3 SWTPM_EXE=${SWTPM_EXE:-${ROOT}/src/swtpm/${SWTPM}}
4 SWTPM_IOCTL=${SWTPM_IOCTL:-${ROOT}/src/swtpm_ioctl/swtpm_ioctl}
5 SWTPM_BIOS=${SWTPM_BIOS:-${ROOT}/src/swtpm_bios/swtpm_bios}
8 # Note: Do not use file descriptors above 127 due to OpenBSD.
10 # Kill a process quietly
18 bash -c "kill $sig $pid &>/dev/null"
22 # Wait for a regular file to appear; give the process 0.2s to write
26 # @2: timeout in seconds
27 function wait_for_file()
32 local loops=$((timeout * 10)) loop
34 for ((loop=0; loop<loops; loop++)); do
35 [ -f "${filename}" ] && {
44 # Wait for a regular file to disappear
47 # @2: timeout in seconds
48 function wait_file_gone()
53 local loops=$((timeout * 10)) loop
55 for ((loop=0; loop<loops; loop++)); do
56 [ -f "${filename}" ] || return 1
62 # Wait for a process with given PID to be gone
65 # @2: timeout in seconds
66 function wait_process_gone()
71 local loops=$((timeout * 10)) loop
73 for ((loop=0; loop<loops; loop++)); do
74 kill_quiet -0 ${pid} || return 1
80 # Wait for a chardev to appear
83 # @2: timeout in seconds
84 function wait_for_chardev()
89 local loops=$((timeout * 10)) loop
91 for ((loop=0; loop<loops; loop++)); do
92 [ -c "${filename}" ] && return 1
98 # Wait for a chardev to disappear
101 # @2: timeout in seconds
102 function wait_chardev_gone()
107 local loops=$((timeout * 10)) loop
109 for ((loop=0; loop<loops; loop++)); do
110 [ -c "${filename}" ] || return 1
116 # Wait for a socket file to appear
119 # @2: timeout in seconds
120 function wait_for_socketfile()
125 local loops=$((timeout * 10)) loop
127 for ((loop=0; loop<loops; loop++)); do
128 [ -S "${filename}" ] && return 1
134 # Wait for a socket file to disappear
137 # @2: timeout in seconds
138 function wait_socketfile_gone()
143 local loops=$((timeout * 10)) loop
145 for ((loop=0; loop<loops; loop++)); do
146 [ -S "${filename}" ] || return 1
152 # Wait for a server socket to appear
156 # @3: timeout in seconds
157 function wait_for_serversocket()
163 local loops=$((timeout * 10)) loop
165 for ((loop=0; loop<loops; loop++)); do
166 (exec 127<>/dev/tcp/${host}/${port}) &>/dev/null
167 [ $? -eq 0 ] && return 1
173 # Wait for a server socket to disappear
177 # @3: timeout in seconds
178 function wait_serversocket_gone()
184 local loops=$((timeout * 10)) loop
186 for ((loop=0; loop<loops; loop++)); do
187 (exec 127<>/dev/tcp/${host}/${port}) &>/dev/null
188 [ $? -eq 0 ] || return 1
194 # Run the swtpm_ioctl command
196 # @param1: type of interface
197 function run_swtpm_ioctl()
199 local iface=$1; shift
203 [ -z "${SWTPM_DEV_NAME}" ] && {
204 echo "SWTPM_DEV_NAME not defined"
207 ${SWTPM_IOCTL} $@ ${SWTPM_DEV_NAME}
210 socket+socket|unix+socket)
211 [ -z "${SWTPM_SERVER_NAME}" ] && {
212 echo "SWTPM_SERVER_NAME not defined"
215 [ -z "${SWTPM_SERVER_PORT}" ] && {
216 echo "SWTPM_SERVER_PORT not defined"
220 --tcp ${SWTPM_SERVER_NAME}:${SWTPM_CTRL_PORT} \
224 socket+unix|unix+unix)
225 [ -z "${SWTPM_CTRL_UNIX_PATH}" ] && {
226 echo "SWTPM_CTRL_UNIX_PATH not defined"
230 --unix ${SWTPM_CTRL_UNIX_PATH} \
237 # Start the swtpm in the background
239 # @param1: type of interface
240 # @param2.. : parameters to pass to 'swtpm'
243 local iface=$1; shift
244 local swtpm_server_disconnect=""
246 echo "==== Starting swtpm with interfaces ${iface} ===="
247 if [ -z "${SWTPM_SERVER_NO_DISCONNECT}" ]; then
248 swtpm_server_disconnect=",disconnect"
253 [ -z "${SWTPM_DEV_NAME}" ] && {
254 echo "SWTPM_DEV_NAME not defined"
258 if wait_chardev_gone ${SWTPM_DEV_NAME} 2; then
259 echo "${SWTPM_DEV_NAME} is still there and may be used."
