3 SWTPM_EXE=${SWTPM_EXE:-${ROOT}/src/swtpm/${SWTPM}}
4 SWTPM_IOCTL=${SWTPM_IOCTL:-${ROOT}/src/swtpm_ioctl/swtpm_ioctl}
5 SWTPM_BIOS=${SWTPM_BIOS:-${ROOT}/src/swtpm_bios/swtpm_bios}
6 SWTPM_SETUP=${SWTPM_SETUP:-${ROOT}/src/swtpm_setup/swtpm_setup}
9 # Note: Do not use file descriptors above 127 due to OpenBSD.
11 # Kill a process quietly
19 bash -c "kill $sig $pid &>/dev/null"
23 # Wait for a regular file to appear and for it to have > 0 bytes
26 # @2: timeout in seconds
27 function wait_for_file()
32 local loops=$((timeout * 10)) loop
34 for ((loop=0; loop<loops; loop++)); do
35 [ -f "${filename}" ] && [ $(get_filesize ${filename}) != 0 ] && {
43 # Wait for a regular file to disappear
46 # @2: timeout in seconds
47 function wait_file_gone()
52 local loops=$((timeout * 10)) loop
54 for ((loop=0; loop<loops; loop++)); do
55 [ -f "${filename}" ] || return 1
61 # Wait for a process with given PID to be gone
64 # @2: timeout in seconds
65 function wait_process_gone()
70 local loops=$((timeout * 10)) loop
72 for ((loop=0; loop<loops; loop++)); do
73 kill_quiet -0 ${pid} || return 1
79 # Wait for a chardev to appear
82 # @2: timeout in seconds
83 function wait_for_chardev()
88 local loops=$((timeout * 10)) loop
90 for ((loop=0; loop<loops; loop++)); do
91 [ -c "${filename}" ] && return 1
97 # Wait for a chardev to disappear
100 # @2: timeout in seconds
101 function wait_chardev_gone()
106 local loops=$((timeout * 10)) loop
108 for ((loop=0; loop<loops; loop++)); do
109 [ -c "${filename}" ] || return 1
115 # Wait for a socket file to appear
118 # @2: timeout in seconds
119 function wait_for_socketfile()
124 local loops=$((timeout * 10)) loop
126 for ((loop=0; loop<loops; loop++)); do
127 [ -S "${filename}" ] && return 1
133 # Wait for a socket file to disappear
136 # @2: timeout in seconds
137 function wait_socketfile_gone()
142 local loops=$((timeout * 10)) loop
144 for ((loop=0; loop<loops; loop++)); do
145 [ -S "${filename}" ] || return 1
151 # Wait for a server socket to appear
155 # @3: timeout in seconds
156 function wait_for_serversocket()
162 local loops=$((timeout * 10)) loop
164 for ((loop=0; loop<loops; loop++)); do
165 (exec 127<>/dev/tcp/${host}/${port}) &>/dev/null
166 [ $? -eq 0 ] && return 1
172 # Wait for a server socket to disappear
176 # @3: timeout in seconds
177 function wait_serversocket_gone()
183 local loops=$((timeout * 10)) loop
185 for ((loop=0; loop<loops; loop++)); do
186 (exec 127<>/dev/tcp/${host}/${port}) &>/dev/null
187 [ $? -eq 0 ] || return 1
193 # Run the swtpm_ioctl command
195 # @param1: type of interface
196 function run_swtpm_ioctl()
198 local iface=$1; shift
202 [ -z "${SWTPM_DEV_NAME}" ] && {
203 echo "SWTPM_DEV_NAME not defined"
206 ${SWTPM_IOCTL} $@ ${SWTPM_DEV_NAME}
209 socket+socket|unix+socket)
210 [ -z "${SWTPM_SERVER_NAME}" ] && {
211 echo "SWTPM_SERVER_NAME not defined"
214 [ -z "${SWTPM_SERVER_PORT}" ] && {
215 echo "SWTPM_SERVER_PORT not defined"
219 --tcp ${SWTPM_SERVER_NAME}:${SWTPM_CTRL_PORT} \
223 socket+unix|unix+unix)
224 [ -z "${SWTPM_CTRL_UNIX_PATH}" ] && {
225 echo "SWTPM_CTRL_UNIX_PATH not defined"
229 --unix ${SWTPM_CTRL_UNIX_PATH} \
236 # Start the swtpm in the background
238 # @param1: type of interface
239 # @param2.. : parameters to pass to 'swtpm'
242 local iface=$1; shift
243 local swtpm_server_disconnect=""
245 echo "==== Starting swtpm with interfaces ${iface} ===="
246 if [ -z "${SWTPM_SERVER_NO_DISCONNECT}" ]; then
247 swtpm_server_disconnect=",disconnect"
252 [ -z "${SWTPM_DEV_NAME}" ] && {
253 echo "SWTPM_DEV_NAME not defined"
257 if wait_chardev_gone ${SWTPM_DEV_NAME} 2; then
258 echo "${SWTPM_DEV_NAME} is still there and may be used."
