[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] tools: Remove the vtpm process model


  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-unstable <patchbot@xxxxxxx>
  • Date: Tue, 13 Nov 2012 16:22:11 +0000
  • Delivery-date: Tue, 13 Nov 2012 16:22:33 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

# HG changeset patch
# User Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>
# Date 1352803620 0
# Node ID 170d45f7a2ebde462743d98c77a1d10ee0f51a29
# Parent  2a4c1d3a080e7d3b20354155b6ac09e53d812cc6
tools: Remove the vtpm process model

Remove the old vtpm process model. It doesn't work very
well and is no longer supported.

Signed-off-by: Matthew Fioravante <matthew.fioravante@xxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Committed-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---


diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/Makefile
--- a/tools/Makefile    Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/Makefile    Tue Nov 13 10:47:00 2012 +0000
@@ -18,8 +18,6 @@ SUBDIRS-$(CONFIG_XCUTILS) += xcutils
 SUBDIRS-$(CONFIG_X86) += firmware
 SUBDIRS-y += console
 SUBDIRS-y += xenmon
-SUBDIRS-$(VTPM_TOOLS) += vtpm_manager
-SUBDIRS-$(VTPM_TOOLS) += vtpm
 SUBDIRS-y += xenstat
 SUBDIRS-$(CONFIG_Linux) += $(SUBDIRS-libaio)
 SUBDIRS-$(CONFIG_Linux) += memshr 
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/blktap2/drivers/hashtable.c
--- a/tools/blktap2/drivers/hashtable.c Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/blktap2/drivers/hashtable.c Tue Nov 13 10:47:00 2012 +0000
@@ -3,7 +3,6 @@
 /*
  * There are duplicates of this code in:
  *  - tools/xenstore/hashtable.c
- *  - tools/vtpm_manager/util/hashtable.c
  */
 
 #include "hashtable.h"
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/blktap2/drivers/hashtable.h
--- a/tools/blktap2/drivers/hashtable.h Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/blktap2/drivers/hashtable.h Tue Nov 13 10:47:00 2012 +0000
@@ -3,7 +3,6 @@
 /*
  * There are duplicates of this code in:
  *  - tools/xenstore/hashtable.h
- *  - tools/vtpm_manager/util/hashtable.h
  */
 
 #ifndef __HASHTABLE_CWC22_H__
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/blktap2/drivers/hashtable_itr.c
--- a/tools/blktap2/drivers/hashtable_itr.c     Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/blktap2/drivers/hashtable_itr.c     Tue Nov 13 10:47:00 2012 +0000
@@ -1,10 +1,5 @@
 /* Copyright (C) 2002, 2004 Christopher Clark  
<firstname.lastname@xxxxxxxxxxxx> */
 
-/*
- * There are duplicates of this code in:
- *  - tools/vtpm_manager/util/hashtable_itr.c
- */
-
 #include "hashtable.h"
 #include "hashtable_private.h"
 #include "hashtable_itr.h"
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/blktap2/drivers/hashtable_itr.h
--- a/tools/blktap2/drivers/hashtable_itr.h     Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/blktap2/drivers/hashtable_itr.h     Tue Nov 13 10:47:00 2012 +0000
@@ -1,10 +1,5 @@
 /* Copyright (C) 2002, 2004 Christopher Clark 
<firstname.lastname@xxxxxxxxxxxx> */
 
-/*
- * There are duplicates of this code in:
- *  - tools/vtpm_manager/util/hashtable_itr.h
- */
-
 #ifndef __HASHTABLE_ITR_CWC22__
 #define __HASHTABLE_ITR_CWC22__
 #include "hashtable.h"
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/blktap2/drivers/hashtable_private.h
--- a/tools/blktap2/drivers/hashtable_private.h Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/blktap2/drivers/hashtable_private.h Tue Nov 13 10:47:00 2012 +0000
@@ -3,7 +3,6 @@
 /*
  * There are duplicates of this code in:
  *  - tools/xenstore/hashtable_private.h
- *  - tools/vtpm_manager/util/hashtable_private.h
  */
 
 #ifndef __HASHTABLE_PRIVATE_CWC22_H__
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/configure.ac
--- a/tools/configure.ac        Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/configure.ac        Tue Nov 13 10:47:00 2012 +0000
@@ -40,7 +40,6 @@ m4_include([m4/fetcher.m4])
 # Enable/disable options
 AX_ARG_DEFAULT_DISABLE([githttp], [Download GIT repositories via HTTP])
 AX_ARG_DEFAULT_ENABLE([monitors], [Disable xenstat and xentop monitoring 
tools])
-AX_ARG_DEFAULT_DISABLE([vtpm], [Enable Virtual Trusted Platform Module])
 AX_ARG_DEFAULT_DISABLE([xenapi], [Enable Xen API Bindings])
 AX_ARG_DEFAULT_ENABLE([ocamltools], [Disable Ocaml tools])
 AX_ARG_DEFAULT_DISABLE([miniterm], [Enable miniterm])
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/examples/README
--- a/tools/examples/README     Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/examples/README     Tue Nov 13 10:47:00 2012 +0000
@@ -25,13 +25,7 @@ vif-bridge          - virtual network st
 vif-common.sh       - sourced by vif-bridge 
 vif-nat             - xen virtual network start/stop script in NAT mode 
 vif-route           - xen virtual network start/stop script in routed mode
-vtpm                - called by xen-backend.agent to bind/unbind vTPM devices
-vtpm-common.sh      - common code for vTPM handling
-vtpm-delete         - remove an entry from the vTPM table given the
-                      domain's name
-vtpm-hotplug-common.sh - sourced by vtpm
-vtpm-migration.sh   - sourced by external-device-migrate
-xen-backend.agent   - calls block, vif-*, vtpm scripts to add, remove, hotplug
+xen-backend.agent   - calls block, vif-* scripts to add, remove, hotplug
                       devices  
 xen-backend.rules   - hotplug script rules
 xend-config.sxp     - default xend configuration file
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/examples/xmexample.pv-grub
--- a/tools/examples/xmexample.pv-grub  Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/examples/xmexample.pv-grub  Tue Nov 13 10:47:00 2012 +0000
@@ -105,20 +105,6 @@ disk = [ 'phy:hda1,hda1,w' ]
 # configured in xend-config.sxp.
 
