
+#define TPMRSA_CTX_INIT { 0, {0, 0, NULL}, {0, 0, NULL}, {0, 0, NULL}}
+
+/* Setup the rsa context using tpm public key data */
+void tpmrsa_set_pubkey(tpmrsa_context* ctx,
+ const unsigned char* key,
+ int keylen,
+ const unsigned char* exponent,
+ int explen);
+
+/* Do rsa public crypto */
+TPM_RESULT tpmrsa_pub_encrypt_oaep( tpmrsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
+ size_t ilen,
+ const unsigned char *input,
+ unsigned char *output );
+
+/* free tpmrsa key */
+inline void tpmrsa_free( tpmrsa_context *ctx ) {
+ mpi_free( &ctx->RN ); mpi_free( &ctx->E ); mpi_free(
&ctx->N );
+}
+
+#endif /* tpmrsa.h */
diff --git a/stubdom/vtpmmgr/uuid.h b/stubdom/vtpmmgr/uuid.h
new file mode 100644
index 0000000..4737645
--- /dev/null
+++ b/stubdom/vtpmmgr/uuid.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef VTPMMGR_UUID_H
+#define VTPMMGR_UUID_H
+
+#define UUID_FMT
"%02hhx%02hhx%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx-%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx"
+#define UUID_FMTLEN ((2*16)+4) /* 16 hex bytes plus 4 hypens */
+#define UUID_BYTES(uuid) uuid[0], uuid[1], uuid[2], uuid[3], \
+ uuid[4], uuid[5], uuid[6], uuid[7], \
+ uuid[8], uuid[9], uuid[10], uuid[11], \
+ uuid[12], uuid[13], uuid[14], uuid[15]
+
+
+typedef uint8_t uuid_t[16];
+
+#endif
diff --git a/stubdom/vtpmmgr/vtpm_cmd_handler.c
b/stubdom/vtpmmgr/vtpm_cmd_handler.c
new file mode 100644
index 0000000..f82a2a9
--- /dev/null
+++ b/stubdom/vtpmmgr/vtpm_cmd_handler.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include <inttypes.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "marshal.h"
+#include "log.h"
+#include "vtpm_storage.h"
+#include "vtpmmgr.h"
+#include "tpm.h"
+#include "tcg.h"
+
+static TPM_RESULT vtpmmgr_SaveHashKey(
+ const uuid_t uuid,
+ tpmcmd_t* tpmcmd)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+
+ if(tpmcmd->req_len != VTPM_COMMAND_HEADER_SIZE + HASHKEYSZ) {
+ vtpmlogerror(VTPM_LOG_VTPM, "VTPM_ORD_SAVEHASHKEY hashkey too
short!\n");
+ status = TPM_BAD_PARAMETER;
+ goto abort_egress;
+ }
+
+ /* Do the command */
+ TPMTRYRETURN(vtpm_storage_save_hashkey(uuid, tpmcmd->req +
VTPM_COMMAND_HEADER_SIZE));
+
+abort_egress:
+ pack_TPM_RSP_HEADER(tpmcmd->resp,
+ VTPM_TAG_RSP, VTPM_COMMAND_HEADER_SIZE, status);
+ tpmcmd->resp_len = VTPM_COMMAND_HEADER_SIZE;
+
+ return status;
+}
+
+static TPM_RESULT vtpmmgr_LoadHashKey(
+ const uuid_t uuid,
+ tpmcmd_t* tpmcmd) {
+ TPM_RESULT status = TPM_SUCCESS;
+
+ tpmcmd->resp_len = VTPM_COMMAND_HEADER_SIZE;
+
+ TPMTRYRETURN(vtpm_storage_load_hashkey(uuid, tpmcmd->resp +
VTPM_COMMAND_HEADER_SIZE));
+
+ tpmcmd->resp_len += HASHKEYSZ;
+
+abort_egress:
+ pack_TPM_RSP_HEADER(tpmcmd->resp,
+ VTPM_TAG_RSP, tpmcmd->resp_len, status);
+
+ return status;
+}
+
+
+TPM_RESULT vtpmmgr_handle_cmd(
+ const uuid_t uuid,
+ tpmcmd_t* tpmcmd)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ TPM_TAG tag;
+ UINT32 size;
+ TPM_COMMAND_CODE ord;
+
+ unpack_TPM_RQU_HEADER(tpmcmd->req,
+ &tag, &size, &ord);
+
+ /* Handle the command now */
+ switch(tag) {
+ case VTPM_TAG_REQ:
+ //This is a vTPM command
+ switch(ord) {
+ case VTPM_ORD_SAVEHASHKEY:
+ return vtpmmgr_SaveHashKey(uuid, tpmcmd);
+ case VTPM_ORD_LOADHASHKEY:
+ return vtpmmgr_LoadHashKey(uuid, tpmcmd);
+ default:
+ vtpmlogerror(VTPM_LOG_VTPM, "Invalid vTPM Ordinal %"
PRIu32 "\n", ord);
+ status = TPM_BAD_ORDINAL;
+ }
+ break;
+ case TPM_TAG_RQU_COMMAND:
+ case TPM_TAG_RQU_AUTH1_COMMAND:
+ case TPM_TAG_RQU_AUTH2_COMMAND:
+ //This is a TPM passthrough command
+ switch(ord) {
+ case TPM_ORD_GetRandom:
+ vtpmloginfo(VTPM_LOG_VTPM, "Passthrough:
TPM_GetRandom\n");
+ break;
+ case TPM_ORD_PcrRead:
+ vtpmloginfo(VTPM_LOG_VTPM, "Passthrough:
TPM_PcrRead\n");
+ break;
+ default:
+ vtpmlogerror(VTPM_LOG_VTPM, "TPM Disallowed Passthrough
ord=%" PRIu32 "\n", ord);
+ status = TPM_DISABLED_CMD;
+ goto abort_egress;
+ }
+
+ size = TCPA_MAX_BUFFER_LENGTH;
+ TPMTRYRETURN(TPM_TransmitData(tpmcmd->req, tpmcmd->req_len,
tpmcmd->resp, &size));
+ tpmcmd->resp_len = size;
+
+ unpack_TPM_RESULT(tpmcmd->resp + sizeof(TPM_TAG) + sizeof(UINT32),
&status);
+ return status;
+
+ break;
+ default:
+ vtpmlogerror(VTPM_LOG_VTPM, "Invalid tag=%" PRIu16
"\n", tag);
+ status = TPM_BADTAG;
+ }
+
+abort_egress:
+ tpmcmd->resp_len = VTPM_COMMAND_HEADER_SIZE;
+ pack_TPM_RSP_HEADER(tpmcmd->resp,
+ tag + 3, tpmcmd->resp_len, status);
+
+ return status;
+}
diff --git a/stubdom/vtpmmgr/vtpm_manager.h b/stubdom/vtpmmgr/vtpm_manager.h
new file mode 100644
index 0000000..a2bbcca
--- /dev/null
+++ b/stubdom/vtpmmgr/vtpm_manager.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef VTPM_MANAGER_H
+#define VTPM_MANAGER_H
+
+#define VTPM_TAG_REQ 0x01c1
+#define VTPM_TAG_RSP 0x01c4
+#define COMMAND_BUFFER_SIZE 4096
+
+// Header size
+#define VTPM_COMMAND_HEADER_SIZE ( 2 + 4 + 4)
+
+//************************ Command Codes ****************************
+#define VTPM_ORD_BASE 0x0000
+#define VTPM_PRIV_MASK 0x01000000 // Priviledged VTPM Command
+#define VTPM_PRIV_BASE (VTPM_ORD_BASE | VTPM_PRIV_MASK)
+
+// Non-priviledged VTPM Commands (From DMI''s)
+#define VTPM_ORD_SAVEHASHKEY (VTPM_ORD_BASE + 1) // DMI requests
encryption key for persistent storage
+#define VTPM_ORD_LOADHASHKEY (VTPM_ORD_BASE + 2) // DMI requests symkey to
be regenerated
+
+//************************ Return Codes ****************************
+#define VTPM_SUCCESS 0
+#define VTPM_FAIL 1
+#define VTPM_UNSUPPORTED 2
+#define VTPM_FORBIDDEN 3
+#define VTPM_RESTORE_CONTEXT_FAILED 4
+#define VTPM_INVALID_REQUEST 5
+
+#endif
diff --git a/stubdom/vtpmmgr/vtpm_storage.c b/stubdom/vtpmmgr/vtpm_storage.c
new file mode 100644
index 0000000..3862fdb
--- /dev/null
+++ b/stubdom/vtpmmgr/vtpm_storage.c
@@ -0,0 +1,783 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * THIS SOFTWARE AND ITS DOCUMENTATION ARE PROVIDED AS IS AND WITHOUT
+ * ANY EXPRESS OR IMPLIED WARRANTIES WHATSOEVER. ALL WARRANTIES
+ * INCLUDING, BUT NOT LIMITED TO, PERFORMANCE, MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT ARE HEREBY
+ * DISCLAIMED. USERS ASSUME THE ENTIRE RISK AND LIABILITY OF USING THE
+ * SOFTWARE.
+ */
+
+/***************************************************************
+ * DISK IMAGE LAYOUT
+ * *************************************************************
+ * All data is stored in BIG ENDIAN format
+ * *************************************************************
+ * Section 1: Header
+ *
+ * 10 bytes id ID String "VTPMMGRDOM"
+ * uint32_t version Disk Image version number (current == 1)
+ * uint32_t storage_key_len Length of the Boot Key
+ * BYTEARRAY storage_key TPM boot key
+ *
+ * *************************************************************
+ * Section 2: Key Data Table (starts at offset 4096)
+ *
+ * This is a list of blocks, each is RSA_CIPHER_SIZE long
+ * and is encrypted with the storage key.
