libtpmss: Configure TCTI device options
This commit is contained in:
parent
9a7a962348
commit
b9d6b3c3e2
|
@ -1,5 +1,12 @@
|
||||||
charon.plugins.tpm.use_rng = no
|
charon.plugins.tpm.use_rng = no
|
||||||
Whether the TPM should be used as RNG.
|
Whether the TPM should be used as RNG.
|
||||||
|
|
||||||
charon.plugins.tpm.tcti.name = tabrmd
|
charon.plugins.tpm.tcti.name = device|tabrmd
|
||||||
Name of TCTI library. Valid values: tabrmd, device, mssim.
|
Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_.
|
||||||
|
Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager
|
||||||
|
device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0
|
||||||
|
access broker and resource manager to be available.
|
||||||
|
|
||||||
|
charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none>
|
||||||
|
Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the
|
||||||
|
TCTI library name is _device_ and no options otherwise.
|
||||||
|
|
|
@ -23,7 +23,11 @@
|
||||||
#include <bio/bio_reader.h>
|
#include <bio/bio_reader.h>
|
||||||
|
|
||||||
#include <tss2/tss2_sys.h>
|
#include <tss2/tss2_sys.h>
|
||||||
|
|
||||||
#include <dlfcn.h>
|
#include <dlfcn.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
#define LABEL "TPM 2.0 -"
|
#define LABEL "TPM 2.0 -"
|
||||||
|
|
||||||
|
@ -69,6 +73,8 @@ static void *tcti_handle;
|
||||||
|
|
||||||
static TSS2_TCTI_INIT_FUNC tcti_init;
|
static TSS2_TCTI_INIT_FUNC tcti_init;
|
||||||
|
|
||||||
|
static char *tcti_opts;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Empty AUTH_COMMAND
|
* Empty AUTH_COMMAND
|
||||||
*/
|
*/
|
||||||
|
@ -268,7 +274,7 @@ static bool initialize_tcti_context(private_tpm_tss_tss2_t *this)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* determine size of tcti context */
|
/* determine size of tcti context */
|
||||||
rval = tcti_init(NULL, &tcti_context_size, "");
|
rval = tcti_init(NULL, &tcti_context_size, tcti_opts);
|
||||||
if (rval != TSS2_RC_SUCCESS)
|
if (rval != TSS2_RC_SUCCESS)
|
||||||
{
|
{
|
||||||
DBG1(DBG_PTS, "%s tcti init setup failed: 0x%06x", LABEL, rval);
|
DBG1(DBG_PTS, "%s tcti init setup failed: 0x%06x", LABEL, rval);
|
||||||
|
@ -280,13 +286,13 @@ static bool initialize_tcti_context(private_tpm_tss_tss2_t *this)
|
||||||
memset(this->tcti_context, 0x00, tcti_context_size);
|
memset(this->tcti_context, 0x00, tcti_context_size);
|
||||||
|
|
||||||
/* initialize tcti context */
|
/* initialize tcti context */
|
||||||
rval = tcti_init(this->tcti_context, &tcti_context_size, "");
|
rval = tcti_init(this->tcti_context, &tcti_context_size, tcti_opts);
|
||||||
if (rval != TSS2_RC_SUCCESS)
|
if (rval != TSS2_RC_SUCCESS)
|
||||||
{
|
{
|
||||||
DBG1(DBG_PTS, "%s tcti init allocation failed: 0x%06x", LABEL,rval);
|
DBG1(DBG_PTS, "%s tcti init allocation failed: 0x%06x", LABEL,rval);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1089,14 +1095,24 @@ bool tpm_tss_tss2_init(void)
|
||||||
const TSS2_TCTI_INFO *info;
|
const TSS2_TCTI_INFO *info;
|
||||||
char tcti_lib_format[] = "libtss2-tcti-%s.so.0";
|
char tcti_lib_format[] = "libtss2-tcti-%s.so.0";
|
||||||
char tcti_lib[BUF_LEN];
|
char tcti_lib[BUF_LEN];
|
||||||
char *tcti_names[] = { "tabrmd", "device", "mssim" };
|
char *tcti_names[] = { "device", "tabrmd", "mssim" };
|
||||||
|
char *tcti_options[] = { "/dev/tpmrm0", "", "" };
|
||||||
char *tcti_name;
|
char *tcti_name;
|
||||||
bool match = FALSE;
|
bool match = FALSE;
|
||||||
int i;
|
struct stat st;
|
||||||
|
int i = 0;
|
||||||
|
|
||||||
/* select a dynamic TCTI library */
|
/* check for the existence of an in-kernel TPM resource manager */
|
||||||
|
if (stat(tcti_options[i], &st))
|
||||||
|
{
|
||||||
|
i = 1;
|
||||||
|
}
|
||||||
|
DBG2(DBG_PTS, "%s \"%s\" in-kernel resource manager is %spresent",
|
||||||
|
LABEL, tcti_options[0], i ? "not " : "");
|
||||||
|
|
||||||
|
/* select a dynamic TCTI library (device, tabrmd or mssim) */
|
||||||
tcti_name = lib->settings->get_str(lib->settings,
|
tcti_name = lib->settings->get_str(lib->settings,
|
||||||
"%s.plugins.tpm.tcti.name", tcti_names[0], lib->ns);
|
"%s.plugins.tpm.tcti.name", tcti_names[i], lib->ns);
|
||||||
snprintf(tcti_lib, BUF_LEN, tcti_lib_format, tcti_name);
|
snprintf(tcti_lib, BUF_LEN, tcti_lib_format, tcti_name);
|
||||||
|
|
||||||
for (i = 0; i < countof(tcti_names); i++)
|
for (i = 0; i < countof(tcti_names); i++)
|
||||||
|
@ -1104,6 +1120,7 @@ bool tpm_tss_tss2_init(void)
|
||||||
if (streq(tcti_name, tcti_names[i]))
|
if (streq(tcti_name, tcti_names[i]))
|
||||||
{
|
{
|
||||||
match = TRUE;
|
match = TRUE;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!match)
|
if (!match)
|
||||||
|
@ -1113,6 +1130,9 @@ bool tpm_tss_tss2_init(void)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tcti_opts = lib->settings->get_str(lib->settings,
|
||||||
|
"%s.plugins.tpm.tcti.opts", tcti_options[i], lib->ns);
|
||||||
|
|
||||||
/* open the selected dynamic TCTI library */
|
/* open the selected dynamic TCTI library */
|
||||||
tcti_handle = dlopen(tcti_lib, RTLD_LAZY);
|
tcti_handle = dlopen(tcti_lib, RTLD_LAZY);
|
||||||
if (!tcti_handle)
|
if (!tcti_handle)
|
||||||
|
@ -1143,7 +1163,9 @@ bool tpm_tss_tss2_init(void)
|
||||||
void tpm_tss_tss2_deinit(void)
|
void tpm_tss_tss2_deinit(void)
|
||||||
{
|
{
|
||||||
dlclose(tcti_handle);
|
dlclose(tcti_handle);
|
||||||
tcti_handle = tcti_init = NULL;
|
tcti_handle = NULL;
|
||||||
|
tcti_init = NULL;
|
||||||
|
tcti_opts = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#else /* TSS_TSS2_V2 */
|
#else /* TSS_TSS2_V2 */
|
||||||
|
|
Loading…
Reference in New Issue