 #----------------------------------------------------------------------------
-# Define to which TPM instance the user domain should communicate.
-# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM'
-# where INSTANCE indicates the instance number of the TPM the VM
-# should be talking to and DOM provides the domain where the backend
-# is located.
-# Note that no two virtual machines should try to connect to the same
-# TPM instance. The handling of all TPM instances does require
-# some management effort in so far that VM configration files (and thus
-# a VM) should be associated with a TPM instance throughout the lifetime
-# of the VM / VM configuration file. The instance number must be
-# greater or equal to 1.
-#vtpm = [ 'instance=1,backend=0' ]
-
-#----------------------------------------------------------------------------
 # Configure the behaviour when a domain exits.  There are three 'reasons'
 # for a domain to stop: poweroff, reboot, and crash.  For each of these you
 # may specify:
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/examples/xmexample1
--- a/tools/examples/xmexample1 Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/examples/xmexample1 Tue Nov 13 10:47:00 2012 +0000
@@ -101,20 +101,6 @@ disk = [ 'phy:hda1,hda1,w' ]
 # configured in xend-config.sxp.
 
 #----------------------------------------------------------------------------
-# Define to which TPM instance the user domain should communicate.
-# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM'
-# where INSTANCE indicates the instance number of the TPM the VM
-# should be talking to and DOM provides the domain where the backend
-# is located.
-# Note that no two virtual machines should try to connect to the same
-# TPM instance. The handling of all TPM instances does require
-# some management effort in so far that VM configration files (and thus
-# a VM) should be associated with a TPM instance throughout the lifetime
-# of the VM / VM configuration file. The instance number must be
-# greater or equal to 1.
-#vtpm = [ 'instance=1,backend=0' ]
-
-#----------------------------------------------------------------------------
 # Set the kernel command line for the new domain.
 # You only need to define the IP parameters and hostname if the domain's
 # IP config doesn't, e.g. in ifcfg-eth0 or via DHCP.
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/examples/xmexample2
--- a/tools/examples/xmexample2 Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/examples/xmexample2 Tue Nov 13 10:47:00 2012 +0000
@@ -137,20 +137,6 @@ disk = [ 'phy:sda%d,sda1,w' % (7+vmid),
 # configured in xend-config.sxp.
 
 #----------------------------------------------------------------------------
-# Define to which TPM instance the user domain should communicate.
-# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM'
-# where INSTANCE indicates the instance number of the TPM the VM
-# should be talking to and DOM provides the domain where the backend
-# is located.
-# Note that no two virtual machines should try to connect to the same
-# TPM instance. The handling of all TPM instances does require
-# some management effort in so far that VM configration files (and thus
-# a VM) should be associated with a TPM instance throughout the lifetime
-# of the VM / VM configuration file. The instance number must be
-# greater or equal to 1.
-#vtpm = ['instance=%d,backend=0' % (vmid) ]
-
-#----------------------------------------------------------------------------
 # Set the kernel command line for the new domain.
 # You only need to define the IP parameters and hostname if the domain's
 # IP config doesn't, e.g. in ifcfg-eth0 or via DHCP.
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/examples/xmexample3
--- a/tools/examples/xmexample3 Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/examples/xmexample3 Tue Nov 13 10:47:00 2012 +0000
@@ -122,20 +122,6 @@ disk = [ 'phy:hda%d,hda1,w' % (vmid)]
 # configured in xend-config.sxp.
 
 #----------------------------------------------------------------------------
-# Define to which TPM instance the user domain should communicate.
-# The vtpm entry is of the form 'instance=INSTANCE,backend=DOM'
-# where INSTANCE indicates the instance number of the TPM the VM
-# should be talking to and DOM provides the domain where the backend
-# is located.
-# Note that no two virtual machines should try to connect to the same
-# TPM instance. The handling of all TPM instances does require
-# some management effort in so far that VM configration files (and thus
-# a VM) should be associated with a TPM instance throughout the lifetime
-# of the VM / VM configuration file. The instance number must be
-# greater or equal to 1.
-#vtpm = ['instance=%d,backend=0' % (vmid) ]
-
-#----------------------------------------------------------------------------
 # Set the kernel command line for the new domain.
 # You only need to define the IP parameters and hostname if the domain's
 # IP config doesn't, e.g. in ifcfg-eth0 or via DHCP.
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/Makefile
--- a/tools/hotplug/Linux/Makefile      Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/hotplug/Linux/Makefile      Tue Nov 13 10:47:00 2012 +0000
@@ -18,14 +18,12 @@ XEN_SCRIPTS += vif-setup
 XEN_SCRIPTS += block
 XEN_SCRIPTS += block-enbd block-nbd
 XEN_SCRIPTS += blktap
-XEN_SCRIPTS += vtpm vtpm-delete
 XEN_SCRIPTS += xen-hotplug-cleanup
 XEN_SCRIPTS += external-device-migrate
 XEN_SCRIPTS += vscsi
 XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh
 XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh
-XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh
-XEN_SCRIPT_DATA += vtpm-migration.sh vtpm-impl
+XEN_SCRIPT_DATA += block-common.sh
 
