diff --git a/conf/plugins/tpm.opt b/conf/plugins/tpm.opt index 58f5d8b35..df7adb098 100644 --- a/conf/plugins/tpm.opt +++ b/conf/plugins/tpm.opt @@ -1,5 +1,12 @@ charon.plugins.tpm.use_rng = no Whether the TPM should be used as RNG. -charon.plugins.tpm.tcti.name = tabrmd - Name of TCTI library. Valid values: tabrmd, device, mssim. \ No newline at end of file +charon.plugins.tpm.tcti.name = device|tabrmd + Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_. + Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager + device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0 + access broker and resource manager to be available. + +charon.plugins.tpm.tcti.opts = /dev/tpmrm0| + Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the + TCTI library name is _device_ and no options otherwise. diff --git a/src/libtpmtss/tpm_tss_tss2_v2.c b/src/libtpmtss/tpm_tss_tss2_v2.c index 18164f08b..7cb0d48a9 100644 --- a/src/libtpmtss/tpm_tss_tss2_v2.c +++ b/src/libtpmtss/tpm_tss_tss2_v2.c @@ -23,7 +23,11 @@ #include #include + #include +#include +#include +#include #define LABEL "TPM 2.0 -" @@ -69,6 +73,8 @@ static void *tcti_handle; static TSS2_TCTI_INIT_FUNC tcti_init; +static char *tcti_opts; + /** * Empty AUTH_COMMAND */ @@ -268,7 +274,7 @@ static bool initialize_tcti_context(private_tpm_tss_tss2_t *this) } /* determine size of tcti context */ - rval = tcti_init(NULL, &tcti_context_size, ""); + rval = tcti_init(NULL, &tcti_context_size, tcti_opts); if (rval != TSS2_RC_SUCCESS) { DBG1(DBG_PTS, "%s tcti init setup failed: 0x%06x", LABEL, rval); @@ -280,13 +286,13 @@ static bool initialize_tcti_context(private_tpm_tss_tss2_t *this) memset(this->tcti_context, 0x00, tcti_context_size); /* initialize tcti context */ - rval = tcti_init(this->tcti_context, &tcti_context_size, ""); + rval = tcti_init(this->tcti_context, &tcti_context_size, tcti_opts); if (rval != TSS2_RC_SUCCESS) { DBG1(DBG_PTS, "%s tcti init allocation failed: 0x%06x", LABEL,rval); return FALSE; } - return TRUE; + return TRUE; } /** @@ -1089,14 +1095,24 @@ bool tpm_tss_tss2_init(void) const TSS2_TCTI_INFO *info; char tcti_lib_format[] = "libtss2-tcti-%s.so.0"; char tcti_lib[BUF_LEN]; - char *tcti_names[] = { "tabrmd", "device", "mssim" }; + char *tcti_names[] = { "device", "tabrmd", "mssim" }; + char *tcti_options[] = { "/dev/tpmrm0", "", "" }; char *tcti_name; bool match = FALSE; - int i; + struct stat st; + int i = 0; - /* select a dynamic TCTI library */ + /* check for the existence of an in-kernel TPM resource manager */ + if (stat(tcti_options[i], &st)) + { + i = 1; + } + DBG2(DBG_PTS, "%s \"%s\" in-kernel resource manager is %spresent", + LABEL, tcti_options[0], i ? "not " : ""); + + /* select a dynamic TCTI library (device, tabrmd or mssim) */ tcti_name = lib->settings->get_str(lib->settings, - "%s.plugins.tpm.tcti.name", tcti_names[0], lib->ns); + "%s.plugins.tpm.tcti.name", tcti_names[i], lib->ns); snprintf(tcti_lib, BUF_LEN, tcti_lib_format, tcti_name); for (i = 0; i < countof(tcti_names); i++) @@ -1104,6 +1120,7 @@ bool tpm_tss_tss2_init(void) if (streq(tcti_name, tcti_names[i])) { match = TRUE; + break; } } if (!match) @@ -1113,6 +1130,9 @@ bool tpm_tss_tss2_init(void) return FALSE; } + tcti_opts = lib->settings->get_str(lib->settings, + "%s.plugins.tpm.tcti.opts", tcti_options[i], lib->ns); + /* open the selected dynamic TCTI library */ tcti_handle = dlopen(tcti_lib, RTLD_LAZY); if (!tcti_handle) @@ -1143,7 +1163,9 @@ bool tpm_tss_tss2_init(void) void tpm_tss_tss2_deinit(void) { dlclose(tcti_handle); - tcti_handle = tcti_init = NULL; + tcti_handle = NULL; + tcti_init = NULL; + tcti_opts = NULL; } #else /* TSS_TSS2_V2 */