+ *
+ * The first block always exists and it contains:
+ * uint32_t num_vtpms Number of vtpms (number of remaining
blocks)
+ *
+ * The rest of the blocks look like this:
+ * 16 bytes uuid uuid of the owner of this key and hash
+ * 20 bytes hash Sha1 hash of vTPM''s data, supplied by vTPM
+ * 32 bytes key AES-256 Encryption Key, supplied by vTPM
+ *
+ * *************************************************************
+ */
+#define DISKVERS 1
+#define IDSTR "VTPMMGRDOM"
+#define IDSTRLEN 10
+#define AES_BLOCK_SIZE 16
+#define AES_KEY_BITS 256
+#define AES_KEY_SIZE (AES_KEY_BITS/8)
+#define BUF_SIZE 4096
+
+#define UUID_TBL_ENT_SIZE (sizeof(uuid_t) + sizeof(uint32_t))
+
+#define HEADERSZ (10 + 4 + 4)
+
+#define TRY_READ(buf, size, msg) do {\
+ int rc; \
+ if((rc = read(blkfront_fd, buf, (size))) != (size)) { \
+ vtpmlogerror(VTPM_LOG_VTPM, "read() failed! " msg " :
rc=(%d/%d), error=(%s)\n", rc, (int)(size), strerror(errno)); \
+ status = TPM_IOERROR;\
+ goto abort_egress;\
+ } \
+} while(0)
+
+#define TRY_WRITE(buf, size, msg) do {\
+ int rc; \
+ if((rc = write(blkfront_fd, buf, (size))) != (size)) { \
+ vtpmlogerror(VTPM_LOG_VTPM, "write() failed! " msg " :
rc=(%d/%d), error=(%s)\n", rc, (int)(size), strerror(errno)); \
+ status = TPM_IOERROR;\
+ goto abort_egress;\
+ } \
+} while(0)
+
+#include <blkfront.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <mini-os/byteorder.h>
+#include <polarssl/aes.h>
+
+#include "vtpm_manager.h"
+#include "log.h"
+#include "marshal.h"
+#include "tpm.h"
+#include "uuid.h"
+
+#include "vtpmmgr.h"
+#include "vtpm_storage.h"
+
+#define MAX(a,b) ( ((a) > (b)) ? (a) : (b) )
+#define MIN(a,b) ( ((a) < (b)) ? (a) : (b) )
+
+/* blkfront device objets */
+static struct blkfront_dev* blkdev = NULL;
+static int blkfront_fd = -1;
+
+struct Vtpm {
+ uuid_t uuid;
+ int offset;
+};
+struct Storage {
+ int aes_offset;
+ int uuid_offset;
+ int end_offset;
+
+ int num_vtpms;
+ int num_vtpms_alloced;
+ struct Vtpm* vtpms;
+};
+
+/* Global storage data */
+static struct Storage g_store = {
+ .vtpms = NULL,
+};
+
+static int get_offset(void) {
+ return lseek(blkfront_fd, 0, SEEK_CUR);
+}
+
+static void reset_store(void) {
+ g_store.aes_offset = 0;
+ g_store.uuid_offset = 0;
+ g_store.end_offset = 0;
+
+ g_store.num_vtpms = 0;
+ g_store.num_vtpms_alloced = 0;
+ free(g_store.vtpms);
+ g_store.vtpms = NULL;
+}
+
+static int vtpm_get_index(const uuid_t uuid) {
+ int st = 0;
+ int ed = g_store.num_vtpms-1;
+ while(st <= ed) {
+ int mid = ((unsigned int)st + (unsigned int)ed) >> 1; //avoid
overflow
+ int c = memcmp(uuid, &g_store.vtpms[mid].uuid, sizeof(uuid_t));
+ if(c == 0) {
+ return mid;
+ } else if(c > 0) {
+ st = mid + 1;
+ } else {
+ ed = mid - 1;
+ }
+ }
+ return -(st + 1);
+}
+
+static void vtpm_add(const uuid_t uuid, int offset, int index) {
+ /* Realloc more space if needed */
+ if(g_store.num_vtpms >= g_store.num_vtpms_alloced) {
+ g_store.num_vtpms_alloced += 16;
+ g_store.vtpms = realloc(
+ g_store.vtpms,
+ sizeof(struct Vtpm) * g_store.num_vtpms_alloced);
+ }
+
+ /* Move everybody after the new guy */
+ for(int i = g_store.num_vtpms; i > index; --i) {
+ g_store.vtpms[i] = g_store.vtpms[i-1];
+ }
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Registered vtpm " UUID_FMT
"\n", UUID_BYTES(uuid));
+
+ /* Finally add new one */
+ memcpy(g_store.vtpms[index].uuid, uuid, sizeof(uuid_t));
+ g_store.vtpms[index].offset = offset;
+ ++g_store.num_vtpms;
+}
+
+#if 0
+static void vtpm_remove(int index) {
+ for(i = index; i < g_store.num_vtpms; ++i) {
+ g_store.vtpms[i] = g_store.vtpms[i+1];
+ }
+ --g_store.num_vtpms;
+}
+#endif
+
+static int pack_uuid_table(uint8_t* table, int size, int* nvtpms) {
+ uint8_t* ptr = table;
+ while(*nvtpms < g_store.num_vtpms && size >= 0)
+ {
+ /* Pack the uuid */
+ memcpy(ptr, (uint8_t*)g_store.vtpms[*nvtpms].uuid, sizeof(uuid_t));
+ ptr+= sizeof(uuid_t);
+
+
+ /* Pack the offset */
+ ptr = pack_UINT32(ptr, g_store.vtpms[*nvtpms].offset);
+
+ ++*nvtpms;
+ size -= UUID_TBL_ENT_SIZE;
+ }
+ return ptr - table;
+}
+
+/* Extract the uuids */
+static int extract_uuid_table(uint8_t* table, int size) {
+ uint8_t* ptr = table;
+ for(;size >= UUID_TBL_ENT_SIZE; size -= UUID_TBL_ENT_SIZE) {
+ int index;
+ uint32_t v32;
+
+ /*uuid_t is just an array of bytes, so we can do a direct cast here */
+ uint8_t* uuid = ptr;
+ ptr += sizeof(uuid_t);
+
+ /* Get the offset of the key */
+ ptr = unpack_UINT32(ptr, &v32);
+
+ /* Insert the new vtpm in sorted order */
+ if((index = vtpm_get_index(uuid)) >= 0) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Vtpm (" UUID_FMT ") exists
multiple times! ignoring...\n", UUID_BYTES(uuid));
+ continue;
+ }
+ index = -index -1;
+
+ vtpm_add(uuid, v32, index);
+
+ }
+ return ptr - table;
+}
+
+static void vtpm_decrypt_block(aes_context* aes,
+ uint8_t* iv,
+ uint8_t* cipher,
+ uint8_t* plain,
+ int cipher_sz,
+ int* overlap)
+{
+ int bytes_ext;
+ /* Decrypt */
+ aes_crypt_cbc(aes, AES_DECRYPT,
+ cipher_sz,
+ iv, cipher, plain + *overlap);
+
+ /* Extract */
+ bytes_ext = extract_uuid_table(plain, cipher_sz + *overlap);
+
+ /* Copy left overs to the beginning */
+ *overlap = cipher_sz + *overlap - bytes_ext;
+ memcpy(plain, plain + bytes_ext, *overlap);
+}
+
+static int vtpm_encrypt_block(aes_context* aes,
+ uint8_t* iv,
+ uint8_t* plain,
+ uint8_t* cipher,
+ int block_sz,
+ int* overlap,
+ int* num_vtpms)
+{
+ int bytes_to_crypt;
+ int bytes_packed;
+
+ /* Pack the uuid table */
+ bytes_packed = *overlap + pack_uuid_table(plain + *overlap, block_sz -
*overlap, num_vtpms);
+ bytes_to_crypt = MIN(bytes_packed, block_sz);
+
+ /* Add padding if we aren''t on a multiple of the block size */
+ if(bytes_to_crypt & (AES_BLOCK_SIZE-1)) {
+ int oldsz = bytes_to_crypt;
+ //add padding
+ bytes_to_crypt += AES_BLOCK_SIZE - (bytes_to_crypt &
(AES_BLOCK_SIZE-1));
+ //fill padding with random bytes
+ vtpmmgr_rand(plain + oldsz, bytes_to_crypt - oldsz);
+ *overlap = 0;
+ } else {
+ *overlap = bytes_packed - bytes_to_crypt;
+ }
+
+ /* Encrypt this chunk */
+ aes_crypt_cbc(aes, AES_ENCRYPT,
+ bytes_to_crypt,
+ iv, plain, cipher);
+
+ /* Copy the left over partials to the beginning */
+ memcpy(plain, plain + bytes_to_crypt, *overlap);
+
+ return bytes_to_crypt;
+}
+
+static TPM_RESULT vtpm_storage_new_vtpm(const uuid_t uuid, int index) {
+ TPM_RESULT status = TPM_SUCCESS;
+ uint8_t plain[BUF_SIZE + AES_BLOCK_SIZE];
+ uint8_t buf[BUF_SIZE];
+ uint8_t* ptr;
+ int cipher_sz;
+ aes_context aes;
+
+ /* Add new vtpm to the table */
+ vtpm_add(uuid, g_store.end_offset, index);
+ g_store.end_offset += RSA_CIPHER_SIZE;
+
+ /* Compute the new end location of the encrypted uuid table */
+ cipher_sz = AES_BLOCK_SIZE; //IV
+ cipher_sz += g_store.num_vtpms * UUID_TBL_ENT_SIZE; //uuid table
+ cipher_sz += (AES_BLOCK_SIZE - (cipher_sz & (AES_BLOCK_SIZE -1))) &
(AES_BLOCK_SIZE-1); //aes padding
+
+ /* Does this overlap any key data? If so they need to be relocated */
+ int uuid_end = (g_store.uuid_offset + cipher_sz + RSA_CIPHER_SIZE) &
~(RSA_CIPHER_SIZE -1);
+ for(int i = 0; i < g_store.num_vtpms; ++i) {
+ if(g_store.vtpms[i].offset < uuid_end) {
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Relocating vtpm data\n");
+
+ //Read the hashkey cipher text
+ lseek(blkfront_fd, g_store.vtpms[i].offset, SEEK_SET);
+ TRY_READ(buf, RSA_CIPHER_SIZE, "vtpm hashkey relocate");
+
+ //Write the cipher text to new offset
+ lseek(blkfront_fd, g_store.end_offset, SEEK_SET);
+ TRY_WRITE(buf, RSA_CIPHER_SIZE, "vtpm hashkey relocate");
+
+ //Save new offset
+ g_store.vtpms[i].offset = g_store.end_offset;
+ g_store.end_offset += RSA_CIPHER_SIZE;
+ }
+ }
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Generating a new symmetric key\n");
+
+ /* Generate an aes key */
+ TPMTRYRETURN(vtpmmgr_rand(plain, AES_KEY_SIZE));
+ aes_setkey_enc(&aes, plain, AES_KEY_BITS);
+ ptr = plain + AES_KEY_SIZE;
+
+ /* Pack the crypted size */
+ ptr = pack_UINT32(ptr, cipher_sz);
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Binding encrypted key\n");
+
+ /* Seal the key and size */
+ TPMTRYRETURN(TPM_Bind(&vtpm_globals.storage_key,
+ plain,
+ ptr - plain,
+ buf));
+
+ /* Write the sealed key to disk */
+ lseek(blkfront_fd, g_store.aes_offset, SEEK_SET);
+ TRY_WRITE(buf, RSA_CIPHER_SIZE, "vtpm aes key");
+
+ /* ENCRYPT AND WRITE UUID TABLE */
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Encrypting the uuid table\n");
+
+ int num_vtpms = 0;
+ int overlap = 0;
+ int bytes_crypted;
+ uint8_t iv[AES_BLOCK_SIZE];
+
+ /* Generate the iv for the first block */
+ TPMTRYRETURN(vtpmmgr_rand(iv, AES_BLOCK_SIZE));
+
+ /* Copy the iv to the cipher text buffer to be written to disk */
+ memcpy(buf, iv, AES_BLOCK_SIZE);
+ ptr = buf + AES_BLOCK_SIZE;
+
+ /* Encrypt the first block of the uuid table */
+ bytes_crypted = vtpm_encrypt_block(&aes,
+ iv, //iv
+ plain, //plaintext
+ ptr, //cipher text
+ BUF_SIZE - AES_BLOCK_SIZE,
+ &overlap,
+ &num_vtpms);
+
+ /* Write the iv followed by the crypted table*/
+ TRY_WRITE(buf, bytes_crypted + AES_BLOCK_SIZE, "vtpm uuid table");
+
+ /* Decrement the number of bytes encrypted */
+ cipher_sz -= bytes_crypted + AES_BLOCK_SIZE;
+
+ /* If there are more vtpms, encrypt and write them block by block */
+ while(cipher_sz > 0) {
+ /* Encrypt the next block of the uuid table */
+ bytes_crypted = vtpm_encrypt_block(&aes,
+ iv,
+ plain,
+ buf,
+ BUF_SIZE,
+ &overlap,
+ &num_vtpms);
+
+ /* Write the cipher text to disk */
+ TRY_WRITE(buf, bytes_crypted, "vtpm uuid table");
+
+ cipher_sz -= bytes_crypted;
+ }
+
+ goto egress;
+abort_egress:
+egress:
+ return status;
+}
+
+
+/**************************************
+ * PUBLIC FUNCTIONS
+ * ***********************************/
+
+int vtpm_storage_init(void) {
+ struct blkfront_info info;
+ if((blkdev = init_blkfront(NULL, &info)) == NULL) {
+ return -1;
+ }
+ if((blkfront_fd = blkfront_open(blkdev)) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
+void vtpm_storage_shutdown(void) {
+ reset_store();
+ close(blkfront_fd);
+}
+
+TPM_RESULT vtpm_storage_load_hashkey(const uuid_t uuid, uint8_t
hashkey[HASHKEYSZ])
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ int index;
+ uint8_t cipher[RSA_CIPHER_SIZE];
+ uint8_t clear[RSA_CIPHER_SIZE];
+ UINT32 clear_size;
+
+ /* Find the index of this uuid */
+ if((index = vtpm_get_index(uuid)) < 0) {
+ index = -index-1;
+ vtpmlogerror(VTPM_LOG_VTPM, "LoadKey failure: Unrecognized uuid!