 UDEV_RULES_DIR = $(CONFIG_DIR)/udev
 UDEV_RULES = xen-backend.rules xend.rules
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/vtpm
--- a/tools/hotplug/Linux/vtpm  Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-dir=$(dirname "$0")
-. "$dir/vtpm-hotplug-common.sh"
-
-vtpm_fatal_error=0
-
-case "$command" in
-  add)
-    vtpm_create_instance
-  ;;
-  remove)
-    vtpm_remove_instance
-  ;;
-esac
-
-if [ $vtpm_fatal_error -eq 0 ]; then
-       log debug "Successful vTPM operation '$command'."
-       success
-else
-       fatal "Error while executing vTPM operation '$command'."
-fi
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/vtpm-common.sh
--- a/tools/hotplug/Linux/vtpm-common.sh        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,448 +0,0 @@
-#
-# Copyright (c) 2005 IBM Corporation
-# Copyright (c) 2005 XenSource Ltd.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General Public
-# License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-dir=$(dirname "$0")
-. "$dir/logging.sh"
-. "$dir/locking.sh"
-
-VTPMDB="/var/vtpm/vtpm.db"
-
-#In the vtpm-impl file some commands should be defined:
-#      vtpm_create, vtpm_setup, vtpm_start, etc. (see below)
-if [ -r "$dir/vtpm-impl.alt" ]; then
-       . "$dir/vtpm-impl.alt"
-elif [ -r "$dir/vtpm-impl" ]; then
-       . "$dir/vtpm-impl"
-else
-       function vtpm_create () {
-               true
-       }
-       function vtpm_setup() {
-               true
-       }
-       function vtpm_start() {
-               true
-       }
-       function vtpm_suspend() {
-               true
-       }
-       function vtpm_resume() {
-               true
-       }
-       function vtpm_delete() {
-               true
-       }
-       function vtpm_migrate() {
-               echo "Error: vTPM migration accross machines not implemented."
-       }
-       function vtpm_migrate_local() {
-               echo "Error: local vTPM migration not supported"
-       }
-       function vtpm_migrate_recover() {
-               true
-       }
-fi
-
-
-#Find the instance number for the vtpm given the name of the domain
-# Parameters
-# - vmname : the name of the vm
-# Return value
-#  Returns '0' if instance number could not be found, otherwise
-#  it returns the instance number in the variable 'instance'
-function vtpmdb_find_instance () {
-       local vmname ret instance
-       vmname=$1
-       ret=0
-
-       instance=$(cat $VTPMDB |                   \
-                 awk -vvmname=$vmname             \
-                 '{                               \
-                    if ( 1 != index($1,"#")) {    \
-                      if ( $1 == vmname ) {       \
-                        print $2;                 \
-                        exit;                     \
-                      }                           \
-                    }                             \
-                  }')
-       if [ "$instance" != "" ]; then
-               ret=$instance
-       fi
-       echo "$ret"
-}
-
-
-# Check whether a particular instance number is still available
-# returns "0" if it is not available, "1" otherwise.
-function vtpmdb_is_free_instancenum () {
-       local instance instances avail i
-       instance=$1
-       avail=1
-       #Allowed instance number range: 1-255
-       if [ $instance -eq 0 -o $instance -gt 255 ]; then
-               avail=0
-       else
-               instances=$(cat $VTPMDB |                \
-                          awk                          \
-                          '{                            \
-                              if (1 != index($1,"#")) { \
-                                printf("%s ",$2);       \
-                              }                         \
-                           }')
-               for i in $instances; do
-                       if [ $i -eq $instance ]; then
-                               avail=0
-                               break
-                       fi
-               done
-       fi
-       echo "$avail"
-}
-
-
-# Get an available instance number given the database
-# Returns an unused instance number
-function vtpmdb_get_free_instancenum () {
-       local ctr instances don found
-       instances=$(cat $VTPMDB |                \
-                  awk                          \
-                  '{                            \
-                      if (1 != index($1,"#")) { \
-                        printf("%s ",$2);       \
-                      }                         \
-                   }')
-       ctr=1
-       don=0
-       while [ $don -eq 0 ]; do
-               found=0
-               for i in $instances; do
-                       if [ $i -eq $ctr ]; then
-                               found=1;
-                               break;
-                       fi
-               done
-
-               if [ $found -eq 0 ]; then
-                       don=1
-                       break
-               fi
-               let ctr=ctr+1
-       done
-       echo "$ctr"
-}
-
-
-# Add a domain name and instance number to the DB file
