Merge branch 'master' of https://github.com/tpm2-software/tpm2-tss

tpm2-software · Dec 21, 2023 · aa5d2ae · aa5d2ae
2 parents 421be32 + 166a553
commit aa5d2ae
Show file tree

Hide file tree

Showing 73 changed files with 3,892 additions and 1,420 deletions.
diff --git a/Makefile-fuzz.am b/Makefile-fuzz.am
@@ -30,8 +30,7 @@ test_fuzz_libfuzz_utils_la_LDFLAGS = $(TESTS_LDFLAGS)
 test_fuzz_libfuzz_utils_la_LIBADD = $(TESTS_LIBADD)
 test_fuzz_libfuzz_utils_la_CFLAGS = $(AM_CFLAGS) $(FUZZ_CFLAGS)
 test_fuzz_libfuzz_utils_la_SOURCES = \
-    test/integration/sys-context-util.c \
-    test/integration/sys-test-options.c
+    test/integration/test-common.c test/integration/test-common.h
 
 TESTS_LDADD += $(libtss2_utils_fuzzing)
 FUZZLDADD = $(TESTS_LDADD) $(TESTS_LDFLAGS) $(FUZZ_LDFLAGS)

diff --git a/Makefile-test.am b/Makefile-test.am
@@ -15,8 +15,8 @@ check_LTLIBRARIES =
 TEST_EXTENSIONS = .int .fint
 INT_LOG_COMPILER = $(srcdir)/script/int-log-compiler.sh
 FINT_LOG_COMPILER = $(srcdir)/script/fint-log-compiler.sh
-INT_LOG_FLAGS = $(INTEGRATION_TCTI) $(INTEGRATION_ARGS)
-FINT_LOG_FLAGS = $(INTEGRATION_TCTI) $(INTEGRATION_ARGS)
+INT_LOG_FLAGS = $(INTEGRATION_TCTI)
+FINT_LOG_FLAGS = $(INTEGRATION_TCTI)
 EXTRA_DIST += $(srcdir)/script/int-log-compiler.sh \
               $(srcdir)/script/fint-log-compiler.sh \
               $(srcdir)/script/int-log-compiler-common.sh \
@@ -92,7 +92,8 @@ FAPI_TEST_BINS = \
     test/data/fapi/eventlog/sml-ima-sig-sha256-invalidated.bin \
     test/data/fapi/eventlog/event-uefivar.bin \
     test/data/fapi/eventlog/specid-vendordata.bin \
-    test/data/fapi/eventlog/sml-ima-ng-sha1.bin
+    test/data/fapi/eventlog/sml-ima-ng-sha1.bin \
+    test/data/fapi/eventlog/binary_measurements_hcrtm.bin
 
 CLEANFILES += $(FAPI_TEST_BINS)
 endif #FAPI
@@ -158,6 +159,9 @@ endif
 if ENABLE_TCTI_SPI_LTT2GO
 TESTS_UNIT += test/unit/tcti-spi-ltt2go
 endif
+if ENABLE_TCTI_SPIDEV
+TESTS_UNIT += test/unit/tcti-spidev
+endif
 if ENABLE_TCTI_SPI_FTDI
 TESTS_UNIT += test/unit/tcti-spi-ftdi
 endif
@@ -570,6 +574,18 @@ test_unit_tcti_spi_ltt2go_SOURCES = test/unit/tcti-spi-ltt2go.c \
                                    src/tss2-tcti/tcti-spi-ltt2go.c
 endif
 
+if ENABLE_TCTI_SPIDEV
+test_unit_tcti_spidev_CFLAGS  = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS)
+test_unit_tcti_spidev_LDADD   = $(CMOCKA_LIBS) $(libtss2_tcti_spi_helper)
+test_unit_tcti_spidev_LDFLAGS = -Wl,--wrap=open \
+                                -Wl,--wrap=close \
+                                -Wl,--wrap=ioctl \
+                                -Wl,--wrap=select \
+                                -Wl,--wrap=gettimeofday
+test_unit_tcti_spidev_SOURCES = test/unit/tcti-spidev.c \
+                                src/tss2-tcti/tcti-spidev.c
+endif
+
 if ENABLE_TCTI_SPI_FTDI
 test_unit_tcti_spi_ftdi_CFLAGS  = $(CMOCKA_CFLAGS) $(TESTS_CFLAGS)
 test_unit_tcti_spi_ftdi_LDADD   = $(CMOCKA_LIBS) $(libtss2_tcti_spi_helper)
@@ -809,8 +825,6 @@ test_unit_esys_crypto_LDFLAGS = $(TESTS_LDFLAGS) $(TSS2_ESYS_LDFLAGS_CRYPTO)
 test_unit_esys_crypto_SOURCES = test/unit/esys-crypto.c \
                                 src/tss2-esys/esys_context.c \
                                 src/tss2-esys/esys_iutil.c \
-                                src/tss2-tcti/tctildr.c \
-                                src/tss2-tcti/tctildr-dl.c \
                                 src/tss2-esys/esys_crypto.c \
                                 $(TSS2_ESYS_SRC_CRYPTO)
 