" UUID_FMT "\n", UUID_BYTES(uuid));
+ status = TPM_BAD_PARAMETER;
+ goto abort_egress;
+ }
+
+ /* Read the table entry */
+ lseek(blkfront_fd, g_store.vtpms[index].offset, SEEK_SET);
+ TRY_READ(cipher, RSA_CIPHER_SIZE, "vtpm hashkey data");
+
+ /* Decrypt the table entry */
+ TPMTRYRETURN(TPM_UnBind(
+ vtpm_globals.storage_key_handle,
+ RSA_CIPHER_SIZE,
+ cipher,
+ &clear_size,
+ clear,
+ (const TPM_AUTHDATA*)&vtpm_globals.storage_key_usage_auth,
+ &vtpm_globals.oiap));
+
+ if(clear_size < HASHKEYSZ) {
+ vtpmloginfo(VTPM_LOG_VTPM, "Decrypted Hash key size (%" PRIu32
") was too small!\n", clear_size);
+ status = TPM_RESOURCES;
+ goto abort_egress;
+ }
+
+ memcpy(hashkey, clear, HASHKEYSZ);
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Loaded hash and key for vtpm "
UUID_FMT "\n", UUID_BYTES(uuid));
+ goto egress;
+abort_egress:
+ vtpmlogerror(VTPM_LOG_VTPM, "Failed to load key\n");
+egress:
+ return status;
+}
+
+TPM_RESULT vtpm_storage_save_hashkey(const uuid_t uuid, uint8_t
hashkey[HASHKEYSZ])
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ int index;
+ uint8_t buf[RSA_CIPHER_SIZE];
+
+ /* Find the index of this uuid */
+ if((index = vtpm_get_index(uuid)) < 0) {
+ index = -index-1;
+ /* Create a new vtpm */
+ TPMTRYRETURN( vtpm_storage_new_vtpm(uuid, index) );
+ }
+
+ /* Encrypt the hash and key */
+ TPMTRYRETURN( TPM_Bind(&vtpm_globals.storage_key,
+ hashkey,
+ HASHKEYSZ,
+ buf));
+
+ /* Write to disk */
+ lseek(blkfront_fd, g_store.vtpms[index].offset, SEEK_SET);
+ TRY_WRITE(buf, RSA_CIPHER_SIZE, "vtpm hashkey data");
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Saved hash and key for vtpm " UUID_FMT
"\n", UUID_BYTES(uuid));
+ goto egress;
+abort_egress:
+ vtpmlogerror(VTPM_LOG_VTPM, "Failed to save key\n");
+egress:
+ return status;
+}
+
+TPM_RESULT vtpm_storage_new_header()
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ uint8_t buf[BUF_SIZE];
+ uint8_t keybuf[AES_KEY_SIZE + sizeof(uint32_t)];
+ uint8_t* ptr = buf;
+ uint8_t* sptr;
+
+ /* Clear everything first */
+ reset_store();
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Creating new disk image header\n");
+
+ /*Copy the ID string */
+ memcpy(ptr, IDSTR, IDSTRLEN);
+ ptr += IDSTRLEN;
+
+ /*Copy the version */
+ ptr = pack_UINT32(ptr, DISKVERS);
+
+ /*Save the location of the key size */
+ sptr = ptr;
+ ptr += sizeof(UINT32);
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Saving root storage key..\n");
+
+ /* Copy the storage key */
+ ptr = pack_TPM_KEY(ptr, &vtpm_globals.storage_key);
+
+ /* Now save the size */
+ pack_UINT32(sptr, ptr - (sptr + 4));
+
+ /* Create a fake aes key and set cipher text size to 0 */
+ memset(keybuf, 0, sizeof(keybuf));
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Binding uuid table symmetric
key..\n");
+
+ /* Save the location of the aes key */
+ g_store.aes_offset = ptr - buf;
+
+ /* Store the fake aes key and vtpm count */
+ TPMTRYRETURN(TPM_Bind(&vtpm_globals.storage_key,
+ keybuf,
+ sizeof(keybuf),
+ ptr));
+ ptr+= RSA_CIPHER_SIZE;
+
+ /* Write the header to disk */
+ lseek(blkfront_fd, 0, SEEK_SET);
+ TRY_WRITE(buf, ptr-buf, "vtpm header");
+
+ /* Save the location of the uuid table */
+ g_store.uuid_offset = get_offset();
+
+ /* Save the end offset */
+ g_store.end_offset = (g_store.uuid_offset + RSA_CIPHER_SIZE) &
~(RSA_CIPHER_SIZE -1);
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Saved new manager disk header.\n");
+
+ goto egress;
+abort_egress:
+egress:
+ return status;
+}
+
+
+TPM_RESULT vtpm_storage_load_header(void)
+{
+ TPM_RESULT status = TPM_SUCCESS;
+ uint32_t v32;
+ uint8_t buf[BUF_SIZE];
+ uint8_t* ptr = buf;
+ aes_context aes;
+
+ /* Clear everything first */
+ reset_store();
+
+ /* Read the header from disk */
+ lseek(blkfront_fd, 0, SEEK_SET);
+ TRY_READ(buf, IDSTRLEN + sizeof(UINT32) + sizeof(UINT32), "vtpm
header");
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Loading disk image header\n");
+
+ /* Verify the ID string */
+ if(memcmp(ptr, IDSTR, IDSTRLEN)) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Invalid ID string in disk
image!\n");
+ status = TPM_FAIL;
+ goto abort_egress;
+ }
+ ptr+=IDSTRLEN;
+
+ /* Unpack the version */
+ ptr = unpack_UINT32(ptr, &v32);
+
+ /* Verify the version */
+ if(v32 != DISKVERS) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Unsupported disk image version number
%" PRIu32 "\n", v32);
+ status = TPM_FAIL;
+ goto abort_egress;
+ }
+
+ /* Size of the storage key */
+ ptr = unpack_UINT32(ptr, &v32);
+
+ /* Sanity check */
+ if(v32 > BUF_SIZE) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Size of storage key (%" PRIu32
") is too large!\n", v32);
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+
+ /* read the storage key */
+ TRY_READ(buf, v32, "storage pub key");
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Unpacking storage key\n");
+
+ /* unpack the storage key */
+ ptr = unpack_TPM_KEY(buf, &vtpm_globals.storage_key, UNPACK_ALLOC);
+
+ /* Load Storage Key into the TPM */
+ TPMTRYRETURN( TPM_LoadKey(
+ TPM_SRK_KEYHANDLE,
+ &vtpm_globals.storage_key,
+ &vtpm_globals.storage_key_handle,
+ (const TPM_AUTHDATA*)&vtpm_globals.srk_auth,
+ &vtpm_globals.oiap));
+
+ /* Initialize the storage key auth */
+ memset(vtpm_globals.storage_key_usage_auth, 0, sizeof(TPM_AUTHDATA));
+
+ /* Store the offset of the aes key */
+ g_store.aes_offset = get_offset();
+
+ /* Read the rsa cipher text for the aes key */
+ TRY_READ(buf, RSA_CIPHER_SIZE, "aes key");
+ ptr = buf + RSA_CIPHER_SIZE;
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Unbinding uuid table symmetric
key\n");
+
+ /* Decrypt the aes key protecting the uuid table */
+ UINT32 datalen;
+ TPMTRYRETURN(TPM_UnBind(
+ vtpm_globals.storage_key_handle,
+ RSA_CIPHER_SIZE,
+ buf,
+ &datalen,
+ ptr,
+ (const TPM_AUTHDATA*)&vtpm_globals.storage_key_usage_auth,
+ &vtpm_globals.oiap));
+
+ /* Validate the length of the output buffer */
+ if(datalen < AES_KEY_SIZE + sizeof(UINT32)) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Unbound AES key size (%d) was too
small! expected (%ld)\n", datalen, AES_KEY_SIZE + sizeof(UINT32));
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+
+ /* Extract the aes key */
+ aes_setkey_dec(&aes, ptr, AES_KEY_BITS);
+ ptr+= AES_KEY_SIZE;
+
+ /* Extract the ciphertext size */
+ ptr = unpack_UINT32(ptr, &v32);
+ int cipher_size = v32;
+
+ /* Sanity check */
+ if(cipher_size & (AES_BLOCK_SIZE-1)) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Cipher text size (%" PRIu32
") is not a multiple of the aes block size! (%d)\n", v32,
AES_BLOCK_SIZE);
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+
+ /* Save the location of the uuid table */
+ g_store.uuid_offset = get_offset();
+
+ /* Only decrypt the table if there are vtpms to decrypt */
+ if(cipher_size > 0) {
+ int rbytes;
+ int overlap = 0;
+ uint8_t plain[BUF_SIZE + AES_BLOCK_SIZE];
+ uint8_t iv[AES_BLOCK_SIZE];
+
+ vtpmloginfo(VTPM_LOG_VTPM, "Decrypting uuid table\n");
+
+ /* Pre allocate the vtpm array */
+ g_store.num_vtpms_alloced = cipher_size / UUID_TBL_ENT_SIZE;
+ g_store.vtpms = malloc(sizeof(struct Vtpm) * g_store.num_vtpms_alloced);
+
+ /* Read the iv and the first chunk of cipher text */
+ rbytes = MIN(cipher_size, BUF_SIZE);
+ TRY_READ(buf, rbytes, "vtpm uuid table\n");
+ cipher_size -= rbytes;
+
+ /* Copy the iv */
+ memcpy(iv, buf, AES_BLOCK_SIZE);
+ ptr = buf + AES_BLOCK_SIZE;
+
+ /* Remove the iv from the number of bytes to decrypt */
+ rbytes -= AES_BLOCK_SIZE;
+
+ /* Decrypt and extract vtpms */
+ vtpm_decrypt_block(&aes,
+ iv, ptr, plain,
+ rbytes, &overlap);
+
+ /* Read the rest of the table if there is more */
+ while(cipher_size > 0) {
+ /* Read next chunk of cipher text */
+ rbytes = MIN(cipher_size, BUF_SIZE);
+ TRY_READ(buf, rbytes, "vtpm uuid table");
+ cipher_size -= rbytes;
+
+ /* Decrypt a block of text */
+ vtpm_decrypt_block(&aes,
+ iv, buf, plain,
+ rbytes, &overlap);
+
+ }
+ vtpmloginfo(VTPM_LOG_VTPM, "Loaded %d vtpms!\n",
g_store.num_vtpms);
+ }
+
+ /* The end of the key table, new vtpms go here */
+ int uuid_end = (get_offset() + RSA_CIPHER_SIZE) & ~(RSA_CIPHER_SIZE -1);
+ g_store.end_offset = uuid_end;
+
+ /* Compute the end offset while validating vtpms*/
+ for(int i = 0; i < g_store.num_vtpms; ++i) {
+ /* offset must not collide with previous data */
+ if(g_store.vtpms[i].offset < uuid_end) {
+ vtpmlogerror(VTPM_LOG_VTPM, "vtpm: " UUID_FMT
+ " offset (%d) is before end of uuid table (%d)!\n",
+ UUID_BYTES(g_store.vtpms[i].uuid),
+ g_store.vtpms[i].offset, uuid_end);
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+ /* offset must be at a multiple of cipher size */
+ if(g_store.vtpms[i].offset & (RSA_CIPHER_SIZE-1)) {
+ vtpmlogerror(VTPM_LOG_VTPM, "vtpm: " UUID_FMT
+ " offset(%d) is not at a multiple of the rsa cipher text
size (%d)!\n",
+ UUID_BYTES(g_store.vtpms[i].uuid),
+ g_store.vtpms[i].offset, RSA_CIPHER_SIZE);
+ status = TPM_IOERROR;
+ goto abort_egress;
+ }
+ /* Save the last offset */
+ if(g_store.vtpms[i].offset >= g_store.end_offset) {
+ g_store.end_offset = g_store.vtpms[i].offset + RSA_CIPHER_SIZE;
+ }
+ }
+
+ goto egress;
+abort_egress:
+ //An error occured somewhere
+ vtpmlogerror(VTPM_LOG_VTPM, "Failed to load manager data!\n");
+
+ //Clear the data store
+ reset_store();
+
+ //Reset the storage key structure
+ free_TPM_KEY(&vtpm_globals.storage_key);
+ {
+ TPM_KEY key = TPM_KEY_INIT;
+ vtpm_globals.storage_key = key;
+ }
+
+ //Reset the storage key handle
+ TPM_EvictKey(vtpm_globals.storage_key_handle);
+ vtpm_globals.storage_key_handle = 0;
+egress:
+ return status;
+}
+
+#if 0
+/* For testing disk IO */
+void add_fake_vtpms(int num) {
+ for(int i = 0; i < num; ++i) {
+ uint32_t ind = cpu_to_be32(i);
+
+ uuid_t uuid;
+ memset(uuid, 0, sizeof(uuid_t));
+ memcpy(uuid, &ind, sizeof(ind));
+ int index = vtpm_get_index(uuid);
+ index = -index-1;
+
+ vtpm_storage_new_vtpm(uuid, index);
+ }
+}
+#endif
diff --git a/stubdom/vtpmmgr/vtpm_storage.h b/stubdom/vtpmmgr/vtpm_storage.h
new file mode 100644
index 0000000..a5a5fd7
--- /dev/null
+++ b/stubdom/vtpmmgr/vtpm_storage.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef VTPM_STORAGE_H
+#define VTPM_STORAGE_h
+
+#include "uuid.h"
+
+#define VTPM_NVMKEY_SIZE 32
+#define HASHKEYSZ (sizeof(TPM_DIGEST) + VTPM_NVMKEY_SIZE)
+
+/* Initialize the storage system and its virtual disk */
+int vtpm_storage_init(void);
+
+/* Shutdown the storage system and its virtual disk */
+void vtpm_storage_shutdown(void);
+
+/* Loads Sha1 hash and 256 bit AES key from disk and stores them
+ * packed together in outbuf. outbuf must be freed
+ * by the caller using buffer_free()
+ */
+TPM_RESULT vtpm_storage_load_hashkey(const uuid_t uuid, uint8_t
hashkey[HASHKEYSZ]);
+
+/* inbuf must contain a sha1 hash followed by a 256 bit AES key.