-function vtpmdb_add_instance () {
-       local res vmname inst
-       vmname=$1
-       inst=$2
-
-       if [ ! -f $VTPMDB ]; then
-               echo "#Database for VM to vTPM association" > $VTPMDB
-               echo "#1st column: domain name" >> $VTPMDB
-               echo "#2nd column: TPM instance number" >> $VTPMDB
-       fi
-       res=$(vtpmdb_validate_entry $vmname $inst)
-       if [ $res -eq 0 ]; then
-               echo "$vmname $inst" >> $VTPMDB
-       fi
-}
-
-
-#Validate whether an entry is the same as passed to this
-#function
-function vtpmdb_validate_entry () {
-       local res rc vmname inst
-       rc=0
-       vmname=$1
-       inst=$2
-
-       res=$(cat $VTPMDB |            \
-            awk -vvmname=$vmname     \
-                 -vinst=$inst         \
-            '{                        \
-                if ( 1 == index($1,"#")) {\
-                } else                \
-                if ( $1 == vmname &&  \
-                     $2 == inst) {    \
-                   printf("1");       \
-                   exit;              \
-                } else                \
-                if ( $1 == vmname ||  \
-                     $2 == inst) {    \
-                   printf("2");       \
-                   exit;              \
-                }                     \
-            }')
-
-       if [ "$res" == "1" ]; then
-               rc=1
-       elif [ "$res" == "2" ]; then
-               rc=2
-       fi
-       echo "$rc"
-}
-
-
-#Remove an entry from the vTPM database given its domain name
-#and instance number
-function vtpmdb_remove_entry () {
-       local vmname instance VTPMDB_TMP
-       vmname=$1
-       instance=$2
-       VTPMDB_TMP="$VTPMDB".tmp
-
-       $(cat $VTPMDB |            \
-        awk -vvmname=$vmname     \
-        '{                        \
-           if ( $1 != vmname ) {  \
-             print $0;            \
-           }                      \
-        '} > $VTPMDB_TMP)
-       if [ -e $VTPMDB_TMP ]; then
-               mv -f $VTPMDB_TMP $VTPMDB
-               vtpm_delete $instance
-       else
-               log err "Error creating temporary file '$VTPMDB_TMP'."
-       fi
-}
-
-
-# Find the reason for the creation of this device:
-# Returns 'resume' or 'create'
-function vtpm_get_create_reason () {
-       local resume
-       resume=$(xenstore_read $XENBUS_PATH/resume)
-       if [ "$resume" == "True" ]; then
-               echo "resume"
-       else
-               echo "create"
-       fi
-}
-
-
-#Create a vTPM instance
-# If no entry in the TPM database is found, the instance is
-# created and an entry added to the database.
-function vtpm_create_instance () {
-       local res instance domname reason uuid
-       uuid=$(xenstore_read "$XENBUS_PATH"/uuid)
-       reason=$(vtpm_get_create_reason)
-
-       claim_lock vtpmdb
-
-       instance="0"
-
-       if [ "$uuid" != "" ]; then
-               instance=$(vtpmdb_find_instance $uuid)
-       fi
-       if [ "$instance" == "0" ]; then
-               domname=$(xenstore_read "$XENBUS_PATH"/domain)
-               instance=$(vtpmdb_find_instance $domname)
-       fi
-
-       if [ "$instance" == "0" -a "$reason" != "create" ]; then
-               release_lock vtpmdb
-               return
-       fi
-
-       if [ "$instance" == "0" ]; then
-               #Try to give the preferred instance to the domain
-               instance=$(xenstore_read "$XENBUS_PATH"/pref_instance)
-               if [ "$instance" != "" ]; then
-                       res=$(vtpmdb_is_free_instancenum $instance)
-                       if [ $res -eq 0 ]; then
-                               instance=$(vtpmdb_get_free_instancenum)
-                       fi
-               else
-                       instance=$(vtpmdb_get_free_instancenum)
-               fi
-
-               vtpm_create $instance
-
-               if [ $vtpm_fatal_error -eq 0 ]; then
-                       if [ "$uuid" != "" ]; then
-                               vtpmdb_add_instance $uuid $instance
-                       else
-                               vtpmdb_add_instance $domname $instance
-                       fi
-               fi
-       else
-               if [ "$reason" == "resume" ]; then
-                       vtpm_resume $instance
-               else
-                       vtpm_start $instance
-               fi
-       fi
-
-       release_lock vtpmdb
-
-       xenstore_write $XENBUS_PATH/instance $instance
-}
-
-
-#Remove an instance when a VM is terminating or suspending.
-#Since it is assumed that the VM will appear again, the
-#entry is kept in the VTPMDB file.
-function vtpm_remove_instance () {
-       local instance reason domname uuid
-       #Stop script execution quietly if path does not exist (anymore)
-       xenstore-exists "$XENBUS_PATH"/domain
-       uuid=$(xenstore_read "$XENBUS_PATH"/uuid)
-
-       claim_lock vtpmdb
-
-       instance="0"
-
-       if [ "$uuid" != "" ]; then
-               instance=$(vtpmdb_find_instance $uuid)