262 ${SWTPM_EXE} cuse $@ -n ${SWTPM_DEV_NAME##*/}
264 if [ $rc -ne 0 ]; then
265 echo "Could not run ${SWTPM_EXE} using ${iface}"
268 if wait_for_chardev ${SWTPM_DEV_NAME} 2; then
269 echo "$SWTPM_DEV_NAME did not appear"
275 grep -E " ${SWTPM_DEV_NAME##*/}\$" |
281 [ -z "${SWTPM_SERVER_PORT}" ] && {
282 echo "SWTPM_SERVER_PORT not defined"
285 [ -z "${SWTPM_CTRL_PORT}" ] && {
286 echo "SWTPM_CTRL_PORT not defined"
290 if wait_serversocket_gone "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
291 echo "Port ${SWTPM_SERVER_PORT} is still used"
294 if wait_serversocket_gone "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
295 echo "Port ${SWTPM_CTRL_PORT} is still used"
299 ${SWTPM_EXE} socket $@ \
300 --server type=tcp,port=${SWTPM_SERVER_PORT}${swtpm_server_disconnect} \
301 --ctrl type=tcp,port=${SWTPM_CTRL_PORT} &
303 if [ $rc -ne 0 ]; then
304 echo "Could not run ${SWTPM_EXE} using ${iface}"
308 if wait_for_serversocket "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
309 echo "Server did not open port ${SWTPM_SERVER_PORT}"
313 if wait_for_serversocket "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
314 echo "Server did not open port ${SWTPM_CTRL_PORT}"
321 [ -z "${SWTPM_SERVER_PORT}" ] && {
322 echo "SWTPM_SERVER_PORT not defined"
325 [ -z "${SWTPM_CTRL_UNIX_PATH}" ] && {
326 echo "SWTPM_CTRL_UNIX_PATH not defined"
330 if wait_serversocket_gone "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
331 echo "Port ${SWTPM_SERVER_PORT} is still used"
334 if wait_socketfile_gone "${SWTPM_CTRL_UNIX_PATH}" 2; then
335 echo "Unix socket ${SWTPM_CTRL_UNIX_PATH} is still there"
339 ${SWTPM_EXE} socket $@ \
340 --server type=tcp,port=${SWTPM_SERVER_PORT}${swtpm_server_disconnect} \
341 --ctrl type=unixio,path=${SWTPM_CTRL_UNIX_PATH} &
343 if [ $rc -ne 0 ]; then
344 echo "Could not run ${SWTPM_EXE} using ${iface}"
347 [ $rc -ne 0 ] && return $rc
349 if wait_for_serversocket "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
350 echo "Server did not open port ${SWTPM_SERVER_PORT}"
354 if wait_for_socketfile ${SWTPM_CTRL_UNIX_PATH} 1; then
355 echo "Server did not create UnixIO socket ${SWTPM_CTRL_UNIX_PATH}"
362 [ -z "${SWTPM_CMD_UNIX_PATH}" ] && {
363 echo "SWTPM_CMD_UNIX_PATH not defined"
366 [ -z "${SWTPM_CTRL_PORT}" ] && {
367 echo "SWTPM_CTRL_PORT not defined"
371 if wait_socketfile_gone "${SWTPM_CMD_UNIX_PATH}" 2; then
372 echo "Unix socket ${SWTPM_CMD_UNIX_PATH} is still there"
375 if wait_serversocket_gone "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
376 echo "Port ${SWTPM_CTRL_PORT} is still used"
380 ${SWTPM_EXE} socket $@ \