+ * Encrypts and stores the hash and key to disk */
+TPM_RESULT vtpm_storage_save_hashkey(const uuid_t uuid, uint8_t
hashkey[HASHKEYSZ]);
+
+/* Load the vtpm manager data - call this on startup */
+TPM_RESULT vtpm_storage_load_header(void);
+
+/* Saves the vtpm manager data - call this on shutdown */
+TPM_RESULT vtpm_storage_new_header(void);
+
+
+#endif
diff --git a/stubdom/vtpmmgr/vtpmmgr.c b/stubdom/vtpmmgr/vtpmmgr.c
new file mode 100644
index 0000000..563f4e8
--- /dev/null
+++ b/stubdom/vtpmmgr/vtpmmgr.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include <stdint.h>
+#include <mini-os/tpmback.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "log.h"
+
+#include "vtpmmgr.h"
+#include "tcg.h"
+
+
+void main_loop(void) {
+ tpmcmd_t* tpmcmd;
+ uint8_t respbuf[TCPA_MAX_BUFFER_LENGTH];
+
+ while(1) {
+ /* Wait for requests from a vtpm */
+ vtpmloginfo(VTPM_LOG_VTPM, "Waiting for commands from
vTPM''s:\n");
+ if((tpmcmd = tpmback_req_any()) == NULL) {
+ vtpmlogerror(VTPM_LOG_VTPM, "NULL tpmcmd\n");
+ continue;
+ }
+
+ tpmcmd->resp = respbuf;
+
+ /* Process the command */
+ vtpmmgr_handle_cmd(tpmcmd->uuid, tpmcmd);
+
+ /* Send response */
+ tpmback_resp(tpmcmd);
+ }
+}
+
+int main(int argc, char** argv)
+{
+ int rc = 0;
+ sleep(2);
+ vtpmloginfo(VTPM_LOG_VTPM, "Starting vTPM manager domain\n");
+
+ /* Initialize the vtpm manager */
+ if(vtpmmgr_init(argc, argv) != TPM_SUCCESS) {
+ vtpmlogerror(VTPM_LOG_VTPM, "Unable to initialize vtpmmgr
domain!\n");
+ rc = -1;
+ goto exit;
+ }
+
+ main_loop();
+
+ vtpmloginfo(VTPM_LOG_VTPM, "vTPM Manager shutting down...\n");
+
+ vtpmmgr_shutdown();
+
+exit:
+ return rc;
+
+}
diff --git a/stubdom/vtpmmgr/vtpmmgr.h b/stubdom/vtpmmgr/vtpmmgr.h
new file mode 100644
index 0000000..50a1992
--- /dev/null
+++ b/stubdom/vtpmmgr/vtpmmgr.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2010-2012 United States Government, as represented by
+ * the Secretary of Defense. All rights reserved.
+ *
+ * based off of the original tools/vtpm_manager code base which is:
+ * Copyright (c) 2005, Intel Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef VTPMMGR_H
+#define VTPMMGR_H
+
+#include <mini-os/tpmback.h>
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+
+#include "uuid.h"
+#include "tcg.h"
+#include "vtpm_manager.h"
+
+#define RSA_KEY_SIZE 0x0800
+#define RSA_CIPHER_SIZE (RSA_KEY_SIZE / 8)
+
+struct vtpm_globals {
+ int tpm_fd;
+ TPM_KEY storage_key;
+ TPM_HANDLE storage_key_handle; // Key used by persistent
store
+ TPM_AUTH_SESSION oiap; // OIAP session for storageKey
+ TPM_AUTHDATA storage_key_usage_auth;
+
+ TPM_AUTHDATA owner_auth;
+ TPM_AUTHDATA srk_auth;
+
+ entropy_context entropy;
+ ctr_drbg_context ctr_drbg;
+};
+
+// --------------------------- Global Values --------------------------
+extern struct vtpm_globals vtpm_globals; // Key info and DMI states
+
+TPM_RESULT vtpmmgr_init(int argc, char** argv);
+void vtpmmgr_shutdown(void);
+
+TPM_RESULT vtpmmgr_handle_cmd(const uuid_t uuid, tpmcmd_t* tpmcmd);
+
+inline TPM_RESULT vtpmmgr_rand(unsigned char* bytes, size_t num_bytes) {
+ return ctr_drbg_random(&vtpm_globals.ctr_drbg, bytes, num_bytes) == 0 ?
0 : TPM_FAIL;
+}
+
+#endif
--
1.7.10.4
Matthew Fioravante
2012-Nov-15 15:17 UTC
[PATCH VTPM v3 10/10] vtpm/vtpmmgr and required libs to stubdom/Makefile
Add 3 new libraries to stubdom:
libgmp
polarssl
Berlios TPM Emulator 0.7.4
Also adds makefile structure for vtpm-stubdom and vtpmmgrdom
Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
stubdom/Makefile | 138 +++++++++++++++++++++++++++++++++++++++++++-
stubdom/polarssl.patch | 64 ++++++++++++++++++++
stubdom/tpmemu-0.7.4.patch | 12 ++++
3 files changed, 211 insertions(+), 3 deletions(-)
create mode 100644 stubdom/polarssl.patch
create mode 100644 stubdom/tpmemu-0.7.4.patch
diff --git a/stubdom/Makefile b/stubdom/Makefile
index 50ba360..fc70d88 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -31,6 +31,18 @@ GRUB_VERSION=0.97
OCAML_URL?=http://caml.inria.fr/pub/distrib/ocaml-3.11
OCAML_VERSION=3.11.0
+GMP_VERSION=4.3.2
+GMP_URL?=$(XEN_EXTFILES_URL)
+#GMP_URL?=ftp://ftp.gmplib.org/pub/gmp-$(GMP_VERSION)
+
+POLARSSL_VERSION=1.1.4
+POLARSSL_URL?=$(XEN_EXTFILES_URL)
+#POLARSSL_URL?=http://polarssl.org/code/releases
+
+TPMEMU_VERSION=0.7.4
+TPMEMU_URL?=$(XEN_EXTFILES_URL)
+#TPMEMU_URL?=http://download.berlios.de/tpm-emulator
+
WGET=wget -c
GNU_TARGET_ARCH:=$(XEN_TARGET_ARCH)
@@ -74,12 +86,12 @@ TARGET_CPPFLAGS += -I$(XEN_ROOT)/xen/include
TARGET_LDFLAGS += -nostdlib -L$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib
-TARGETS=ioemu c caml grub xenstore
+TARGETS=ioemu c caml grub xenstore vtpm vtpmmgr
.PHONY: all
all: build
ifeq ($(STUBDOM_SUPPORTED),1)
-build: genpath ioemu-stubdom c-stubdom pv-grub xenstore-stubdom
+build: genpath ioemu-stubdom c-stubdom pv-grub xenstore-stubdom vtpm-stubdom
vtpmmgrdom
else
build: genpath
endif
@@ -176,6 +188,76 @@ lwip-$(XEN_TARGET_ARCH): lwip-$(LWIP_VERSION).tar.gz
touch $@
#############
+# cross-gmp
+#############
+gmp-$(GMP_VERSION).tar.bz2:
+ $(WGET) $(GMP_URL)/$@
+
+.PHONY: cross-gmp
+ifeq ($(XEN_TARGET_ARCH), x86_32)
+ GMPEXT=ABI=32
+endif
+gmp-$(XEN_TARGET_ARCH): gmp-$(GMP_VERSION).tar.bz2 $(NEWLIB_STAMPFILE)
+ tar xjf $<
+ mv gmp-$(GMP_VERSION) $@
+ #patch -d $@ -p0 < gmp.patch
+ cd $@; CPPFLAGS="-isystem
$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include $(TARGET_CPPFLAGS)"
CFLAGS="$(TARGET_CFLAGS)" CC=$(CC) $(GMPEXT) ./configure
--disable-shared --enable-static --disable-fft --without-readline
--prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf
+ sed -i ''s/#define HAVE_OBSTACK_VPRINTF 1/\/\/#define
HAVE_OBSTACK_VPRINTF 1/'' $@/config.h
+ touch $@
+
+GMP_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libgmp.a
+cross-gmp: $(GMP_STAMPFILE)
+$(GMP_STAMPFILE): gmp-$(XEN_TARGET_ARCH)
+ ( cd $< && \
+ $(MAKE) && \
+ $(MAKE) install )
+
+#############
+# cross-polarssl
+#############
+polarssl-$(POLARSSL_VERSION)-gpl.tgz:
+ $(WGET) $(POLARSSL_URL)/$@
+
+polarssl-$(XEN_TARGET_ARCH): polarssl-$(POLARSSL_VERSION)-gpl.tgz
+ tar xzf $<
+ mv polarssl-$(POLARSSL_VERSION) $@
+ patch -d $@ -p1 < polarssl.patch
+ touch $@
+
+POLARSSL_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libpolarssl.a
+cross-polarssl: $(POLARSSL_STAMPFILE)
+$(POLARSSL_STAMPFILE): polarssl-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE)
lwip-$(XEN_TARGET_ARCH)
+ ( cd $</library && \
+ make CC="$(CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -I $(realpath
$(MINI_OS)/include)" && \
+ mkdir -p $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include && \
+ cp -r ../include/* $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include
&& \
+ mkdir -p $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib && \
+ $(INSTALL_DATA) libpolarssl.a
$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/ )
+
+#############
+# cross-tpmemu
+#############
+tpm_emulator-$(TPMEMU_VERSION).tar.gz:
+ $(WGET) $(TPMEMU_URL)/$@
+
+tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz
+ tar xzf $<
+ mv tpm_emulator-$(TPMEMU_VERSION) $@
+ patch -d $@ -p1 < tpmemu-$(TPMEMU_VERSION).patch;
+ mkdir $@/build
+ cd $@/build; cmake .. -DCMAKE_C_COMPILER=${CC} -DCMAKE_C_FLAGS="-std=c99
-DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS)
-Wno-declaration-after-statement"
+ touch $@
+
+TPMEMU_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libtpm.a
+$(TPMEMU_STAMPFILE): tpm_emulator-$(XEN_TARGET_ARCH) $(GMP_STAMPFILE)
+ ( cd $</build && make VERBOSE=1 tpm_crypto tpm )
+ cp $</build/crypto/libtpm_crypto.a
$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libtpm_crypto.a
+ cp $</build/tpm/libtpm.a $(TPMEMU_STAMPFILE)
+
+.PHONY: cross-tpmemu
+cross-tpmemu: $(TPMEMU_STAMPFILE)
+
+#############
# Cross-ocaml
#############
@@ -319,6 +401,24 @@ c: $(CROSS_ROOT)
CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) DESTDIR= -C $@ LWIPDIR=$(CURDIR)/lwip-$(XEN_TARGET_ARCH)
######
+# VTPM
+######
+
+.PHONY: vtpm
+vtpm: cross-polarssl cross-tpmemu
+ make -C $(MINI_OS) links
+ XEN_TARGET_ARCH="$(XEN_TARGET_ARCH)"
CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) -C $@
+
+######
+# VTPMMGR
+######
+
+.PHONY: vtpmmgr
+vtpmmgr: cross-polarssl
+ make -C $(MINI_OS) links
+ XEN_TARGET_ARCH="$(XEN_TARGET_ARCH)"
CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) -C $@
+
+######
# Grub
######
@@ -362,6 +462,14 @@ caml-stubdom: mini-os-$(XEN_TARGET_ARCH)-caml
lwip-$(XEN_TARGET_ARCH) libxc cros
c-stubdom: mini-os-$(XEN_TARGET_ARCH)-c lwip-$(XEN_TARGET_ARCH) libxc c
DEF_CPPFLAGS="$(TARGET_CPPFLAGS)"
DEF_CFLAGS="$(TARGET_CFLAGS)"
DEF_LDFLAGS="$(TARGET_LDFLAGS)"
MINIOS_CONFIG="$(CURDIR)/c/minios.cfg" $(MAKE) DESTDIR= -C $(MINI_OS)
OBJ_DIR=$(CURDIR)/$< LWIPDIR=$(CURDIR)/lwip-$(XEN_TARGET_ARCH)
APP_OBJS=$(CURDIR)/c/main.a
+.PHONY: vtpm-stubdom
+vtpm-stubdom: mini-os-$(XEN_TARGET_ARCH)-vtpm vtpm
+ DEF_CPPFLAGS="$(TARGET_CPPFLAGS)"
DEF_CFLAGS="$(TARGET_CFLAGS)"
DEF_LDFLAGS="$(TARGET_LDFLAGS)"
MINIOS_CONFIG="$(CURDIR)/vtpm/minios.cfg" $(MAKE) -C $(MINI_OS)
OBJ_DIR=$(CURDIR)/$< APP_OBJS="$(CURDIR)/vtpm/vtpm.a"
APP_LDLIBS="-ltpm -ltpm_crypto -lgmp"
+
+.PHONY: vtpmmgrdom
+vtpmmgrdom: mini-os-$(XEN_TARGET_ARCH)-vtpmmgr vtpmmgr
+ DEF_CPPFLAGS="$(TARGET_CPPFLAGS)"
DEF_CFLAGS="$(TARGET_CFLAGS)"
DEF_LDFLAGS="$(TARGET_LDFLAGS)"
MINIOS_CONFIG="$(CURDIR)/vtpmmgr/minios.cfg" $(MAKE) -C $(MINI_OS)
OBJ_DIR=$(CURDIR)/$< APP_OBJS="$(CURDIR)/vtpmmgr/vtpmmgr.a"
APP_LDLIBS="-lm"
+
.PHONY: pv-grub
pv-grub: mini-os-$(XEN_TARGET_ARCH)-grub libxc grub
DEF_CPPFLAGS="$(TARGET_CPPFLAGS)"
DEF_CFLAGS="$(TARGET_CFLAGS)"
DEF_LDFLAGS="$(TARGET_LDFLAGS)"
MINIOS_CONFIG="$(CURDIR)/grub/minios.cfg" $(MAKE) DESTDIR= -C
$(MINI_OS) OBJ_DIR=$(CURDIR)/$<
APP_OBJS=$(CURDIR)/grub-$(XEN_TARGET_ARCH)/main.a
@@ -375,7 +483,7 @@ xenstore-stubdom: mini-os-$(XEN_TARGET_ARCH)-xenstore libxc
xenstore
#########
ifeq ($(STUBDOM_SUPPORTED),1)
-install: genpath install-readme install-ioemu install-grub install-xenstore