263 ${SWTPM_EXE} cuse $@ -n ${SWTPM_DEV_NAME##*/}
265 if [ $rc -ne 0 ]; then
266 echo "Could not run ${SWTPM_EXE} using ${iface}"
269 if wait_for_chardev ${SWTPM_DEV_NAME} 2; then
270 echo "$SWTPM_DEV_NAME did not appear"
276 grep -E " ${SWTPM_DEV_NAME##*/}\$" |
282 [ -z "${SWTPM_SERVER_PORT}" ] && {
283 echo "SWTPM_SERVER_PORT not defined"
286 [ -z "${SWTPM_CTRL_PORT}" ] && {
287 echo "SWTPM_CTRL_PORT not defined"
291 if wait_serversocket_gone "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
292 echo "Port ${SWTPM_SERVER_PORT} is still used"
295 if wait_serversocket_gone "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
296 echo "Port ${SWTPM_CTRL_PORT} is still used"
300 ${SWTPM_EXE} socket $@ \
301 --server type=tcp,port=${SWTPM_SERVER_PORT}${swtpm_server_disconnect} \
302 --ctrl type=tcp,port=${SWTPM_CTRL_PORT} &
304 if [ $rc -ne 0 ]; then
305 echo "Could not run ${SWTPM_EXE} using ${iface}"
309 if wait_for_serversocket "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
310 echo "Server did not open port ${SWTPM_SERVER_PORT}"
314 if wait_for_serversocket "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
315 echo "Server did not open port ${SWTPM_CTRL_PORT}"
322 [ -z "${SWTPM_SERVER_PORT}" ] && {
323 echo "SWTPM_SERVER_PORT not defined"
326 [ -z "${SWTPM_CTRL_UNIX_PATH}" ] && {
327 echo "SWTPM_CTRL_UNIX_PATH not defined"
331 if wait_serversocket_gone "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
332 echo "Port ${SWTPM_SERVER_PORT} is still used"
335 if wait_socketfile_gone "${SWTPM_CTRL_UNIX_PATH}" 2; then
336 echo "Unix socket ${SWTPM_CTRL_UNIX_PATH} is still there"
340 ${SWTPM_EXE} socket $@ \
341 --server type=tcp,port=${SWTPM_SERVER_PORT}${swtpm_server_disconnect} \
342 --ctrl type=unixio,path=${SWTPM_CTRL_UNIX_PATH} &
344 if [ $rc -ne 0 ]; then
345 echo "Could not run ${SWTPM_EXE} using ${iface}"
348 [ $rc -ne 0 ] && return $rc
350 if wait_for_serversocket "${SWTPM_SERVER_PORT}" 127.0.0.1 2; then
351 echo "Server did not open port ${SWTPM_SERVER_PORT}"
355 if wait_for_socketfile ${SWTPM_CTRL_UNIX_PATH} 1; then
356 echo "Server did not create UnixIO socket ${SWTPM_CTRL_UNIX_PATH}"
363 [ -z "${SWTPM_CMD_UNIX_PATH}" ] && {
364 echo "SWTPM_CMD_UNIX_PATH not defined"
367 [ -z "${SWTPM_CTRL_PORT}" ] && {
368 echo "SWTPM_CTRL_PORT not defined"
372 if wait_socketfile_gone "${SWTPM_CMD_UNIX_PATH}" 2; then
373 echo "Unix socket ${SWTPM_CMD_UNIX_PATH} is still there"
376 if wait_serversocket_gone "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