@@ -1091,11 +1105,10 @@ test_tpmclient_tpmclient_int_SOURCES  = \
 
 test_integration_libtest_utils_la_CFLAGS = $(AM_CFLAGS) $(TESTS_CFLAGS)
 test_integration_libtest_utils_la_SOURCES = \
-    test/integration/sys-context-util.c test/integration/context-util.h \
     test/integration/sys-util.c    test/integration/sys-util.h \
     test/integration/sys-session-util.c test/integration/session-util.h \
-    test/integration/sys-test-options.c test/integration/test-options.h \
     test/integration/sys-entity-util.c test/integration/test.h \
+    test/integration/test-common.c test/integration/test-common.h \
     src/util/log.c
 
 test_integration_sys_asymmetric_encrypt_decrypt_int_CFLAGS  = $(AM_CFLAGS) $(TESTS_CFLAGS)

diff --git a/Makefile.am b/Makefile.am
@@ -450,6 +450,26 @@ endif # ENABLE_TCTI_SPI_LTT2GO
 EXTRA_DIST += lib/tss2-tcti-spi-ltt2go.map \
               lib/tss2-tcti-spi-ltt2go.def
 
+# tcti library for letstrust-tpm2go usb tpm
+if ENABLE_TCTI_SPIDEV
+libtss2_tcti_spidev = src/tss2-tcti/libtss2-tcti-spidev.la
+tss2_HEADERS += $(srcdir)/include/tss2/tss2_tcti_spidev.h
+lib_LTLIBRARIES += $(libtss2_tcti_spidev)
+pkgconfig_DATA += lib/tss2-tcti-spidev.pc
+
+src_tss2_tcti_libtss2_tcti_spidev_la_LDFLAGS  =
+
+if HAVE_LD_VERSION_SCRIPT
+src_tss2_tcti_libtss2_tcti_spidev_la_LDFLAGS  += -Wl,--version-script=$(srcdir)/lib/tss2-tcti-spidev.map
+endif # HAVE_LD_VERSION_SCRIPT
+src_tss2_tcti_libtss2_tcti_spidev_la_LIBADD   = $(libutil) $(libtss2_mu) $(libtss2_tcti_spi_helper)
+src_tss2_tcti_libtss2_tcti_spidev_la_SOURCES  = \
+    src/tss2-tcti/tcti-common.c \
+    src/tss2-tcti/tcti-spidev.c
+endif # ENABLE_TCTI_SPIDEV
+EXTRA_DIST += lib/tss2-tcti-spidev.map \
+              lib/tss2-tcti-spidev.def
+
 # tcti library for ftdi connected tpm
 if ENABLE_TCTI_SPI_FTDI
 libtss2_tcti_spi_ftdi = src/tss2-tcti/libtss2-tcti-spi-ftdi.la
@@ -766,7 +786,8 @@ EXTRA_DIST +=  \
     test/data/fapi/eventlog/sml-ima-ng-sha1-invalidated.b64 \
     test/data/fapi/eventlog/sml-ima-ng-sha1-invalidated.b64 \
     test/data/fapi/eventlog/sml-ima-sig-sha256-invalidated.b64 \
-    test/data/fapi/eventlog/sml-ima-sha1-invalidated.b64
+    test/data/fapi/eventlog/sml-ima-sha1-invalidated.b64 \
+    test/data/fapi/eventlog/binary_measurements_hcrtm.b64
 
 src_tss2_fapi_libtss2_fapi_la_LIBADD  = $(libtss2_sys) $(libtss2_mu) $(libtss2_esys) \
     $(libutil) $(libtss2_tctildr)
@@ -907,6 +928,7 @@ man7_MANS = \
     man/man7/tss2-tcti-swtpm.7 \
     man/man7/tss2-tcti-mssim.7 \
     man/man7/tss2-tcti-cmd.7 \
+    man/man7/tss2-tcti-spidev.7 \
     man/man7/tss2-tcti-spi-helper.7 \
     man/man7/tss2-tcti-spi-ltt2go.7 \
     man/man7/tss2-tcti-spi-ftdi.7 \
@@ -990,6 +1012,7 @@ EXTRA_DIST += \
     man/tss2-tcti-swtpm.7.in \
     man/tss2-tcti-mssim.7.in \
     man/tss2-tcti-cmd.7.in \
+    man/tss2-tcti-spidev.7.in \
     man/tss2-tcti-spi-helper.7.in \
     man/tss2-tcti-spi-ltt2go.7.in \
     man/tss2-tcti-spi-ftdi.7.in \

diff --git a/configure.ac b/configure.ac
@@ -15,7 +15,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) #Backward compatible setti
 
 AC_CONFIG_HEADERS([config.h])
 