+install: genpath install-readme install-ioemu install-grub install-xenstore
install-vtpm install-vtpmmgr
else
install: genpath
endif
@@ -399,6 +507,14 @@ install-xenstore: xenstore-stubdom
$(INSTALL_DIR) "$(DESTDIR)/usr/lib/xen/boot"
$(INSTALL_DATA) mini-os-$(XEN_TARGET_ARCH)-xenstore/mini-os.gz
"$(DESTDIR)/usr/lib/xen/boot/xenstore-stubdom.gz"
+install-vtpm: vtpm-stubdom
+ $(INSTALL_DIR) "$(DESTDIR)$(XENFIRMWAREDIR)"
+ $(INSTALL_PROG) mini-os-$(XEN_TARGET_ARCH)-vtpm/mini-os.gz
"$(DESTDIR)$(XENFIRMWAREDIR)/vtpm-stubdom.gz"
+
+install-vtpmmgr: vtpm-stubdom
+ $(INSTALL_DIR) "$(DESTDIR)$(XENFIRMWAREDIR)"
+ $(INSTALL_PROG) mini-os-$(XEN_TARGET_ARCH)-vtpmmgr/mini-os.gz
"$(DESTDIR)$(XENFIRMWAREDIR)/vtpmmgrdom.gz"
+
#######
# clean
#######
@@ -411,8 +527,12 @@ clean:
rm -fr mini-os-$(XEN_TARGET_ARCH)-caml
rm -fr mini-os-$(XEN_TARGET_ARCH)-grub
rm -fr mini-os-$(XEN_TARGET_ARCH)-xenstore
+ rm -fr mini-os-$(XEN_TARGET_ARCH)-vtpm
+ rm -fr mini-os-$(XEN_TARGET_ARCH)-vtpmmgr
$(MAKE) DESTDIR= -C caml clean
$(MAKE) DESTDIR= -C c clean
+ $(MAKE) -C vtpm clean
+ $(MAKE) -C vtpmmgr clean
rm -fr grub-$(XEN_TARGET_ARCH)
rm -f $(STUBDOMPATH)
[ ! -d libxc-$(XEN_TARGET_ARCH) ] || $(MAKE) DESTDIR= -C
libxc-$(XEN_TARGET_ARCH) clean
@@ -426,6 +546,10 @@ crossclean: clean
rm -fr newlib-$(XEN_TARGET_ARCH)
rm -fr zlib-$(XEN_TARGET_ARCH) pciutils-$(XEN_TARGET_ARCH)
rm -fr libxc-$(XEN_TARGET_ARCH) ioemu
+ rm -fr gmp-$(XEN_TARGET_ARCH)
+ rm -fr polarssl-$(XEN_TARGET_ARCH)
+ rm -fr openssl-$(XEN_TARGET_ARCH)
+ rm -fr tpm_emulator-$(XEN_TARGET_ARCH)
rm -f mk-headers-$(XEN_TARGET_ARCH)
rm -fr ocaml-$(XEN_TARGET_ARCH)
rm -fr include
@@ -434,6 +558,10 @@ crossclean: clean
.PHONY: patchclean
patchclean: crossclean
rm -fr newlib-$(NEWLIB_VERSION)
+ rm -fr gmp-$(XEN_TARGET_ARCH)
+ rm -fr polarssl-$(XEN_TARGET_ARCH)
+ rm -fr openssl-$(XEN_TARGET_ARCH)
+ rm -fr tpm_emulator-$(XEN_TARGET_ARCH)
rm -fr lwip-$(XEN_TARGET_ARCH)
rm -fr grub-upstream
@@ -442,10 +570,14 @@ patchclean: crossclean
downloadclean: patchclean
rm -f newlib-$(NEWLIB_VERSION).tar.gz
rm -f zlib-$(ZLIB_VERSION).tar.gz
+ rm -f gmp-$(GMP_VERSION).tar.gz
+ rm -f tpm_emulator-$(TPMEMU_VERSION).tar.gz
rm -f pciutils-$(LIBPCI_VERSION).tar.bz2
rm -f grub-$(GRUB_VERSION).tar.gz
rm -f lwip-$(LWIP_VERSION).tar.gz
rm -f ocaml-$(OCAML_VERSION).tar.gz
+ rm -f polarssl-$(POLARSSL_VERSION)-gpl.tgz
+ rm -f openssl-$(POLARSSL_VERSION)-gpl.tgz
.PHONY: distclean
distclean: downloadclean
diff --git a/stubdom/polarssl.patch b/stubdom/polarssl.patch
new file mode 100644
index 0000000..d387d4e
--- /dev/null
+++ b/stubdom/polarssl.patch
@@ -0,0 +1,64 @@
+diff -Naur polarssl-1.1.4/include/polarssl/config.h
polarssl-x86_64/include/polarssl/config.h
+--- polarssl-1.1.4/include/polarssl/config.h 2011-12-22 05:06:27.000000000
-0500
++++ polarssl-x86_64/include/polarssl/config.h 2012-10-30 17:18:07.567001000
-0400
+@@ -164,8 +164,8 @@
+ * application.
+ *
+ * Uncomment this macro to prevent loading of default entropy functions.
+-#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ */
++#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+
+ /**
+ * \def POLARSSL_NO_PLATFORM_ENTROPY
+@@ -175,8 +175,8 @@
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+-#define POLARSSL_NO_PLATFORM_ENTROPY
+ */
++#define POLARSSL_NO_PLATFORM_ENTROPY
+
+ /**
+ * \def POLARSSL_PKCS1_V21
+@@ -426,8 +426,8 @@
+ * Requires: POLARSSL_TIMING_C
+ *
+ * This module enables the HAVEGE random number generator.
+- */
+ #define POLARSSL_HAVEGE_C
++ */
+
+ /**
+ * \def POLARSSL_MD_C
+@@ -490,7 +490,7 @@
+ *
+ * This module provides TCP/IP networking routines.
+ */
+-#define POLARSSL_NET_C
++//#define POLARSSL_NET_C
+
+ /**
+ * \def POLARSSL_PADLOCK_C
+@@ -644,8 +644,8 @@
+ * Caller: library/havege.c
+ *
+ * This module is used by the HAVEGE random number generator.
+- */
+ #define POLARSSL_TIMING_C
++ */
+
+ /**
+ * \def POLARSSL_VERSION_C
+diff -Naur polarssl-1.1.4/library/bignum.c polarssl-x86_64/library/bignum.c
+--- polarssl-1.1.4/library/bignum.c 2012-04-29 16:15:55.000000000 -0400
++++ polarssl-x86_64/library/bignum.c 2012-10-30 17:21:52.135000999 -0400
+@@ -1101,7 +1101,7 @@
+ Z.p[i - t - 1] = ~0;
+ else
+ {
+-#if defined(POLARSSL_HAVE_LONGLONG)
++#if 0 //defined(POLARSSL_HAVE_LONGLONG)
+ t_udbl r;
+
+ r = (t_udbl) X.p[i] << biL;
diff --git a/stubdom/tpmemu-0.7.4.patch b/stubdom/tpmemu-0.7.4.patch
new file mode 100644
index 0000000..b84eff1
--- /dev/null
+++ b/stubdom/tpmemu-0.7.4.patch
@@ -0,0 +1,12 @@
+diff -Naur tpm_emulator-x86_64-back/tpm/tpm_emulator_extern.c
tpm_emulator-x86_64/tpm/tpm_emulator_extern.c
+--- tpm_emulator-x86_64-back/tpm/tpm_emulator_extern.c 2012-04-27
10:55:46.581963398 -0400
++++ tpm_emulator-x86_64/tpm/tpm_emulator_extern.c 2012-04-27 10:56:02.193034152
-0400
+@@ -249,7 +249,7 @@
+ #else /* TPM_NO_EXTERN */
+
+ int (*tpm_extern_init)(void) = NULL;
+-int (*tpm_extern_release)(void) = NULL;
++void (*tpm_extern_release)(void) = NULL;
+ void* (*tpm_malloc)(size_t size) = NULL;
+ void (*tpm_free)(/*const*/ void *ptr) = NULL;
+ void (*tpm_log)(int priority, const char *fmt, ...) = NULL;
--
1.7.10.4
Ian Campbell
2012-Nov-19 12:27 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
On Thu, 2012-11-15 at 15:17 +0000, Matthew Fioravante wrote:> Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> > --- > docs/man/xm.pod.1 | 11 --- > tools/python/README.XendConfig | 2 - > tools/python/README.sxpcfg | 4 - > tools/python/scripts/xapi.py | 20 ---- > tools/python/xen/xend/XendAPI.py | 128 ------------------------ > tools/python/xen/xend/XendConfig.py | 19 +--- > tools/python/xen/xend/XendConstants.py | 8 +- > tools/python/xen/xend/XendDevices.py | 4 +- > tools/python/xen/xend/XendDomainInfo.py | 29 ------ > tools/python/xen/xend/XendError.py | 1 - > tools/python/xen/xend/XendOptions.py | 4 - > tools/python/xen/xend/server/tpmif.py | 141 --------------------------- > tools/python/xen/xend/tests/xend-config.sxp | 2 - > tools/python/xen/xm/create.dtd | 4 - > tools/python/xen/xm/create.py | 69 ------------- > tools/python/xen/xm/main.py | 37 ------- > tools/python/xen/xm/xenapi_create.py | 39 -------- > 17 files changed, 4 insertions(+), 518 deletions(-) > delete mode 100644 tools/python/xen/xend/server/tpmif.pyI know I guided you down this path in the first place but I''m starting to wonder if removing the process model is/was the right thing to do for xend. It''s one thing for xend to be deprecated and unmaintained, but actively removing features is a bit more than that. Looking back at 26144:170d45f7a2eb I see in the commit message: Remove the old vtpm process model. It doesn''t work very well and is no longer supported. Also looking back in the previous mail threads I see: The vtpm_manager code is full of bugs and actually needs a complete rewrite. The amount of careless memory leaks and other bugs I found when trying to use it were pretty astounding. The first manager patch fixes most of the ones I could find to get the manager to work properly. The managers current form in the xen tree is actually pretty unusable. I don''t have time to rewrite the manager, but what I''m offering here is at least a huge improvement over the old code. and also: I don''t know if there is anyone who would want to still use vtpms as processes when the stub domains are now available. Security research people like the domain model because it guarantees a better separation of components guaranteed by the hypervisor and doesn''t have to trust the dom0 OS. Which suggests that the number of people using the process model stuff with xend is likely to be indistinguishable from zero. Do you have any idea if there is anyone actually using it? In any case it does seem like anyone who is using the vtpm with xend is playing with fire since it is unmaintained and full of bugs, which isn''t a good thing in a component which is supposed to be *increasing* security. Daniel/Pasi, I''ve CCd you since I thought you might have some insights into how much use the process model vtpm stuff in xend is getting in the field etc. BTW I''m not suggesting that we (or you) maintain or even update the process model stuff or xm/xend, just that we leave it as it was (i.e. in a poor state + lagging behind the libxl based stubdom stuff) until xend fully goes away. Anyhow, since we need to revert 26144:170d45f7a2eb if we decide to go back on this decision I''m going to apply this anyway, what''s one more revert ;-). Same applies to a bunch of the following patches which build on this removal. Ian
Pasi Kärkkäinen
2012-Nov-19 12:49 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
