Message ID | 20210504124842.220445-5-jandryuk@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | vtpmmgr: Some fixes - still incomplete | expand |
Jason Andryuk, le mar. 04 mai 2021 08:48:37 -0400, a ecrit: > Bypass taking ownership of the TPM2 if an srk_handle is specified. > > This srk_handle must be usable with Null auth for the time being. > > Signed-off-by: Jason Andryuk <jandryuk@gmail.com> > --- > docs/man/xen-vtpmmgr.7.pod | 7 +++++++ > stubdom/vtpmmgr/init.c | 11 ++++++++++- > 2 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod > index 875dcce508..3286954568 100644 > --- a/docs/man/xen-vtpmmgr.7.pod > +++ b/docs/man/xen-vtpmmgr.7.pod > @@ -92,6 +92,13 @@ Valid arguments: > > =over 4 > > +=item srk_handle=<HANDLE> Is this actually srk_handle= or srk_handle: ? The code tests for the latter. The problem seems to "exist" also for owner_auth: and srk_auth: but both = and : work actually because strncmp is told not to check for = and : We'd better clean this up to avoid confusions. Samuel > + > +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and > +this allow specifying the parent handle for vtpmmgr to create its own > +key under. Using this option bypasses vtpmmgr trying to take ownership > +of the TPM. > + > =item owner_auth=<AUTHSPEC> > > =item srk_auth=<AUTHSPEC> > diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c > index 1506735051..c01d03e9f4 100644 > --- a/stubdom/vtpmmgr/init.c > +++ b/stubdom/vtpmmgr/init.c > @@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts) > goto err_invalid; > } > } > + else if(!strncmp(argv[i], "srk_handle:", 11)) { > + if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) { > + goto err_invalid; > + } > + } > else if(!strncmp(argv[i], "tpmdriver=", 10)) { > if(!strcmp(argv[i] + 10, "tpm_tis")) { > opts->tpmdriver = TPMDRV_TPM_TIS; > @@ -586,7 +591,11 @@ TPM_RESULT vtpmmgr2_create(void) > { > TPM_RESULT status = TPM_SUCCESS; > > - TPMTRYRETURN(tpm2_take_ownership()); > + if ( vtpm_globals.srk_handle == 0 ) { > + TPMTRYRETURN(tpm2_take_ownership()); > + } else { > + tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area); > + } > > /* create SK */ > TPM2_Create_Params_out out; > -- > 2.30.2 >
On Tue, May 4, 2021 at 9:13 AM Samuel Thibault <samuel.thibault@ens-lyon.org> wrote: > > Jason Andryuk, le mar. 04 mai 2021 08:48:37 -0400, a ecrit: > > Bypass taking ownership of the TPM2 if an srk_handle is specified. > > > > This srk_handle must be usable with Null auth for the time being. > > > > Signed-off-by: Jason Andryuk <jandryuk@gmail.com> > > --- > > docs/man/xen-vtpmmgr.7.pod | 7 +++++++ > > stubdom/vtpmmgr/init.c | 11 ++++++++++- > > 2 files changed, 17 insertions(+), 1 deletion(-) > > > > diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod > > index 875dcce508..3286954568 100644 > > --- a/docs/man/xen-vtpmmgr.7.pod > > +++ b/docs/man/xen-vtpmmgr.7.pod > > @@ -92,6 +92,13 @@ Valid arguments: > > > > =over 4 > > > > +=item srk_handle=<HANDLE> > > Is this actually srk_handle= or srk_handle: ? Whoops. It's srk_handle: . I just copy and pasted here. > The code tests for the latter. The problem seems to "exist" also for > owner_auth: and srk_auth: but both = and : work actually because strncmp > is told not to check for = and : owner_auth & srk_auth don't check :, but then they don't skip : or = when passing the string to parse_auth_string. So they can't work properly? srk_handle: does check for that entire string. > We'd better clean this up to avoid confusions. Right, so what do we want? I'm leaning toward standardizing on = since the tpm.*= options look to parse properly. Given : doesn't seem like it could work, we don't need to attempt to maintain backwards compatibility. Thanks for the review. -Jason