381 --server type=unixio,path=${SWTPM_CMD_UNIX_PATH} \
382 --ctrl type=tcp,port=${SWTPM_CTRL_PORT} &
384 if [ $rc -ne 0 ]; then
385 echo "Could not run ${SWTPM_EXE} using ${iface}"
389 if wait_for_socketfile ${SWTPM_CMD_UNIX_PATH} 2; then
390 echo "Server did not create UnixIO socket ${SWTPM_CMD_UNIX_PATH}"
394 if wait_for_serversocket "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
395 echo "Server did not open port ${SWTPM_CTRL_PORT}"
402 [ -z "${SWTPM_CMD_UNIX_PATH}" ] && {
403 echo "SWTPM_CMD_UNIX_PATH not defined"
406 [ -z "${SWTPM_CTRL_UNIX_PATH}" ] && {
407 echo "SWTPM_CTRL_UNIX_PATH not defined"
411 if wait_socketfile_gone "${SWTPM_CMD_UNIX_PATH}" 2; then
412 echo "Unix socket ${SWTPM_CMD_UNIX_PATH} is still there"
415 if wait_socketfile_gone "${SWTPM_CTRL_UNIX_PATH}" 2; then
416 echo "Unix socket ${SWTPM_CTRL_UNIX_PATH} is still there"
420 ${SWTPM_EXE} socket $@ \
421 --server type=unixio,path=${SWTPM_CMD_UNIX_PATH} \
422 --ctrl type=unixio,path=${SWTPM_CTRL_UNIX_PATH} &
424 if [ $rc -ne 0 ]; then
425 echo "Could not run ${SWTPM_EXE} using ${iface}"
429 if wait_for_socketfile ${SWTPM_CMD_UNIX_PATH} 2; then
430 echo "Server did not create UnixIO socket ${SWTPM_CMD_UNIX_PATH}"
434 if wait_for_socketfile ${SWTPM_CTRL_UNIX_PATH} 1; then
435 echo "Server did not create UnixIO socket ${SWTPM_CTRL_UNIX_PATH}"
444 # Open the command channel/device on fd 100
446 # @param1: type of interface
447 # @param2: must be '100'
448 function swtpm_open_cmddev()
450 local iface=$1; shift
452 [ "$1" != "100" ] && {
453 echo "swtpm_opendev: Filedescriptor must be 100"
459 [ -z "${SWTPM_DEV_NAME}" ] && {
460 echo "SWTPM_DEV_NAME not defined"
463 exec 100<>${SWTPM_DEV_NAME}
466 socket+socket|socket+unix)
467 [ -z "${SWTPM_SERVER_NAME}" ] && {
468 echo "SWTPM_SERVER_NAME not defined"
471 [ -z "${SWTPM_SERVER_PORT}" ] && {
472 echo "SWTPM_SERVER_PORT not defined"
475 # Must first close on OS/X
477 exec 100<>/dev/tcp/${SWTPM_SERVER_NAME}/${SWTPM_SERVER_PORT}
480 unix+socket|unix+unix)
483 echo "swtpm_opendev: unsupported interface $iface"
488 # Transmit a command on fd 100
490 # @param1: type of interface
491 function swtpm_cmd_tx()
494 local cmd_path resp_path
500 echo -en "$2" > ${cmd_path}
501 cat ${cmd_path} >&100
502 dd if=/proc/self/fd/100 2>/dev/null | \
508 socket+socket|socket+unix)
509 echo -en "$2" > ${cmd_path}
510 cat ${cmd_path} >&100
511 cat <&100 | od -t x1 -A n | \
516 unix+socket|unix+unix)
517 echo -en "$2" > ${cmd_path}
519 FILE:${cmd_path},rdonly \
520 UNIX-CLIENT:${SWTPM_CMD_UNIX_PATH} 2>&1 | \
525 echo "swtpm_opendev: unsupported interface $iface"
