swtpm: Search for all state files and use abstracted names in JSON

author Stefan Berger <stefanb@linux.ibm.com>

Sat, 25 Sep 2021 00:23:22 +0000 (20:23 -0400)

committer Stefan Berger <stefanb@us.ibm.com>

Sat, 25 Sep 2021 14:26:07 +0000 (10:26 -0400)
author Stefan Berger <stefanb@linux.ibm.com>
Sat, 25 Sep 2021 00:23:22 +0000 (20:23 -0400)
committer Stefan Berger <stefanb@us.ibm.com>
Sat, 25 Sep 2021 14:26:07 +0000 (10:26 -0400)
diff --git a/src/swtpm/swtpm_nvstore.c b/src/swtpm/swtpm_nvstore.c

index d0a9d44b643f1fbe10b9505920899b7275f0c8c7..a210c77aa8ee1c9b1ef2c1544e3bff148fb22646 100644 (file)
--- a/src/swtpm/swtpm_nvstore.c
+++ b/src/swtpm/swtpm_nvstore.c
@@ -1314,49 +1314,48 @@ cleanup:
  }
  
  /* Example JSON output:
- *  { "type": "swtpm", "states":
- *    [ { "name": "tpm2-00.permall" } ]
+ *  { "type": "swtpm",
+ *    "states": [ "permall", "volatilestate", "savestate" ]
   *  }
   */
  int SWTPM_NVRAM_PrintJson(void)
  {
      TPM_RESULT rc = 0;
-    int ret = 0, n;
-    uint32_t tpm_number = 0;
-    char filename[FILENAME_MAX];
-    char *state_str = NULL;
-    const char *backend_uri = NULL;
-
-    if (rc == 0)
-        rc = SWTPM_NVRAM_GetFilenameForName(filename, sizeof(filename),
-                                            tpm_number, TPM_PERMANENT_ALL_NAME,
-                                            false);
-    if (rc == 0)
-        rc = SWTPM_NVRAM_Init();
+    const char *backend_uri;
+    const char *states[] = {
+        TPM_PERMANENT_ALL_NAME,
+        TPM_VOLATILESTATE_NAME,
+        TPM_SAVESTATE_NAME,
+    };
+    char state_str[64] = "";
+    size_t i, n, o;
+    int ret = -1;
  
+    rc = SWTPM_NVRAM_Init();
      if (rc == 0) {
+        o = 0;
          backend_uri = tpmstate_get_backend_uri();
-        rc = g_nvram_backend_ops->check_state(backend_uri, TPM_PERMANENT_ALL_NAME);
-        if (rc == TPM_SUCCESS) {
-            n = asprintf(&state_str, " { \"name\": \"%s\" } ", filename);
-            if (n < 0) {
-                logprintf(STDERR_FILENO, "Out of memory\n");
-                state_str = NULL;
-                ret = -1;
-                goto cleanup;
+
+        for (i = 0; i < ARRAY_LEN(states); i++) {
+            rc = g_nvram_backend_ops->check_state(backend_uri, states[i]);
+            if (rc == TPM_SUCCESS) {
+                n = snprintf(&state_str[o], sizeof(state_str) - o,
+                             "%s \"%s\"",
+                             (o > 0) ? "," : "",
+                             states[i]);
+                if (n >= sizeof(state_str) - o)
+                    goto exit;
+                o += n;
+            } else if (rc != TPM_RETRY) {
+                /* Error other than ENOENT */
+                goto exit;
              }
-        } else if (rc != TPM_RETRY) {
-            /* Error other than ENOENT */
-            ret = -1;
-            goto cleanup;
          }
+        printf("{ \"type\": \"swtpm\", \"states\": [%s%s] }",
+               state_str,  (o > 0) ? " ": "");
+        ret = 0;
+    }
  
-        printf("{ \"type\": \"swtpm\", \"states\": [%s] }", state_str ? state_str : "");
-    } else
-        ret = -1;
-
-cleanup:
-    free(state_str);
-
+exit:
      return ret;
  }
diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c

index 287d57291698132b2a70577da21351e11d0010da..74cf694cea46a1e715b83fa5afdbc0eaef9d992a 100644 (file)
--- a/src/swtpm_setup/swtpm_setup.c
+++ b/src/swtpm_setup/swtpm_setup.c
@@ -29,6 +29,8 @@
  #include <glib-object.h>
  #include <json-glib/json-glib.h>
  