Jason Andryuk, le mar. 04 mai 2021 13:04:47 -0400, a ecrit: > owner_auth & srk_auth don't check :, but then they don't skip : or = > when passing the string to parse_auth_string. So they can't work > properly? They happen to "work" just because there is no other parameter prefixed the same. > > We'd better clean this up to avoid confusions. > > Right, so what do we want? I'm leaning toward standardizing on = > since the tpm.*= options look to parse properly. I'd say so too. Also because that's what is apparently documented. Samuel
On Tue, May 4, 2021 at 1:07 PM Samuel Thibault <samuel.thibault@ens-lyon.org> wrote: > > Jason Andryuk, le mar. 04 mai 2021 13:04:47 -0400, a ecrit: > > owner_auth & srk_auth don't check :, but then they don't skip : or = > > when passing the string to parse_auth_string. So they can't work > > properly? > > They happen to "work" just because there is no other parameter prefixed > the same. parse_auth_string fails on the ":". Just tested "owner_auth:well-known" ERROR[VTPM]: Invalid auth string :well-known ERROR[VTPM]: Invalid Option owner_auth:well-known ERROR[VTPM]: Command line parsing failed! exiting.. > > > We'd better clean this up to avoid confusions. > > > > Right, so what do we want? I'm leaning toward standardizing on = > > since the tpm.*= options look to parse properly. > > I'd say so too. Also because that's what is apparently documented. Ok, thanks. Regards, Jason
Jason Andryuk, le mar. 04 mai 2021 13:27:36 -0400, a ecrit: > On Tue, May 4, 2021 at 1:07 PM Samuel Thibault > <samuel.thibault@ens-lyon.org> wrote: > > > > Jason Andryuk, le mar. 04 mai 2021 13:04:47 -0400, a ecrit: > > > owner_auth & srk_auth don't check :, but then they don't skip : or = > > > when passing the string to parse_auth_string. So they can't work > > > properly? > > > > They happen to "work" just because there is no other parameter prefixed > > the same. > > parse_auth_string fails on the ":". > > Just tested "owner_auth:well-known" owner_auth happens to have the proper size, but srk_auth doesn't. Samuel
diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod index 875dcce508..3286954568 100644 --- a/docs/man/xen-vtpmmgr.7.pod +++ b/docs/man/xen-vtpmmgr.7.pod @@ -92,6 +92,13 @@ Valid arguments: =over 4 +=item srk_handle=<HANDLE> + +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and +this allow specifying the parent handle for vtpmmgr to create its own +key under. Using this option bypasses vtpmmgr trying to take ownership +of the TPM. + =item owner_auth=<AUTHSPEC> =item srk_auth=<AUTHSPEC> diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 1506735051..c01d03e9f4 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts) goto err_invalid; } } + else if(!strncmp(argv[i], "srk_handle:", 11)) { + if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) { + goto err_invalid; + } + } else if(!strncmp(argv[i], "tpmdriver=", 10)) { if(!strcmp(argv[i] + 10, "tpm_tis")) { opts->tpmdriver = TPMDRV_TPM_TIS; @@ -586,7 +591,11 @@ TPM_RESULT vtpmmgr2_create(void) { TPM_RESULT status = TPM_SUCCESS; - TPMTRYRETURN(tpm2_take_ownership()); + if ( vtpm_globals.srk_handle == 0 ) { + TPMTRYRETURN(tpm2_take_ownership()); + } else { + tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area); + } /* create SK */ TPM2_Create_Params_out out;
Bypass taking ownership of the TPM2 if an srk_handle is specified. This srk_handle must be usable with Null auth for the time being. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> --- docs/man/xen-vtpmmgr.7.pod | 7 +++++++ stubdom/vtpmmgr/init.c | 11 ++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-)