-       fi
-
-       if [ "$instance" == "0" ]; then
-               domname=$(xenstore_read "$XENBUS_PATH"/domain)
-               instance=$(vtpmdb_find_instance $domname)
-       fi
-
-       if [ "$instance" != "0" ]; then
-               vtpm_suspend $instance
-       fi
-
-       release_lock vtpmdb
-}
-
-
-#Remove an entry in the VTPMDB file given the domain's name
-#1st parameter: The name of the domain
-function vtpm_delete_instance () {
-       local instance
-
-       claim_lock vtpmdb
-
-       instance=$(vtpmdb_find_instance $1)
-       if [ "$instance" != "0" ]; then
-               vtpmdb_remove_entry $1 $instance
-       fi
-
-       release_lock vtpmdb
-}
-
-# Determine whether the given address is local to this machine
-# Return values:
-#  "-1" : the given machine name is invalid
-#  "0"  : this is not an address of this machine
-#  "1"  : this is an address local to this machine
-function vtpm_isLocalAddress() {
-       local addr res
-       addr=$(ping $1 -c 1 |  \
-              awk '{ print substr($3,2,length($3)-2); exit }')
-       if [ "$addr" == "" ]; then
-               echo "-1"
-               return
-       fi
-       res=$(ifconfig | grep "inet addr" |  \
-            awk -vaddr=$addr               \
-            '{                              \
-               if ( addr == substr($2, 6)) {\
-                 print "1";                 \
-               }                            \
-            }'                              \
-           )
-       if [ "$res" == "" ]; then
-               echo "0"
-               return
-       fi
-       echo "1"
-}
-
-# Perform a migration step. This function differentiates between migration
-# to the local host or to a remote machine.
-# Parameters:
-# 1st: destination host to migrate to
-# 2nd: name of the domain to migrate
-# 3rd: the migration step to perform
-function vtpm_migration_step() {
-       local res=$(vtpm_isLocalAddress $1)
-       if [ "$res" == "0" ]; then
-               vtpm_migrate $1 $2 $3
-       else
-               vtpm_migrate_local
-       fi
-}
-
-# Recover from migration due to an error. This function differentiates
-# between migration to the local host or to a remote machine.
-# Parameters:
-# 1st: destination host the migration was going to
-# 2nd: name of the domain that was to be migrated
-# 3rd: the last successful migration step that was done
-function vtpm_recover() {
-       local res
-       res=$(vtpm_isLocalAddress $1)
-       if [ "$res" == "0" ]; then
-               vtpm_migrate_recover $1 $2 $3
-       fi
-}
-
-
-#Determine the domain id given a domain's name.
-#1st parameter: name of the domain
-#return value: domain id  or -1 if domain id could not be determined
-function vtpm_domid_from_name () {
-       local id name ids
-       ids=$(xenstore-list /local/domain)
-       for id in $ids; do
-               name=$(xenstore-read /local/domain/$id/name)
-               if [ "$name" == "$1" ]; then
-                       echo "$id"
-                       return
-               fi
-       done
-       echo "-1"
-}
-
-#Determine the virtual TPM's instance number using the domain ID.
-#1st parm: domain ID
-function vtpm_uuid_by_domid() {
-       echo $(xenstore-read /local/domain/0/backend/vtpm/$1/0/uuid)
-}
-
-
-# Determine the vTPM's UUID by the name of the VM
-function vtpm_uuid_from_vmname() {
-       local domid=$(vtpm_domid_from_name $1)
-       if [ "$domid" != "-1" ]; then
-               echo $(vtpm_uuid_by_domid $domid)
-               return
-       fi
-       echo ""
-}
-
-#Add a virtual TPM instance number and its associated domain name
-#to the VTPMDB file and activate usage of this virtual TPM instance
-#by writing the instance number into the xenstore
-#1st parm: name of virtual machine
-#2nd parm: instance of associated virtual TPM
-function vtpm_add_and_activate() {
-       local domid=$(vtpm_domid_from_name $1)
-       local vtpm_uuid=$(vtpm_uuid_from_vmname $1)
-       if [ "$vtpm_uuid" != "" -a "$domid" != "-1" ]; then
-               vtpmdb_add_instance $vtpm_uuid $2
-               xenstore-write backend/vtpm/$domid/0/instance $2
-       fi
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/vtpm-delete
--- a/tools/hotplug/Linux/vtpm-delete   Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-#!/bin/bash
-
-# This scripts must be called the following way:
-# vtpm-delete <vtpm uuid>
-# or
-# vtpm-delete --vmname <vm name>
-
-dir=$(dirname "$0")
-. "$dir/vtpm-common.sh"
-
-if [ "$1" == "--vmname" ]; then
-       vtpm_uuid=$(vtpm_uuid_from_vmname $2)
-       if [ "$vtpm_uuid" != "" ];then
-               vtpm_delete_instance $vtpm_uuid
-       fi
-else
-       vtpm_delete_instance $1
-fi
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/vtpm-hotplug-common.sh
--- a/tools/hotplug/Linux/vtpm-hotplug-common.sh        Tue Nov 13 10:46:59 
2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-#
-# Copyright (c) 2005 IBM Corporation
-# Copyright (c) 2005 XenSource Ltd.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General Public