533 # Transmit a control command on fd 101
535 # @param1: type of interface
536 function swtpm_ctrl_tx()
539 local ctrl_path resp_path
542 socket+socket|unix+socket)
544 cat <&101 | od -t x1 -A n -w128
546 socket+unix|unix+unix)
548 echo -en "$2" > ${ctrl_path}
550 FILE:${ctrl_path},rdonly \
551 UNIX-CLIENT:${SWTPM_CTRL_UNIX_PATH} 2>&1 | \
557 echo "swtpm_opendev: unsupported interface $iface"
565 # @param1: type of interface
566 # @param2 ...: parameters to pass to swtpm_bios
567 function run_swtpm_bios()
575 [ -z "${SWTPM_DEV_NAME}" ] && {
576 echo "SWTPM_DEV_NAME not defined"
579 ${SWTPM_BIOS} --tpm-device ${SWTPM_DEV_NAME} $@
582 unix+unix|unix+socket)
583 [ -z "${SWTPM_CMD_UNIX_PATH}" ] && {
584 echo "SWTPM_CMD_UNIX_PATH not defined"
587 ${SWTPM_BIOS} --unix ${SWTPM_CMD_UNIX_PATH} $@
590 socket+unix|socket+socket)
591 [ -z "${SWTPM_SERVER_PORT}" ] && {
592 echo "SWTPM_SERVER_PORT not defined"
595 ${SWTPM_BIOS} --tcp ${SWTPM_SERVER_NAME}:${SWTPM_SERVER_PORT} $@
599 echo "run_swtpm_bios: unsupported interface $iface"
604 # Get the size of a file in bytes
607 function get_filesize()
609 if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then
617 # Get the file mode bits in octal format
620 function get_filemode()
622 if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then
630 # Get the file owner uid and gid
633 function get_fileowner()
635 if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then
643 # Get the SHA1 of a file
646 function get_sha1_file()
649 echo "[file $1 does not exist]"
652 case "$(uname -s)" in
654 sha1sum $1 | cut -f1 -d" "
657 shasum $1 | cut -f1 -d" "
661 sha1 $1 | cut -d "=" -f2 | tr -d " "
665 # Display process that have the same name
667 # @1: process name to match
668 function display_processes_by_name()
673 ps aux | grep "${name}" | grep -v grep
677 # Check whether seccomp support is compiled in
681 # Returns 0 if seccomp is supported, 1 otherwise
682 function has_seccomp_support()
686 local tmp=$(${swtpm_exe} socket --help | grep -E "\-\-seccomp")
688 [ -n "${tmp}" ] && return 0
692 # Check whether the given process runs with the given seccomp
693 # profile type IF the given swtpm executable has seccomp support
695 # @1: Path to swtpm executable from which process was started
697 # @3: The expected seccomp profile type
698 function check_seccomp_profile()
706 if ! has_seccomp_support "${swtpm_exe}"; then
710 tmp=$(grep -E "^Seccomp" /proc/${swtpm_pid}/status |
713 if [ "${tmp}" != ${profile} ]; then
714 echo "Process ${swtpm_pid} has wrong seccomp profile type"
715 echo "Expected: ${profile}"
716 echo "Actual : ${tmp}"