On Mon, Nov 19, 2012 at 12:27:04PM +0000, Ian Campbell wrote:> On Thu, 2012-11-15 at 15:17 +0000, Matthew Fioravante wrote: > > Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> > > --- > > docs/man/xm.pod.1 | 11 --- > > tools/python/README.XendConfig | 2 - > > tools/python/README.sxpcfg | 4 - > > tools/python/scripts/xapi.py | 20 ---- > > tools/python/xen/xend/XendAPI.py | 128 ------------------------ > > tools/python/xen/xend/XendConfig.py | 19 +--- > > tools/python/xen/xend/XendConstants.py | 8 +- > > tools/python/xen/xend/XendDevices.py | 4 +- > > tools/python/xen/xend/XendDomainInfo.py | 29 ------ > > tools/python/xen/xend/XendError.py | 1 - > > tools/python/xen/xend/XendOptions.py | 4 - > > tools/python/xen/xend/server/tpmif.py | 141 --------------------------- > > tools/python/xen/xend/tests/xend-config.sxp | 2 - > > tools/python/xen/xm/create.dtd | 4 - > > tools/python/xen/xm/create.py | 69 ------------- > > tools/python/xen/xm/main.py | 37 ------- > > tools/python/xen/xm/xenapi_create.py | 39 -------- > > 17 files changed, 4 insertions(+), 518 deletions(-) > > delete mode 100644 tools/python/xen/xend/server/tpmif.py > > I know I guided you down this path in the first place but I''m starting > to wonder if removing the process model is/was the right thing to do for > xend. It''s one thing for xend to be deprecated and unmaintained, but > actively removing features is a bit more than that. > > Looking back at 26144:170d45f7a2eb I see in the commit message: > Remove the old vtpm process model. It doesn''t work very well and > is no longer supported. > > Also looking back in the previous mail threads I see: > The vtpm_manager code is full of bugs and actually needs a > complete rewrite. The amount of careless memory leaks and other > bugs I found when trying to use it were pretty astounding. The > first manager patch fixes most of the ones I could find to get > the manager to work properly. > > The managers current form in the xen tree is actually pretty > unusable. I don''t have time to rewrite the manager, but what I''m > offering here is at least a huge improvement over the old code. > > and also: > I don''t know if there is anyone who would want to still use > vtpms as > processes when the stub domains are now available. Security > research > people like the domain model because it guarantees a better > separation of components guaranteed by the hypervisor and > doesn''t have to trust the dom0 OS. > > Which suggests that the number of people using the process model stuff > with xend is likely to be indistinguishable from zero. Do you have any > idea if there is anyone actually using it? > > In any case it does seem like anyone who is using the vtpm with xend is > playing with fire since it is unmaintained and full of bugs, which isn''t > a good thing in a component which is supposed to be *increasing* > security. > > Daniel/Pasi, I''ve CCd you since I thought you might have some insights > into how much use the process model vtpm stuff in xend is getting in the > field etc. >Hmm.. I can only remember one or two people asking for vtpm stuff during past couple of years. So based on that I don''t think it''s actively used out there.. Or then it works very well and people don''t need to ask about it ;) -- Pasi
On Thu, 2012-11-15 at 15:16 +0000, Matthew Fioravante wrote:> THese are the remaining patches to add vtpm mini-os support to xen. > Documentation internal review is taking a bit longer so I will > send out a final patch with docs next week. > > Matthew Fioravante (10): > fix bug in lseek for mini-os > Update mini-os license to support GPL features > Remove old vtpm support from xm > Remove VTPM_TOOLS from config/Tools.mk.in > Remove old vtpm stuff from tools/libxen > Remove tools/vtpm* from MAINTAINERS fileI have acked and applied all of these, although please see my reply to "Remove old vtpm support from xm".> Regenerate configure script after removing vtpmI think this wasn''t necessary because you don''t change configure.ac here and I already refreshed configure after missing it after the update in the last batch. I reran autogen.sh and didn''t see any changes.> add vtpm-stubdom code > add stubdom/vtpmmgr code > vtpm/vtpmmgr and required libs to stubdom/MakefileApplied these.> > MAINTAINERS | 2 - > config/Tools.mk.in | 1 - > docs/man/xm.pod.1 | 11 - > extras/mini-os/COPYING | 13 + > extras/mini-os/lib/sys.c | 67 +- > stubdom/Makefile | 138 +++- > stubdom/polarssl.patch | 64 ++ > stubdom/tpmemu-0.7.4.patch | 12 + > stubdom/vtpm/Makefile | 37 + > stubdom/vtpm/minios.cfg | 14 + > stubdom/vtpm/vtpm.c | 404 +++++++++++ > stubdom/vtpm/vtpm.h | 36 + > stubdom/vtpm/vtpm_cmd.c | 256 +++++++ > stubdom/vtpm/vtpm_cmd.h | 31 + > stubdom/vtpm/vtpm_pcrs.c | 43 ++ > stubdom/vtpm/vtpm_pcrs.h | 53 ++ > stubdom/vtpm/vtpmblk.c | 307 +++++++++ > stubdom/vtpm/vtpmblk.h | 31 + > stubdom/vtpmmgr/Makefile | 32 + > stubdom/vtpmmgr/init.c | 553 +++++++++++++++ > stubdom/vtpmmgr/log.c | 151 +++++ > stubdom/vtpmmgr/log.h | 85 +++ > stubdom/vtpmmgr/marshal.h | 528 +++++++++++++++ > stubdom/vtpmmgr/minios.cfg | 14 + > stubdom/vtpmmgr/tcg.h | 707 +++++++++++++++++++ > stubdom/vtpmmgr/tpm.c | 938 ++++++++++++++++++++++++++ > stubdom/vtpmmgr/tpm.h | 218 ++++++ > stubdom/vtpmmgr/tpmrsa.c | 175 +++++ > stubdom/vtpmmgr/tpmrsa.h | 67 ++ > stubdom/vtpmmgr/uuid.h | 50 ++ > stubdom/vtpmmgr/vtpm_cmd_handler.c | 152 +++++ > stubdom/vtpmmgr/vtpm_manager.h | 64 ++ > stubdom/vtpmmgr/vtpm_storage.c | 783 +++++++++++++++++++++ > stubdom/vtpmmgr/vtpm_storage.h | 68 ++ > stubdom/vtpmmgr/vtpmmgr.c | 93 +++ > stubdom/vtpmmgr/vtpmmgr.h | 77 +++ > tools/configure | 603 ++++++++--------- > tools/libxen/include/xen/api/xen_all.h | 1 - > tools/libxen/include/xen/api/xen_vm.h | 9 - > tools/libxen/include/xen/api/xen_vtpm.h | 218 ------ > tools/libxen/include/xen/api/xen_vtpm_decl.h | 31 - > tools/libxen/src/xen_vm.c | 22 - > tools/libxen/src/xen_vtpm.c | 235 ------- > tools/python/README.XendConfig | 2 - > tools/python/README.sxpcfg | 4 - > tools/python/scripts/xapi.py | 20 - > tools/python/xen/xend/XendAPI.py | 128 ---- > tools/python/xen/xend/XendConfig.py | 19 +- > tools/python/xen/xend/XendConstants.py | 8 +- > tools/python/xen/xend/XendDevices.py | 4 +- > tools/python/xen/xend/XendDomainInfo.py | 29 - > tools/python/xen/xend/XendError.py | 1 - > tools/python/xen/xend/XendOptions.py | 4 - > tools/python/xen/xend/server/tpmif.py | 141 ---- > tools/python/xen/xend/tests/xend-config.sxp | 2 - > tools/python/xen/xm/create.dtd | 4 - > tools/python/xen/xm/create.py | 69 -- > tools/python/xen/xm/main.py | 37 - > tools/python/xen/xm/xenapi_create.py | 39 -- > 59 files changed, 6535 insertions(+), 1370 deletions(-) > create mode 100644 stubdom/polarssl.patch > create mode 100644 stubdom/tpmemu-0.7.4.patch > create mode 100644 stubdom/vtpm/Makefile > create mode 100644 stubdom/vtpm/minios.cfg > create mode 100644 stubdom/vtpm/vtpm.c > create mode 100644 stubdom/vtpm/vtpm.h > create mode 100644 stubdom/vtpm/vtpm_cmd.c > create mode 100644 stubdom/vtpm/vtpm_cmd.h > create mode 100644 stubdom/vtpm/vtpm_pcrs.c > create mode 100644 stubdom/vtpm/vtpm_pcrs.h > create mode 100644 stubdom/vtpm/vtpmblk.c > create mode 100644 stubdom/vtpm/vtpmblk.h > create mode 100644 stubdom/vtpmmgr/Makefile > create mode 100644 stubdom/vtpmmgr/init.c > create mode 100644 stubdom/vtpmmgr/log.c > create mode 100644 stubdom/vtpmmgr/log.h > create mode 100644 stubdom/vtpmmgr/marshal.h > create mode 100644 stubdom/vtpmmgr/minios.cfg > create mode 100644 stubdom/vtpmmgr/tcg.h > create mode 100644 stubdom/vtpmmgr/tpm.c > create mode 100644 stubdom/vtpmmgr/tpm.h > create mode 100644 stubdom/vtpmmgr/tpmrsa.c > create mode 100644 stubdom/vtpmmgr/tpmrsa.h > create mode 100644 stubdom/vtpmmgr/uuid.h > create mode 100644 stubdom/vtpmmgr/vtpm_cmd_handler.c > create mode 100644 stubdom/vtpmmgr/vtpm_manager.h > create mode 100644 stubdom/vtpmmgr/vtpm_storage.c > create mode 100644 stubdom/vtpmmgr/vtpm_storage.h > create mode 100644 stubdom/vtpmmgr/vtpmmgr.c > create mode 100644 stubdom/vtpmmgr/vtpmmgr.h > delete mode 100644 tools/libxen/include/xen/api/xen_vtpm.h > delete mode 100644 tools/libxen/include/xen/api/xen_vtpm_decl.h > delete mode 100644 tools/libxen/src/xen_vtpm.c > delete mode 100644 tools/python/xen/xend/server/tpmif.py >
Ian Campbell
2012-Nov-19 13:00 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
On Mon, 2012-11-19 at 12:49 +0000, Pasi Kärkkäinen wrote:> Hmm.. I can only remember one or two people asking for vtpm stuff during past couple of years. > So based on that I don't think it's actively used out there..Great, thanks!> Or then it works very well and people don't need to ask about it ;)Having looked at the code while reviewing Matthew's earlier patches I think we can be pretty confident this isn't the case! Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Matthew Fioravante
2012-Nov-19 13:50 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
Well I think you could keep the original removal patch and just not apply this one if you don''t want to mess with xm and xend. The original patch doesn''t touch xm or xend and just removes the vtpm and vtpm_manager code. The only reason I''m more inclined to remove all of the old vtpm stuff is because its going to be confusing for users grepping through the tree trying to figure out how to use vtpm. On 11/19/2012 07:27 AM, Ian Campbell wrote:> On Thu, 2012-11-15 at 15:17 +0000, Matthew Fioravante wrote: >> Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> >> --- >> docs/man/xm.pod.1 | 11 --- >> tools/python/README.XendConfig | 2 - >> tools/python/README.sxpcfg | 4 - >> tools/python/scripts/xapi.py | 20 ---- >> tools/python/xen/xend/XendAPI.py | 128 ------------------------ >> tools/python/xen/xend/XendConfig.py | 19 +--- >> tools/python/xen/xend/XendConstants.py | 8 +- >> tools/python/xen/xend/XendDevices.py | 4 +- >> tools/python/xen/xend/XendDomainInfo.py | 29 ------ >> tools/python/xen/xend/XendError.py | 1 - >> tools/python/xen/xend/XendOptions.py | 4 - >> tools/python/xen/xend/server/tpmif.py | 141 --------------------------- >> tools/python/xen/xend/tests/xend-config.sxp | 2 - >> tools/python/xen/xm/create.dtd | 4 - >> tools/python/xen/xm/create.py | 69 ------------- >> tools/python/xen/xm/main.py | 37 ------- >> tools/python/xen/xm/xenapi_create.py | 39 -------- >> 17 files changed, 4 insertions(+), 518 deletions(-) >> delete mode 100644 tools/python/xen/xend/server/tpmif.py > I know I guided you down this path in the first place but I''m starting > to wonder if removing the process model is/was the right thing to do for > xend. It''s one thing for xend to be deprecated and unmaintained, but > actively removing features is a bit more than that. > > Looking back at 26144:170d45f7a2eb I see in the commit message: > Remove the old vtpm process model. It doesn''t work very well and > is no longer supported. > > Also looking back in the previous mail threads I see: > The vtpm_manager code is full of bugs and actually needs a > complete rewrite. The amount of careless memory leaks and other > bugs I found when trying to use it were pretty astounding. The > first manager patch fixes most of the ones I could find to get > the manager to work properly. > > The