-AC_CONFIG_FILES([Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-pcap.pc lib/tss2-tcti-libtpms.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc lib/tss2-policy.pc lib/tss2-tcti-spi-helper.pc lib/tss2-tcti-spi-ltt2go.pc lib/tss2-tcti-spi-ftdi.pc lib/tss2-tcti-i2c-helper.pc lib/tss2-tcti-i2c-ftdi.pc])
+AC_CONFIG_FILES([Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-pcap.pc lib/tss2-tcti-libtpms.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc lib/tss2-policy.pc lib/tss2-tcti-spi-helper.pc lib/tss2-tcti-spi-ltt2go.pc lib/tss2-tcti-spidev.pc lib/tss2-tcti-spi-ftdi.pc lib/tss2-tcti-i2c-helper.pc lib/tss2-tcti-i2c-ftdi.pc])
 
 # propagate configure arguments to distcheck
 AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args])
@@ -328,6 +328,18 @@ AM_CONDITIONAL([ENABLE_TCTI_SPI_LTT2GO], [test "x$enable_tcti_spi_ltt2go" != xno
 AS_IF([test "x$enable_tcti_spi_ltt2go" = "xyes"],
     AC_DEFINE([TCTI_SPI_LTT2GO],[1], [TCTI FOR USB BASED ACCESS TO LETSTRUST-TPM2GO]))
 
+AC_ARG_ENABLE([tcti-spidev],
+            [AS_HELP_STRING([--disable-tcti-spidev],
+                            [don't build the tcti-spidev module; Default: Auto])],,
+            [enable_tcti_spidev=auto])
+AS_IF([test "x$enable_tcti_spidev" = "xauto"],
+    AC_CHECK_HEADER(linux/ioctl.h,
+        [enable_tcti_spidev=yes],
+        [enable_tcti_spidev=no]))
+AM_CONDITIONAL([ENABLE_TCTI_SPIDEV], [test "x$enable_tcti_spidev" != xno])
+AS_IF([test "x$enable_tcti_spidev" = "xyes"],
+    AC_DEFINE([TCTI_SPIDEV],[1], [TCTI FOR SPIDEV BASED ACCESS TO TPM]))
+
 PKG_CHECK_MODULES([LIBFTDI],
                   [libftdi],
                   [AC_DEFINE(LIBFTDI_VERSION, [0], [libftdi version 0.x])]
@@ -474,11 +486,9 @@ AS_IF([test "x$enable_integration" = "xyes"],
 
        # choose tcti for testing and look for TPM simulator binary
        integration_tcti="none"
-       integration_args=""
        AS_IF([test "x$with_device_set" = xyes],
              [# use device if --with-device was passed
-              integration_tcti=device
-              integration_args="--device=$with_device"
+              integration_tcti=device:$with_device
               AC_MSG_WARN([Using physical TPM for integration testing])])
        AS_IF([test "x$integration_tcti" = "xnone" && test "x$enable_tcti_swtpm" != xyes && test "x$enable_tcti_mssim" != xyes],
              [AC_MSG_ERROR([No suitable TCTI for testing enabled. Please use option --enable-tcti-swtpm (recommended) or --enable-tcti-mssim (fallback) to enable a suitable TCTI or disable testing with --disable-integration.])])
@@ -499,7 +509,6 @@ AS_IF([test "x$enable_integration" = "xyes"],
        AS_IF([test "x$integration_tcti" = "xnone"],
              [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
        AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
-       AC_SUBST([INTEGRATION_ARGS], [$integration_args])
        AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
 AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
 #
@@ -724,6 +733,7 @@ AC_MSG_RESULT([
     sysmeasurements:    $sysmeasurements
     imameasurements:    $imameasurements
     tcti_spi_ltt2go      $enable_tcti_spi_ltt2go
+    tcti_spidev         $enable_tcti_spidev
     tcti_spi_ftdi       $enable_tcti_spi_ftdi
     tcti_i2c_ftdi       $enable_tcti_i2c_ftdi
 ])
diff --git a/dist/tmpfiles.d/tpm2-tss-fapi.conf.in b/dist/tmpfiles.d/tpm2-tss-fapi.conf.in
@@ -3,5 +3,5 @@ d       @localstatedir@/lib/tpm2-tss/system/keystore   2775 tss  tss   -
 a+      @localstatedir@/lib/tpm2-tss/system/keystore   -    -    -     -           default:group:tss:rwx
 d       @runstatedir@/tpm2-tss/eventlog                2775 tss  tss   -           -
 a+      @runstatedir@/tpm2-tss/eventlog                -    -    -     -           default:group:tss:rwx
-z	/sys/kernel/security/tpm[0-9]/binary_bios_measurements	0440  root tss	-	    -
-z	/sys/kernel/security/ima/binary_runtime_measurements	0440  root tss	-	    -
+z-	/sys/kernel/security/tpm[0-9]/binary_bios_measurements	0440  root tss	-	    -
+z-	/sys/kernel/security/ima/binary_runtime_measurements	0440  root tss	-	    -