377 echo "Port ${SWTPM_CTRL_PORT} is still used"
381 ${SWTPM_EXE} socket $@ \
382 --server type=unixio,path=${SWTPM_CMD_UNIX_PATH} \
383 --ctrl type=tcp,port=${SWTPM_CTRL_PORT} &
385 if [ $rc -ne 0 ]; then
386 echo "Could not run ${SWTPM_EXE} using ${iface}"
390 if wait_for_socketfile ${SWTPM_CMD_UNIX_PATH} 2; then
391 echo "Server did not create UnixIO socket ${SWTPM_CMD_UNIX_PATH}"
395 if wait_for_serversocket "${SWTPM_CTRL_PORT}" 127.0.0.1 1; then
396 echo "Server did not open port ${SWTPM_CTRL_PORT}"
403 [ -z "${SWTPM_CMD_UNIX_PATH}" ] && {
404 echo "SWTPM_CMD_UNIX_PATH not defined"
407 [ -z "${SWTPM_CTRL_UNIX_PATH}" ] && {
408 echo "SWTPM_CTRL_UNIX_PATH not defined"
412 if wait_socketfile_gone "${SWTPM_CMD_UNIX_PATH}" 2; then
413 echo "Unix socket ${SWTPM_CMD_UNIX_PATH} is still there"
416 if wait_socketfile_gone "${SWTPM_CTRL_UNIX_PATH}" 2; then
417 echo "Unix socket ${SWTPM_CTRL_UNIX_PATH} is still there"
421 ${SWTPM_EXE} socket $@ \
422 --server type=unixio,path=${SWTPM_CMD_UNIX_PATH} \
423 --ctrl type=unixio,path=${SWTPM_CTRL_UNIX_PATH} &
425 if [ $rc -ne 0 ]; then
426 echo "Could not run ${SWTPM_EXE} using ${iface}"
430 if wait_for_socketfile ${SWTPM_CMD_UNIX_PATH} 2; then
431 echo "Server did not create UnixIO socket ${SWTPM_CMD_UNIX_PATH}"
435 if wait_for_socketfile ${SWTPM_CTRL_UNIX_PATH} 1; then
436 echo "Server did not create UnixIO socket ${SWTPM_CTRL_UNIX_PATH}"
445 # Open the command channel/device on fd 100
447 # @param1: type of interface
448 # @param2: must be '100'
449 function swtpm_open_cmddev()
451 local iface=$1; shift
453 [ "$1" != "100" ] && {
454 echo "swtpm_opendev: Filedescriptor must be 100"
460 [ -z "${SWTPM_DEV_NAME}" ] && {
461 echo "SWTPM_DEV_NAME not defined"
464 exec 100<>${SWTPM_DEV_NAME}
467 socket+socket|socket+unix)
468 [ -z "${SWTPM_SERVER_NAME}" ] && {
469 echo "SWTPM_SERVER_NAME not defined"
472 [ -z "${SWTPM_SERVER_PORT}" ] && {
473 echo "SWTPM_SERVER_PORT not defined"
476 # Must first close on OS/X
478 exec 100<>/dev/tcp/${SWTPM_SERVER_NAME}/${SWTPM_SERVER_PORT}
481 unix+socket|unix+unix)
484 echo "swtpm_opendev: unsupported interface $iface"
489 # Transmit a command on fd 100
491 # @param1: type of interface
492 function swtpm_cmd_tx()
495 local cmd_path resp_path
501 echo -en "$2" > ${cmd_path}
502 cat ${cmd_path} >&100
503 dd if=/proc/self/fd/100 2>/dev/null | \
509 socket+socket|socket+unix)
510 echo -en "$2" > ${cmd_path}
511 cat ${cmd_path} >&100
512 cat <&100 | od -t x1 -A n | \
517 unix+socket|unix+unix)