+#include <libtpms/tpm_nvfilename.h>
+
  #include "swtpm.h"
  #include "swtpm_setup_conf.h"
  #include "swtpm_setup_utils.h"
@@ -696,7 +698,6 @@ error:
  static int check_state_overwrite(gchar **swtpm_prg_l, unsigned int flags,
                                   const char *tpm_state_path)
  {
-    const char *statefile;
      gboolean success;
      g_autofree gchar *standard_output = NULL;
      int exit_status = 0;
@@ -712,11 +713,8 @@ static int check_state_overwrite(gchar **swtpm_prg_l, unsigned int flags,
                                  NULL
                              }, NULL, FALSE);
  
-    if (flags & SETUP_TPM2_F) {
-        statefile = "tpm2-00.permall";
+    if (flags & SETUP_TPM2_F)
          my_argv = concat_arrays(my_argv, (gchar*[]) { "--tpm2", NULL }, TRUE);
-    } else
-        statefile = "tpm-00.permall";
  
      argv = concat_arrays(swtpm_prg_l, my_argv, FALSE);
      success = g_spawn_sync(NULL, argv, NULL, G_SPAWN_STDERR_TO_DEV_NULL, NULL, NULL,
@@ -732,7 +730,7 @@ static int check_state_overwrite(gchar **swtpm_prg_l, unsigned int flags,
          return 1;
      }
  
-    if (g_strstr_len(standard_output, -1, statefile) != NULL) {
+    if (g_strstr_len(standard_output, -1, TPM_PERMANENT_ALL_NAME) != NULL) {
          /* State file exists */
          if (flags & SETUP_STATE_NOT_OVERWRITE_F) {
              logit(gl_LOGFILE, "Not overwriting existing state file.\n");
@@ -740,7 +738,7 @@ static int check_state_overwrite(gchar **swtpm_prg_l, unsigned int flags,
          }
          if (flags & SETUP_STATE_OVERWRITE_F)
              return 0;
-        logerr(gl_LOGFILE, "Found existing TPM state file %s.\n", statefile);
+        logerr(gl_LOGFILE, "Found existing TPM state '%s'.\n", TPM_PERMANENT_ALL_NAME);
          return 1;
      }
  
diff --git a/tests/_test_print_states b/tests/_test_print_states

index e50eecfb04ac72447e0f5b8844014090f6645d01..cfaa95e512e07fa439f757762f0e4484d323937d 100755 (executable)
--- a/tests/_test_print_states
+++ b/tests/_test_print_states
@@ -56,7 +56,7 @@ if [ $? -ne 0 ]; then
         exit 1
  fi
  
-exp='\{ "type": "swtpm", "states": \[ \{ "name": "tpm-00.permall" \} \] \}'
+exp='\{ "type": "swtpm", "states": \[ "permall" \] \}'
  if ! [[ ${msg} =~ ${exp} ]]; then
         echo "Unexpected response from ${SWTPM_IFACE} TPM to --print-states:"
         echo "Actual   : ${msg}"
diff --git a/tests/_test_tpm2_print_states b/tests/_test_tpm2_print_states

index 73372a34db93684f807894e3d00f33ef5d35ff72..6e4445483bb243b4e6ca38a07ee04ed2c5835372 100755 (executable)
--- a/tests/_test_tpm2_print_states
+++ b/tests/_test_tpm2_print_states
@@ -56,7 +56,7 @@ if [ $? -ne 0 ]; then
         exit 1
  fi
  
-exp='\{ "type": "swtpm", "states": \[ \{ "name": "tpm2-00.permall" \} \] \}'
+exp='\{ "type": "swtpm", "states": \[ "permall" \] \}'
  if ! [[ ${msg} =~ ${exp} ]]; then
         echo "Unexpected response from ${SWTPM_IFACE} TPM to --print-states:"
         echo "Actual   : ${msg}"
author	Stefan Berger <stefanb@linux.ibm.com>
	Sat, 25 Sep 2021 00:23:22 +0000 (20:23 -0400)
committer	Stefan Berger <stefanb@us.ibm.com>
	Sat, 25 Sep 2021 14:26:07 +0000 (10:26 -0400)
src/swtpm/swtpm_nvstore.c		patch \| blob \| blame \| history
src/swtpm_setup/swtpm_setup.c		patch \| blob \| blame \| history
tests/_test_print_states		patch \| blob \| blame \| history
tests/_test_tpm2_print_states		patch \| blob \| blame \| history