-# License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-dir=$(dirname "$0")
-. "$dir/xen-hotplug-common.sh"
-
-findCommand "$@"
-if [ "$command" != "online" ]  &&
-   [ "$command" != "offline" ] &&
-   [ "$command" != "add" ]     &&
-   [ "$command" != "remove" ]
-then
-       log err "Invalid command: $command"
-       exit 1
-fi
-
-
-XENBUS_PATH="${XENBUS_PATH:?}"
-
-. "$dir/vtpm-common.sh"
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/vtpm-impl
--- a/tools/hotplug/Linux/vtpm-impl     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,208 +0,0 @@
-#!/bin/bash
-# ===================================================================
-# 
-# Copyright (c) 2005, Intel Corp.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without 
-# modification, are permitted provided that the following conditions 
-# are met:
-#
-#   * Redistributions of source code must retain the above copyright 
-#     notice, this list of conditions and the following disclaimer.
-#   * Redistributions in binary form must reproduce the above 
-#     copyright notice, this list of conditions and the following 
-#     disclaimer in the documentation and/or other materials provided 
-#     with the distribution.
-#   * Neither the name of Intel Corporation nor the names of its 
-#     contributors may be used to endorse or promote products derived
-#     from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-#            |        SRC        |    TAG  |      CMD SIZE     |        ORD    
   |mtype|strt
-TPM_CMD_OPEN=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x01
-TPM_CMD_RESM=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x02
-TPM_CMD_CLOS=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x02
-TPM_CMD_DELE=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x03
-
-TPM_TYPE_PVM=\\x01
-TPM_TYPE_HVM=\\x02
-
-TPM_SUCCESS=00000000
-
-TX_VTPM_MANAGER=/var/vtpm/fifos/from_console.fifo
-RX_VTPM_MANAGER=/var/vtpm/fifos/to_console.fifo
-
-VTPM_MIG=/usr/bin/vtpm_migrator
-
-# -------------------- Helpers for binary streams -----------
-
-function str_to_hex32() {
- printf "%0.8x" $1
-}
-
-function hex32_to_bin() {
- local inst=$(str_to_hex32 $1);
- 
- local n1=`echo $inst | sed 's/\(..\)....../\\\\x\1/'`
- local n2=`echo $inst | sed 's/..\(..\)..../\\\\x\1/'`
- local n3=`echo $inst | sed 's/....\(..\)../\\\\x\1/'`
- local n4=`echo $inst | sed 's/......\(..\)/\\\\x\1/'`
-
- echo "$n1$n2$n3$n4"
-}
-
-function vtpm_manager_cmd() {
- local cmd=$1;
- local inst=$2;
- local inst_bin=$(hex32_to_bin $inst);
-
- claim_lock vtpm_mgr
-
- #send cmd to vtpm_manager
- printf "$cmd$inst_bin" > $TX_VTPM_MANAGER
-
- #recv response
- set +e
- local resp_hex=`dd skip=10 bs=1 count=4 if=$RX_VTPM_MANAGER 2> /dev/null | 
xxd -ps`
- set -e
-
- release_lock vtpm_mgr
-
- #return whether the command was successful
- if [ $resp_hex -ne $TPM_SUCCESS ]; then
-   vtpm_fatal_error=1
-   false
-  else
-   true
- fi
-}
-
-# Helper to get vm type to pass to vtpm_manager open/resume
-function vtpm_get_type() {
- local inst=$(xenstore_read $XENBUS_PATH/frontend-id)
- local vm=$(xenstore_read /local/domain/$inst/vm)
- if [ "$vm" != "" ]; then
-  local ostype=$(xenstore-read $vm/image/ostype)
-  if [ "$ostype" == "hvm" ]; then
-   echo $TPM_TYPE_HVM;
-  else
-   echo $TPM_TYPE_PVM;
-  fi
- fi
-}
-
-# ------------------ Command handlers -----------------
-
-# Create new vtpm instance & set it up for use
-function vtpm_create () {
- # Creation is handled implicitly by the manager on first setup
- # so just set it up for use
- $(vtpm_start $1)
-}
-
-# Setup vtpm instance for use.
-function vtpm_start() {
- local vmtype=$(vtpm_get_type);
- $(vtpm_manager_cmd $TPM_CMD_OPEN$vmtype $1)
-}
-
-function vtpm_resume() {
- local vmtype=$(vtpm_get_type);
- $(vtpm_manager_cmd $TPM_CMD_RESM$vmtype $1)
-}
-
-# Reset the vtpm AKA clear PCRs
-function vtpm_reset() {
- #not used by current implemenation
- true
-}
-
-# Shutdown the vtpm while the vm is down
-# This could be a suspend of shutdown
-# we cannot distinquish, so save the state
-# and decide on startup if we should keep is
-function vtpm_suspend() {
- $(vtpm_manager_cmd $TPM_CMD_CLOS $1)
-}
-
-
-function vtpm_delete() {
- local inst=$1
- if $(vtpm_manager_cmd $TPM_CMD_DELE $inst); then
-   rm -f /var/vtpm/vtpm_dm_$1.data
-   true
- else 
-   vtpm_fatal_error=1
-   false
- fi
-}
-
-# Perform a migration step. This function differentiates between migration
-# to the local host or to a remote machine.
-# Parameters:
-# 1st: destination host to migrate to
-# 2nd: name of the domain to migrate
-# 3rd: the migration step to perform
-function vtpm_migrate() {
- local instance res
-
- instance=$(vtpmdb_find_instance $2)
- if [ "$instance" == "" ]; then
-  log err "VTPM Migratoin failed. Unable to translation of domain name"
-  echo "Error: VTPM Migration failed while looking up instance number"
- fi
-
- case "$3" in
-  0)
-   #Incicate migration supported
-   echo "0" 
-  ;;
-
-  1)
-   # Get Public Key from Destination
-   # Call vtpm_manager's migration part 1