518 echo -en "$2" > ${cmd_path}
520 FILE:${cmd_path},rdonly \
521 UNIX-CLIENT:${SWTPM_CMD_UNIX_PATH} 2>&1 | \
526 echo "swtpm_opendev: unsupported interface $iface"
534 # Transmit a control command on fd 101
536 # @param1: type of interface
537 function swtpm_ctrl_tx()
540 local ctrl_path resp_path
543 socket+socket|unix+socket)
545 cat <&101 | od -t x1 -A n -w128
547 socket+unix|unix+unix)
549 echo -en "$2" > ${ctrl_path}
551 FILE:${ctrl_path},rdonly \
552 UNIX-CLIENT:${SWTPM_CTRL_UNIX_PATH} 2>&1 | \
558 echo "swtpm_opendev: unsupported interface $iface"
566 # @param1: type of interface
567 # @param2 ...: parameters to pass to swtpm_bios
568 function run_swtpm_bios()
576 [ -z "${SWTPM_DEV_NAME}" ] && {
577 echo "SWTPM_DEV_NAME not defined"
580 ${SWTPM_BIOS} --tpm-device ${SWTPM_DEV_NAME} $@
583 unix+unix|unix+socket)
584 [ -z "${SWTPM_CMD_UNIX_PATH}" ] && {
585 echo "SWTPM_CMD_UNIX_PATH not defined"
588 ${SWTPM_BIOS} --unix ${SWTPM_CMD_UNIX_PATH} $@
591 socket+unix|socket+socket)
592 [ -z "${SWTPM_SERVER_PORT}" ] && {
593 echo "SWTPM_SERVER_PORT not defined"
596 ${SWTPM_BIOS} --tcp ${SWTPM_SERVER_NAME}:${SWTPM_SERVER_PORT} $@
600 echo "run_swtpm_bios: unsupported interface $iface"
605 # Get the size of a file in bytes
608 function get_filesize()
610 if [[ "$(uname -s)" =~ (Linux|CYGWIN_NT-) ]]; then
618 # Get the SHA1 of a file
621 function get_sha1_file()
624 echo "[file $1 does not exist]"
627 case "$(uname -s)" in
629 sha1sum $1 | cut -f1 -d" "
632 shasum $1 | cut -f1 -d" "
636 sha1 $1 | cut -d "=" -f2 | tr -d " "
640 # Display process that have the same name
642 # @1: process name to match
643 function display_processes_by_name()
648 ps aux | grep "${name}" | grep -v grep
652 # Check whether seccomp support is compiled in
656 # Returns 0 if seccomp is supported, 1 otherwise
657 function has_seccomp_support()
661 local tmp=$(${swtpm_exe} socket --help | grep -E "\-\-seccomp")
663 [ -n "${tmp}" ] && return 0
667 # Check whether the given process runs with the given seccomp
668 # profile type IF the given swtpm executable has seccomp support
670 # @1: Path to swtpm executable from which process was started
672 # @3: The expected seccomp profile type
673 function check_seccomp_profile()
681 if ! has_seccomp_support "${swtpm_exe}"; then
685 tmp=$(grep -E "^Seccomp" /proc/${swtpm_pid}/status |
688 if [ "${tmp}" != ${profile} ]; then
689 echo "Process ${swtpm_pid} has wrong seccomp profile type"
690 echo "Expected: ${profile}"
691 echo "Actual : ${tmp}"