Stefan Berger [Wed, 7 Feb 2018 01:57:28 +0000 (20:57 -0500)]
sample: propagate and log error if swtpm_cert is missing
If the swtpm_cert was missing, nothing was reported in the error log. Change
this and report it in the error log rather than writing the error in the
certificate file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sun, 22 Apr 2018 01:49:03 +0000 (21:49 -0400)]
swtpm_ioctl: implement --info option to get implementation info
Implement the --info option that takes a flag as an argument
and returns information about the TPM implementation. Only the
value '1' has been defined for now, which returns a line as
the following:
Stefan Berger [Tue, 17 Apr 2018 12:58:04 +0000 (08:58 -0400)]
swtpm_cert: Error out if the Authority Key Id could not be gotten
Since the EK cert must have an Authority Key Id, we error out if
the signing certificate we are given does not have an Authority
Key Id. The typical reason why it wouldn't have it is that we are
using a self-signed (rootCA) certificate directly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 17 Apr 2018 12:52:26 +0000 (08:52 -0400)]
samples: Create a root CA that signs the cert used for creating TPM certs
We are currently missing the Authority Key Id in the certificate used for
creating the EK cert. To get this, we create a root CA for our local CA
and use that root CA to sign the local CA's certificate. Our local
CA is now an intermediate CA and the Authority Key Id can now be copied
into the EK cert.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 17 Apr 2018 14:02:14 +0000 (10:02 -0400)]
swtpm_setup: run exec in a subshell when suppressing errors
To not loose stderr we have to run the exec command in a subshell
and suppress the output of the subshell otherwise the exec command
seems to close stderr on us.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 12 Apr 2018 17:17:37 +0000 (13:17 -0400)]
swtpm_cert: Implement --add-header option for adding TPM 1.2 NVRAM header
TPM 1.2 certificates need a header when written to NVRAM. This patch
adds a --add-header option for this and prepends the header to.
Also see TCG PC Specific Inmplementation Specification section 7.4.4 and
7.4.5.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 9 Apr 2018 16:06:47 +0000 (12:06 -0400)]
selinux: replace swtpmcuse_svirt with swtpm_svirt
Replace the previously used swtpmcuse_svirt type of policy with
swtpm_svirt. This policy contains the minimum set of rules necessary
to start swtpm from within libvirt.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Stefan Berger [Thu, 5 Apr 2018 17:12:21 +0000 (13:12 -0400)]
swtpm: Also remove pidfile at end if fd was passed
Address the issue that the pidfile needs to be removed at the end if
a file descriptor was passed in. So we have to look up the file
given the file descriptor and by using /proc/self/fd/.
We also want to make sure that the given file descriptor describes
a regular file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Wed, 28 Mar 2018 02:00:17 +0000 (22:00 -0400)]
Register libtpms callbacks a lot earlier
Create tpmlib_register_callbacks and call it to register the
libtpms callbacks a lot earlier. Before it was done in tpmlib_start,
which was invoked by CMD_INIT, which was after state blobs could
have been set already.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 17 Feb 2018 19:11:55 +0000 (14:11 -0500)]
swtpm: Validate state blobs after setting them
Validate the state blobs after they have been set (during
state migration) so that we can fall back to the migration
source in case they are not accepted by the TPM.
This patch requires the latest version of libtpms 0.6
from the master branch.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 12 Feb 2018 15:10:31 +0000 (10:10 -0500)]
swtpm_setup: Strictly use passwords as specified by user
Use the passwords as specified by the user also when only temporarily
taking ownership. Use the zero password in case nothing has been
provided by the user. This is a first step to loosen the dependency
on expect, which pulls in too many dependencies.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 30 Jan 2018 14:07:42 +0000 (09:07 -0500)]
swtpm: loop in case poll sets errno EINTR
In case the poll() is interrupted by a signal handler and we
get EINTR, we loop again assuming that the signal handler will
send us a notification to end.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 30 Jan 2018 13:54:30 +0000 (08:54 -0500)]
swtpm: close client file descriptor if POLLERR is indicated
POLLERR is indicated in some error cases when using the chardev with the
vtpm_proxy with runc. In case the flag is set, we terminate the client
connection rather than endlessly looping.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 30 Jan 2018 13:51:27 +0000 (08:51 -0500)]
swtpm: Refuse to accept passed file descriptors < 3
File descriptors 0, 1, and 2, when used for file descriptor passing,
as is the case in some older version of runc/docker-ce (17.06), do
not work. So we refuse accepting these values and log the error message.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 21 Dec 2017 01:15:59 +0000 (20:15 -0500)]
swtpm_setup: Only pass through vmid parameter if it was set
Only pass through the vmid parameter to the tool creating the cert
if this parameter was set. The tool creating the cert may require
it or ignore it and is supposed to be able to track certificates
for which it minted certs using this parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 7 Dec 2017 22:50:14 +0000 (17:50 -0500)]
swtpm_ioctl: check for filename and input NULL pointers
Check whether filename and input pointers are NULL pointers.
Per previous code this is currently not possibly but should
resolve some issues with Coverity.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Tue, 14 Nov 2017 12:57:53 +0000 (07:57 -0500)]
tests: Extend encrypted state test to check for unmodified state
Extend the encrypted state test with a test case using a wrong key
for decrypting the state and make sure that the init fails and the
state files remain unmodified.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Thu, 9 Nov 2017 15:46:42 +0000 (10:46 -0500)]
swtpm_setup: Add options to overwrite or not overwrite TPM state
Add options --overwrite and --not-overwrite to allow or prevent
overwriting of existing TPM state. If neiter of the options is
given and existing state is found, an error is returned.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 4 Nov 2017 23:33:13 +0000 (19:33 -0400)]
swtpm: Implemented support for PTM_SET_BUFFERSIZE command
Implement a command for setting and querying the buffer size the
TPM implementation (libtpms) is using. The setting of the
buffersize allows to reduce the size of the buffer to a size
that the interface can support so that these two sizes match
and the TPM will not produce larger responses than what the
interface can support.
Extend swtpm_ioctl with an option to set the buffersize.
Adapt the existing tests to reflect the newly supported command.
Implement a new test for getting/setting of the buffer size.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 30 Oct 2017 15:49:21 +0000 (11:49 -0400)]
swtpm: fix segfault introduced in aa3999
Changeset aa3999 introduced a segfault when calling
ctrlchannel_set_client_fd() with a NULL pointer. Like all the other
functions, we return with -1 in this case.
Since the segfault occurred on process shutdown no problems were
noticeable through bad test results or so.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Sat, 14 Oct 2017 20:26:28 +0000 (16:26 -0400)]
swtpm: clean up server and ctrlchannel at the end
Introduce another parameter to ctrlchannel_new and server_new
to pass the Unix socket's path. Implement ctrlchannel_free and
server_free to clean up and remove the Unix socket's path.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Stefan Berger [Mon, 16 Oct 2017 17:11:40 +0000 (13:11 -0400)]
swtpm: Implement server_set_fd()
Implement server_set_fd() function to get the current file descriptor
and set a new one on the server structure.
Use this function to transfer the server file descriptor from the
server structure to the mainloop structure and have the main loop
close the file descriptor.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>