-   claim_lock vtpm_mgr
-   $VTPM_MIG $1 $2 $instance $3
-   release_lock vtpm_mgr
-  ;;
-
-  2)
-   # Call manager's migration step 2 and send result to destination
-   # If successful remove from db
-   claim_lock vtpm_mgr
-   $VTPM_MIG $1 $2 $instance $3
-   release_lock vtpm_mgr
-  ;;
-
-  3)
-   if `ps x | grep "$VTPM_MIG $1"`; then
-    log err "VTPM Migration failed to complete."
-    echo "Error: VTPM Migration failed to complete."
-   fi
-  ;;
- esac
- 
-}
-
-
-function vtpm_migrate_recover() {
- echo "Error: Recovery not supported yet" 
-}
-
-function vtpm_migrate_local() {
- echo "Error: local vTPM migration not supported"
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/vtpm-migration.sh
--- a/tools/hotplug/Linux/vtpm-migration.sh     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-#
-# Copyright (c) 2005 IBM Corporation
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General Public
-# License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-dir=$(dirname "$0")
-. "$dir/vtpm-common.sh"
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/hotplug/Linux/xen-backend.rules
--- a/tools/hotplug/Linux/xen-backend.rules     Tue Nov 13 10:46:59 2012 +0000
+++ b/tools/hotplug/Linux/xen-backend.rules     Tue Nov 13 10:47:00 2012 +0000
@@ -1,6 +1,5 @@
 SUBSYSTEM=="xen-backend", KERNEL=="tap*", ENV{UDEV_CALL}="1", 
RUN+="/etc/xen/scripts/blktap $env{ACTION}"
 SUBSYSTEM=="xen-backend", KERNEL=="vbd*", ENV{UDEV_CALL}="1", 
RUN+="/etc/xen/scripts/block $env{ACTION}"
-SUBSYSTEM=="xen-backend", KERNEL=="vtpm*", RUN+="/etc/xen/scripts/vtpm 
$env{ACTION}"
 SUBSYSTEM=="xen-backend", KERNEL=="vif2-*", RUN+="/etc/xen/scripts/vif2 
$env{ACTION}"
 SUBSYSTEM=="xen-backend", KERNEL=="vif-*", ENV{UDEV_CALL}="1", 
ACTION=="online", RUN+="/etc/xen/scripts/vif-setup online type_if=vif"
 SUBSYSTEM=="xen-backend", KERNEL=="vif-*", ENV{UDEV_CALL}="1", 
ACTION=="offline", RUN+="/etc/xen/scripts/vif-setup offline type_if=vif"
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/Makefile
--- a/tools/vtpm/Makefile       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-XEN_ROOT = $(CURDIR)/../..
-
-# Base definitions and rules
-include $(XEN_ROOT)/tools/vtpm/Rules.mk
-
-# Dir name for emulator (as dom0 tpm driver)
-TPM_EMULATOR_DIR = tpm_emulator
-# Dir name for vtpm instance
-VTPM_DIR = vtpm
-ORIG_DIR = orig
-
-# Emulator tarball name
-TPM_EMULATOR_NAME = tpm_emulator-0.5.1
-TPM_EMULATOR_TARFILE = $(TPM_EMULATOR_NAME).tar.gz
-
-GMP_HEADER = /usr/include/gmp.h
-
-.PHONY: all
-all: build
-
-.PHONY: build
-build: build_sub
-
-.PHONY: install
-install: build
-       $(MAKE) -C $(VTPM_DIR) install-recursive
-
-.PHONY: clean
-clean:
-       @if [ -d $(TPM_EMULATOR_DIR) ]; \
-               then $(MAKE) -C $(TPM_EMULATOR_DIR) clean; \
-       fi
-       @if [ -d $(VTPM_DIR) ]; \
-               then $(MAKE) -C $(VTPM_DIR) clean; \
-       fi
-
-.PHONY: mrproper
-mrproper:
-       rm -f $(TPM_EMULATOR_TARFILE) tpm_emulator.patch.old vtpm.patch.old
-       rm -rf $(TPM_EMULATOR_DIR) $(VTPM_DIR) $(ORIG_DIR)
-
-# Download Swiss emulator
-$(TPM_EMULATOR_TARFILE):
-       wget http://download.berlios.de/tpm-emulator/$(TPM_EMULATOR_TARFILE)
-
-# Create vtpm dirs
-$(VTPM_DIR)/tpmd/tpmd: $(TPM_EMULATOR_TARFILE) vtpm-0.5.1.patch
-       rm -rf $(VTPM_DIR)
-       tar -xzf $(TPM_EMULATOR_TARFILE)
-       mv $(TPM_EMULATOR_NAME) $(VTPM_DIR)
-
-       set -e; cd $(VTPM_DIR); \
-       patch -p1 < ../vtpm-0.5.1.patch; \
-       patch -p1 < ../vtpm-0.5.1-LDLIBS.patch
-
-orig: $(TPM_EMULATOR_TARFILE)
-       mkdir $(ORIG_DIR);
-       set -e; cd $(ORIG_DIR); \
-       tar -xzf ../$(TPM_EMULATOR_TARFILE);
-
-updatepatches: clean orig
-       find $(VTPM_DIR) -name "*.orig" -print | xargs rm -f; 
-       mv vtpm.patch vtpm.patch.old; 
-       diff -uprN $(TPM_EMULATOR_DIR) $(VTPM_DIR) > vtpm.patch || true;
-
-.PHONY: build_sub
-build_sub: $(VTPM_DIR)/tpmd/tpmd
-       set -e; if [ -e $(GMP_HEADER) ]; then \
-               $(MAKE) -C $(VTPM_DIR) version; \
-               $(MAKE) -C $(VTPM_DIR) all-recursive; \
-       else \
-               echo "=== Unable to build VTPMs. libgmp could not be found."; \
-       fi
-
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/README
--- a/tools/vtpm/README Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-
-Directory Structure
-===================
-tools/vtpm/tpm_emulator-0.2b.tar.gz    -> TPM Emulator downloaded at build 
time that will
-                                          be patched and used for our vtpms
-tools/vtpm/vtpm.patch                  -> patch applied to tpm_emulator to 
make vtpm
-tools/vtpm/vtpm/                       -> (created on build) tpm_emulator 
moved to ring 3,
-                                          listens on a pair of fifos for TPM 
commands,
-                                          persistent state is sent via named 
fifo to vtpm
-                                            manager, which encrypts it and 
protects it.
-tools/vtpm/tpm_emulator.patch          -> To allow for debugging and testing 
on non-TPM