managers current form in the xen tree is actually pretty > unusable. I don''t have time to rewrite the manager, but what I''m > offering here is at least a huge improvement over the old code. > > and also: > I don''t know if there is anyone who would want to still use > vtpms as > processes when the stub domains are now available. Security > research > people like the domain model because it guarantees a better > separation of components guaranteed by the hypervisor and > doesn''t have to trust the dom0 OS. > > Which suggests that the number of people using the process model stuff > with xend is likely to be indistinguishable from zero. Do you have any > idea if there is anyone actually using it? > > In any case it does seem like anyone who is using the vtpm with xend is > playing with fire since it is unmaintained and full of bugs, which isn''t > a good thing in a component which is supposed to be *increasing* > security. > > Daniel/Pasi, I''ve CCd you since I thought you might have some insights > into how much use the process model vtpm stuff in xend is getting in the > field etc. > > BTW I''m not suggesting that we (or you) maintain or even update the > process model stuff or xm/xend, just that we leave it as it was (i.e. in > a poor state + lagging behind the libxl based stubdom stuff) until xend > fully goes away. > > Anyhow, since we need to revert 26144:170d45f7a2eb if we decide to go > back on this decision I''m going to apply this anyway, what''s one more > revert ;-). Same applies to a bunch of the following patches which build > on this removal. > > Ian >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On 11/19/2012 07:56 AM, Ian Campbell wrote:> On Thu, 2012-11-15 at 15:16 +0000, Matthew Fioravante wrote: >> THese are the remaining patches to add vtpm mini-os support to xen. >> Documentation internal review is taking a bit longer so I will >> send out a final patch with docs next week. >> >> Matthew Fioravante (10): >> fix bug in lseek for mini-os >> Update mini-os license to support GPL features >> Remove old vtpm support from xm >> Remove VTPM_TOOLS from config/Tools.mk.in >> Remove old vtpm stuff from tools/libxen >> Remove tools/vtpm* from MAINTAINERS file > I have acked and applied all of these, although please see my reply to > "Remove old vtpm support from xm". > >> Regenerate configure script after removing vtpm > I think this wasn''t necessary because you don''t change configure.ac here > and I already refreshed configure after missing it after the update in > the last batch. I reran autogen.sh and didn''t see any changes.After I submitted this one I saw that you went ahead and ran autoconf yourself. So yes this patch is redundant.> >> add vtpm-stubdom code >> add stubdom/vtpmmgr code >> vtpm/vtpmmgr and required libs to stubdom/Makefile > Applied these.Great! :)> >> MAINTAINERS | 2 - >> config/Tools.mk.in | 1 - >> docs/man/xm.pod.1 | 11 - >> extras/mini-os/COPYING | 13 + >> extras/mini-os/lib/sys.c | 67 +- >> stubdom/Makefile | 138 +++- >> stubdom/polarssl.patch | 64 ++ >> stubdom/tpmemu-0.7.4.patch | 12 + >> stubdom/vtpm/Makefile | 37 + >> stubdom/vtpm/minios.cfg | 14 + >> stubdom/vtpm/vtpm.c | 404 +++++++++++ >> stubdom/vtpm/vtpm.h | 36 + >> stubdom/vtpm/vtpm_cmd.c | 256 +++++++ >> stubdom/vtpm/vtpm_cmd.h | 31 + >> stubdom/vtpm/vtpm_pcrs.c | 43 ++ >> stubdom/vtpm/vtpm_pcrs.h | 53 ++ >> stubdom/vtpm/vtpmblk.c | 307 +++++++++ >> stubdom/vtpm/vtpmblk.h | 31 + >> stubdom/vtpmmgr/Makefile | 32 + >> stubdom/vtpmmgr/init.c | 553 +++++++++++++++ >> stubdom/vtpmmgr/log.c | 151 +++++ >> stubdom/vtpmmgr/log.h | 85 +++ >> stubdom/vtpmmgr/marshal.h | 528 +++++++++++++++ >> stubdom/vtpmmgr/minios.cfg | 14 + >> stubdom/vtpmmgr/tcg.h | 707 +++++++++++++++++++ >> stubdom/vtpmmgr/tpm.c | 938 ++++++++++++++++++++++++++ >> stubdom/vtpmmgr/tpm.h | 218 ++++++ >> stubdom/vtpmmgr/tpmrsa.c | 175 +++++ >> stubdom/vtpmmgr/tpmrsa.h | 67 ++ >> stubdom/vtpmmgr/uuid.h | 50 ++ >> stubdom/vtpmmgr/vtpm_cmd_handler.c | 152 +++++ >> stubdom/vtpmmgr/vtpm_manager.h | 64 ++ >> stubdom/vtpmmgr/vtpm_storage.c | 783 +++++++++++++++++++++ >> stubdom/vtpmmgr/vtpm_storage.h | 68 ++ >> stubdom/vtpmmgr/vtpmmgr.c | 93 +++ >> stubdom/vtpmmgr/vtpmmgr.h | 77 +++ >> tools/configure | 603 ++++++++--------- >> tools/libxen/include/xen/api/xen_all.h | 1 - >> tools/libxen/include/xen/api/xen_vm.h | 9 - >> tools/libxen/include/xen/api/xen_vtpm.h | 218 ------ >> tools/libxen/include/xen/api/xen_vtpm_decl.h | 31 - >> tools/libxen/src/xen_vm.c | 22 - >> tools/libxen/src/xen_vtpm.c | 235 ------- >> tools/python/README.XendConfig | 2 - >> tools/python/README.sxpcfg | 4 - >> tools/python/scripts/xapi.py | 20 - >> tools/python/xen/xend/XendAPI.py | 128 ---- >> tools/python/xen/xend/XendConfig.py | 19 +- >> tools/python/xen/xend/XendConstants.py | 8 +- >> tools/python/xen/xend/XendDevices.py | 4 +- >> tools/python/xen/xend/XendDomainInfo.py | 29 - >> tools/python/xen/xend/XendError.py | 1 - >> tools/python/xen/xend/XendOptions.py | 4 - >> tools/python/xen/xend/server/tpmif.py | 141 ---- >> tools/python/xen/xend/tests/xend-config.sxp | 2 - >> tools/python/xen/xm/create.dtd | 4 - >> tools/python/xen/xm/create.py | 69 -- >> tools/python/xen/xm/main.py | 37 - >> tools/python/xen/xm/xenapi_create.py | 39 -- >> 59 files changed, 6535 insertions(+), 1370 deletions(-) >> create mode 100644 stubdom/polarssl.patch >> create mode 100644 stubdom/tpmemu-0.7.4.patch >> create mode 100644 stubdom/vtpm/Makefile >> create mode 100644 stubdom/vtpm/minios.cfg >> create mode 100644 stubdom/vtpm/vtpm.c >> create mode 100644 stubdom/vtpm/vtpm.h >> create mode 100644 stubdom/vtpm/vtpm_cmd.c >> create mode 100644 stubdom/vtpm/vtpm_cmd.h >> create mode 100644 stubdom/vtpm/vtpm_pcrs.c >> create mode 100644 stubdom/vtpm/vtpm_pcrs.h >> create mode 100644 stubdom/vtpm/vtpmblk.c >> create mode 100644 stubdom/vtpm/vtpmblk.h >> create mode 100644 stubdom/vtpmmgr/Makefile >> create mode 100644 stubdom/vtpmmgr/init.c >> create mode 100644 stubdom/vtpmmgr/log.c >> create mode 100644 stubdom/vtpmmgr/log.h >> create mode 100644 stubdom/vtpmmgr/marshal.h >> create mode 100644 stubdom/vtpmmgr/minios.cfg >> create mode 100644 stubdom/vtpmmgr/tcg.h >> create mode 100644 stubdom/vtpmmgr/tpm.c >> create mode 100644 stubdom/vtpmmgr/tpm.h >> create mode 100644 stubdom/vtpmmgr/tpmrsa.c >> create mode 100644 stubdom/vtpmmgr/tpmrsa.h >> create mode 100644 stubdom/vtpmmgr/uuid.h >> create mode 100644 stubdom/vtpmmgr/vtpm_cmd_handler.c >> create mode 100644 stubdom/vtpmmgr/vtpm_manager.h >> create mode 100644 stubdom/vtpmmgr/vtpm_storage.c >> create mode 100644 stubdom/vtpmmgr/vtpm_storage.h >> create mode 100644 stubdom/vtpmmgr/vtpmmgr.c >> create mode 100644 stubdom/vtpmmgr/vtpmmgr.h >> delete mode 100644 tools/libxen/include/xen/api/xen_vtpm.h >> delete mode 100644 tools/libxen/include/xen/api/xen_vtpm_decl.h >> delete mode 100644 tools/libxen/src/xen_vtpm.c >> delete mode 100644 tools/python/xen/xend/server/tpmif.py >> >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On Mon, 2012-11-19 at 12:56 +0000, Ian Campbell wrote:> > add vtpm-stubdom code > > add stubdom/vtpmmgr code > > vtpm/vtpmmgr and required libs to stubdom/Makefile > > Applied these.Looks like we''ve grown a dependency on cmake. I vaguely recall discussing before, can you remind me if this is a hard requirement on the end user system or not. So I''ve held off on these three for now, if we do need cmake then we need to get the test system in shape and also we could do with a patch to README to add this new requirement. Ian.
On 11/19/2012 08:54 AM, Ian Campbell wrote:> On Mon, 2012-11-19 at 12:56 +0000, Ian Campbell wrote: > >>> add vtpm-stubdom code >>> add stubdom/vtpmmgr code >>> vtpm/vtpmmgr and required libs to stubdom/Makefile >> Applied these. > Looks like we''ve grown a dependency on cmake. I vaguely recall > discussing before, can you remind me if this is a hard requirement on > the end user system or not.Unfortunately it is a hard requirement. Its used to pass the stubdom build flags to the tpm_emulator.> > So I''ve held off on these three for now, if we do need cmake then we > need to get the test system in shape and also we could do with a patch > to README to add this new requirement. > > Ian. >I''ll send a patch with this. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Another option also would be to remove vtpm-stubdom and vtpmmgrdom from the stubdom install target. This would make them optional components and then cmake becomes an optional dependency. On 11/19/2012 08:54 AM, Ian Campbell wrote:> On Mon, 2012-11-19 at 12:56 +0000, Ian Campbell wrote: > >>> add vtpm-stubdom code >>> add stubdom/vtpmmgr code >>> vtpm/vtpmmgr and required libs to stubdom/Makefile >> Applied these. > Looks like we''ve grown a dependency on cmake. I vaguely recall > discussing before, can you remind me if this is a hard requirement on > the end user system or not. > > So I''ve held off on these three for now, if we do need cmake then we > need to get the test system in shape and also we could do with a patch > to README to add this new requirement. > > Ian. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Ian Campbell
2012-Nov-19 14:39 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
On Mon, 2012-11-19 at 13:50 +0000, Matthew Fioravante wrote:> Well I think you could keep the original removal patch and just not > apply this one if you don''t want to mess with xm and xend.The original one was the one which effectively (indirectly) removed the xend feature though (unless somehow vtpm still works in xend after that?)> The original > patch doesn''t touch xm or xend and just removes the vtpm and > vtpm_manager code. The only reason I''m more inclined to remove all of > the old vtpm stuff is because its going to be confusing for users > grepping through the tree trying to figure out how to use vtpm.Yes, we should either do all or nothing. Ian.
On Mon, 2012-11-19 at 14:02 +0000, Matthew Fioravante wrote:> Another option also would be to remove vtpm-stubdom and vtpmmgrdom from > the stubdom install target. This would make them optional components and > then cmake becomes an optional dependency.If we were to do this then we''d probably want to add it as an option configure.ac and plumb it through etc. Wecould make it autodetect cmake and build if it can. Actually, even if we don''t do this then configure.ac needs to check for cmake as well as updating the README. From the other mail:> > Looks like we''ve grown a dependency on cmake. I vaguely recall > > discussing before, can you remind me if this is a hard requirement on > > the end user system or not. > Unfortunately it is a hard requirement. Its used to pass the stubdom > build flags to the tpm_emulator.This is this line: cd $@/build; cmake .. -DCMAKE_C_COMPILER=${CC} -DCMAKE_C_FLAGS="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" I took a look and the affect of doing this is not something we can encode in the tpm_emulator.patch Ian.
Matthew Fioravante
2012-Nov-19 15:06 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
On 11/19/2012 09:39 AM, Ian Campbell wrote:> On Mon, 2012-11-19 at 13:50 +0000, Matthew Fioravante wrote: >> Well I think you could keep the original removal patch and just not >> apply this one if you don''t want to mess with xm and xend. > The original one was the one which effectively (indirectly) removed the > xend feature though (unless somehow vtpm still works in xend after > that?)It doesn''t work in xend after the big removal patch because the files xen tries to read will no longer exist. The user can specify vtpm devices for xm but the results will be unpredictable. If the user uses xm on domains without vtpm everything works like before. The difference is that the xend and xm code have not been touched. This means we have much lower but non-zero chance that xend/xm was somehow broken by the removal. The last thing anyone here wants to do is solve bug reports on deprecated xend/xm because of a change to the code. That being said I''m pretty confident about my vtpm feature removals from xm and did some preliminary testing. Still, theres no way to be 100% sure.>> The original >> patch doesn''t touch xm or xend and just removes the vtpm and >> vtpm_manager code. The only reason I''m more inclined to remove all of >> the old vtpm stuff is because its going to be confusing for users >> grepping through the tree trying to figure out how to use vtpm. > Yes, we should either do all or nothing. > > Ian. > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On 11/19/2012 10:06 AM, Ian Campbell wrote:> On Mon, 2012-11-19 at 14:02 +0000, Matthew Fioravante wrote: >> Another option also would be to remove vtpm-stubdom and vtpmmgrdom from >> the stubdom install target. This would make them optional components and >> then cmake becomes an optional dependency. > If we were to do this then we''d probably want to add it as an option > configure.ac and plumb it through etc. Wecould make it autodetect cmake > and build if it can. > > Actually, even if we don''t do this then configure.ac needs to check for > cmake as well as updating the README.I was under the assumption that configure.ac was only for building tools, not stubdoms. Still an additional cmake check to configure.ac might not be a bad idea.> > From the other mail: >>> Looks like we''ve grown a dependency on cmake. I vaguely recall >>> discussing before, can you remind me if this is a hard requirement on >>> the end user system or not. >> Unfortunately it is a hard requirement. Its used to pass the stubdom >> build flags to the tpm_emulator. > This is this line: > cd $@/build; cmake .. -DCMAKE_C_COMPILER=${CC} -DCMAKE_C_FLAGS="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" > > I took a look and the affect of doing this is not something we can > encode in the tpm_emulator.patchEspecially considering that the TARGET_CPPFLAGS etc.. change whether or not you''re on 32 or 64 and also may change if someone changes the stubdom cross compiler setup.> > Ian. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Ian Campbell
2012-Nov-19 15:11 UTC
Re: [PATCH VTPM v3 03/10] Remove old vtpm support from xm
On Mon, 2012-11-19 at 15:06 +0000, Matthew Fioravante wrote:> On 11/19/2012 09:39 AM, Ian Campbell wrote: > > On Mon, 2012-11-19 at 13:50 +0000, Matthew Fioravante wrote: > >> Well I think you could keep the original removal patch and just not > >> apply this one if you don''t want to mess with xm and xend. > > The original one was the one which effectively (indirectly) removed the > > xend feature though (unless somehow vtpm still works in xend after > > that?) > It doesn''t work in xend after the big removal patch because the files > xen tries to read will no longer exist. The user can specify vtpm > devices for xm but the results will be unpredictable. If the user uses > xm on domains without vtpm everything works like before. > > The difference is that the xend and xm code have not been touched. This > means we have much lower but non-zero chance that xend/xm was somehow > broken by the removal. The last thing anyone here wants to do is solve > bug reports on deprecated xend/xm because of a change to the code. That > being said I''m pretty confident about my vtpm feature removals from xm > and did some preliminary testing. Still, theres no way to be 100% sure.My question in this thread is whether it is ok to remove the feature of using vtpm with xend in this release, not whether the risk of changing xend here is worth it etc. As I said a few posts back: being deprecated and unmaintained is different to actively removing features, which is what we effective did with the patch which removed the vtpm process model stuff. We want to be sure this is actually an ok thing to be doing -- i.e. are we pulling the rug out from under someone prematurely. Based on Pasi''s reply it seems like no one is using the tpm stuff with xend, so we are fine.> >> The original > >> patch doesn''t touch xm or xend and just removes the vtpm and > >> vtpm_manager code. The only reason I''m more inclined to remove all of > >> the old vtpm stuff is because its going to be confusing for users > >> grepping through the tree trying to figure out how to use vtpm. > > Yes, we should either do all or nothing. > > > > Ian. > > > > > >
On Mon, 2012-11-19 at 15:09 +0000, Matthew Fioravante wrote:> On 11/19/2012 10:06 AM, Ian Campbell wrote: > > On Mon, 2012-11-19 at 14:02 +0000, Matthew Fioravante wrote: > >> Another option also would be to remove vtpm-stubdom and vtpmmgrdom from > >> the stubdom install target. This would make them optional components and > >> then cmake becomes an optional dependency. > > If we were to do this then we''d probably want to add it as an option > > configure.ac and plumb it through etc. Wecould make it autodetect cmake > > and build if it can. > > > > Actually, even if we don''t do this then configure.ac needs to check for > > cmake as well as updating the README. > I was under the assumption that configure.ac was only for building > tools, not stubdoms.Yes, that''s true.> Still an additional cmake check to configure.ac > might not be a bad idea.Another option would be to add stubdom/configure.ac I suppose. We were considering something like that for the docs subtree for example.> > From the other mail: > >>> Looks like we''ve grown a dependency on cmake. I vaguely recall > >>> discussing before, can you remind me if this is a hard requirement on > >>> the end user system or not. > >> Unfortunately it is a hard requirement. Its used to pass the stubdom > >> build flags to the tpm_emulator. > > This is this line: > > cd $@/build; cmake .. -DCMAKE_C_COMPILER=${CC} -DCMAKE_C_FLAGS="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" > > > > I took a look and the affect of doing this is not something we can > > encode in the tpm_emulator.patch > Especially considering that the TARGET_CPPFLAGS etc.. change whether or > not you''re on 32 or 64 and also may change if someone changes the > stubdom cross compiler setup.I half expected that ${CC} and $(TARGET_...) would end up unexpanded in the output, but no. Ian.
On 11/19/2012 10:12 AM, Ian Campbell wrote:> On Mon, 2012-11-19 at 15:09 +0000, Matthew Fioravante wrote: >> On 11/19/2012 10:06 AM, Ian Campbell wrote: >>> On Mon, 2012-11-19 at 14:02 +0000, Matthew Fioravante wrote: >>>> Another option also would be to remove vtpm-stubdom and vtpmmgrdom from >>>> the stubdom install target. This would make them optional components and >>>> then cmake becomes an optional dependency. >>> If we were to do this then we''d probably want to add it as an option >>> configure.ac and plumb it through etc. Wecould make it autodetect cmake >>> and build if it can. >>> >>> Actually, even if we don''t do this then configure.ac needs to check for >>> cmake as well as updating the README. >> I was under the assumption that configure.ac was only for building >> tools, not stubdoms. > Yes, that''s true. > >> Still an additional cmake check to configure.ac >> might not be a bad idea. > Another option would be to add stubdom/configure.ac I suppose. We were > considering something like that for the docs subtree for example.Why not a global configure.ac to setup everything instead of a bunch of separate ones spread out all over the place? You could for example do --enable-tools --enable-stubdom --enable-docs, etc.. to compile specific pieces and enable/disable their dependencies. Either way this is a rather large change to the build system and I think it''s digressing from the original topic. For now I''ll just document the cmake dependency unless anyone requests something stronger than that.> >>> From the other mail: >>>>> Looks like we''ve grown a dependency on cmake. I vaguely recall >>>>> discussing before, can you remind me if this is a hard requirement on >>>>> the end user system or not. >>>> Unfortunately it is a hard requirement. Its used to pass the stubdom >>>> build flags to the tpm_emulator. >>> This is this line: >>> cd $@/build; cmake .. -DCMAKE_C_COMPILER=${CC} -DCMAKE_C_FLAGS="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" >>> >>> I took a look and the affect of doing this is not something we can >>> encode in the tpm_emulator.patch >> Especially considering that the TARGET_CPPFLAGS etc.. change whether or >> not you''re on 32 or 64 and also may change if someone changes the >> stubdom cross compiler setup. > I half expected that ${CC} and $(TARGET_...) would end up unexpanded in > the output, but no. > > Ian. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On Mon, 2012-11-19 at 15:21 +0000, Matthew Fioravante wrote:> >> Still an additional cmake check to configure.ac > >> might not be a bad idea. > > Another option would be to add stubdom/configure.ac I suppose. We were > > considering something like that for the docs subtree for example. > Why not a global configure.ac to setup everything instead of a bunch of > separate ones spread out all over the place? You could for example do > --enable-tools --enable-stubdom --enable-docs, etc.. to compile specific > pieces and enable/disable their dependencies.Mainly to avoid needing configure for the hypervisor. Note that autoconf handles the concept of a sub-configure pretty well (I think) so you can have a top-level configure which simply calls down to the various stubdom, tools, docs configure by default. Ian.
Matthew Fioravante writes ("Re: [Xen-devel] [PATCH VTPM v3 00/10] Remaining
vtpm patches"):> On 11/19/2012 08:54 AM, Ian Campbell wrote:
> > Looks like we''ve grown a dependency on cmake. I vaguely
recall
> > discussing before, can you remind me if this is a hard requirement on
> > the end user system or not.
>
> Unfortunately it is a hard requirement. Its used to pass the stubdom
> build flags to the tpm_emulator.
Is tpm built by default ?
Ian.
On 11/19/2012 11:17 AM, Ian Jackson wrote:> Matthew Fioravante writes ("Re: [Xen-devel] [PATCH VTPM v3 00/10] Remaining vtpm patches"): >> On 11/19/2012 08:54 AM, Ian Campbell wrote: >>> Looks like we''ve grown a dependency on cmake. I vaguely recall >>> discussing before, can you remind me if this is a hard requirement on >>> the end user system or not. >> Unfortunately it is a hard requirement. Its used to pass the stubdom >> build flags to the tpm_emulator. > Is tpm built by default ?Currently in my patches vtpm-stubdom and vtpmmgrdom are built by default when you do a make stubdom, so yes.> Ian._______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
On Mon, 2012-11-19 at 16:49 +0000, Matthew Fioravante wrote:> On 11/19/2012 11:17 AM, Ian Jackson wrote: > > Matthew Fioravante writes ("Re: [Xen-devel] [PATCH VTPM v3 00/10] Remaining vtpm patches"): > >> On 11/19/2012 08:54 AM, Ian Campbell wrote: > >>> Looks like we''ve grown a dependency on cmake. I vaguely recall > >>> discussing before, can you remind me if this is a hard requirement on > >>> the end user system or not. > >> Unfortunately it is a hard requirement. Its used to pass the stubdom > >> build flags to the tpm_emulator. > > Is tpm built by default ? > Currently in my patches vtpm-stubdom and vtpmmgrdom are built by default > when you do a make stubdom, so yes.It''s worth mentioning that in a different subthread we are considering changing that though. Ian.