-                                          platforms, this patches the emulator 
to allow
-                                          it to be inserted into the dom0 
kernel
-tools/vtpm/tpm_emulator-0.2            -> (created on build) directory 
containing patched emulator
-
-Compile Flags
-===================
-VTPM_MULTI_VM                -> Defined (not finished): VTPMs run in their own 
VMs
-                                Not Defined (default): VTPMs are processes
-
-Requirements
-============
-- xen-unstable 
-- IBM frontend/backend vtpm driver patch
-- vtpm_managerd
-- GNU MP Big number library (GMP)
-
-vtpmd Flow (for vtpm_manager. vtpmd never run by default)
-============================
-- Launch the VTPM manager (vtpm_managerd) which which begins listening to the 
BE with one thread
-  and listens to a named fifo that is shared by the vtpms to commuincate with 
the manager.
-- VTPM Manager listens to TPM BE.
-- When xend launches a tpm frontend equipped VM it contacts the manager over 
the vtpm backend. 
-- When the manager receives the open message from the BE, it launches a vtpm
-- Xend allows the VM to continue booting. 
-- When a TPM request is issued to the front end, the front end transmits the 
TPM request to the backend.
-- The manager receives the TPM requests and uses a named fifo to forward the 
request to the vtpm.
-- The fifo listener begins listening for the reply from vtpm for the request.
-- Vtpm processes request and replies to manager over shared named fifo.
-- If needed, the vtpm may send a request to the vtpm_manager at any time to 
save it's secrets to disk.
-- Manager receives response from vtpm and passes it back to backend for 
forwarding to guest.
-
-tpm_emulator flow
-==================
-Read documentation in tpm_emulator-0.2 directory
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/Rules.mk
--- a/tools/vtpm/Rules.mk       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-# Base definitions and rules (XEN_ROOT must be defined in including Makefile)
-include $(XEN_ROOT)/tools/Rules.mk
-
-#
-# Tool definitions
-#
-
-# General compiler flags
-CFLAGS   = -Werror -g3
-
-# Generic project files
-HDRS   = $(wildcard *.h)
-SRCS   = $(wildcard *.c)
-OBJS   = $(patsubst %.c,%.o,$(SRCS))
-
-# Generic (non-header) dependencies
-$(SRCS): Makefile $(XEN_ROOT)/tools/Rules.mk $(XEN_ROOT)/tools/vtpm/Rules.mk
-
-$(OBJS): $(SRCS)
-
--include $(DEPS)
-
-BUILD_EMULATOR = y
-
-# Make sure these are just rules
-.PHONY : all build install clean
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/tpm_emulator.patch
--- a/tools/vtpm/tpm_emulator.patch     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1919 +0,0 @@
-diff -uprN orig/tpm_emulator-0.4/AUTHORS tpm_emulator/AUTHORS
---- orig/tpm_emulator-0.4/AUTHORS      2006-06-23 03:37:07.000000000 -0700
-+++ tpm_emulator/AUTHORS       2006-07-24 14:35:35.000000000 -0700
-@@ -1,2 +1,3 @@
- Mario Strasser <mast@xxxxxxx>
- Heiko Stamer <stamer@xxxxxxxx> [DAA]
-+INTEL Corp <> [Dropped to Ring3]
-diff -uprN orig/tpm_emulator-0.4/ChangeLog tpm_emulator/ChangeLog
---- orig/tpm_emulator-0.4/ChangeLog    2006-06-23 03:37:07.000000000 -0700
-+++ tpm_emulator/ChangeLog     2006-07-24 14:35:35.000000000 -0700
-@@ -1,3 +1,6 @@
-+????-??-?? Intel Corp
-+      * Moved module out of kernel to run as a ring 3 app
-+
- 2006-06-23  Mario Strasser <mast@xxxxxxx>
-       * tpm_startup.c: behaviour of ST_CLEAR and storage of
-               persistent data adapted
-diff -uprN orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c 
tpm_emulator/crypto/gmp_kernel_wrapper.c
---- orig/tpm_emulator-0.4/crypto/gmp_kernel_wrapper.c  2006-06-23 
03:37:07.000000000 -0700
-+++ tpm_emulator/crypto/gmp_kernel_wrapper.c   2006-07-24 14:35:35.000000000 
-0700
-@@ -1,5 +1,6 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -24,15 +25,10 @@ int __gmp_junk;
- void __attribute__ ((regparm(0))) __gmp_assert_fail(const char *filename, 
-   int linenum, const char *expr) 
- {
--  panic(KERN_CRIT TPM_MODULE_NAME "%s:%d: GNU MP assertion failed: %s\n", 
-+  error("%s:%d: GNU MP assertion failed: %s\n", 
-     filename, linenum, expr);
- }
- 
--void __attribute__ ((regparm(0))) abort(void)
--{
--  panic(KERN_CRIT TPM_MODULE_NAME "GNU MP abort() was called\n");
--}
--
- /* overwrite GNU MP random functions (used by mpz/millerrabin.c) */ 
- 
- void __attribute__ ((regparm(0))) gmp_randinit(gmp_randstate_t rstate, 
-@@ -77,20 +73,19 @@ void __attribute__ ((regparm(0))) mpz_ur
- 
- void __attribute__ ((regparm(0))) *kernel_allocate(size_t size)
- {
--  void *ret  = (void*)kmalloc(size, GFP_KERNEL);
--  if (!ret) panic(KERN_CRIT TPM_MODULE_NAME 
--    "GMP: cannot allocate memory (size=%u)\n", size);
-+  void *ret  = (void*)malloc(size);
-+  if (!ret) error("GMP: cannot allocate memory (size=%Zu)\n", size);
-   return ret;
- }
- 
- void __attribute__ ((regparm(0))) *kernel_reallocate(void *oldptr, 
-   size_t old_size, size_t new_size)
- {
--  void *ret = (void*)kmalloc(new_size, GFP_KERNEL);
--  if (!ret) panic(KERN_CRIT TPM_MODULE_NAME "GMP: Cannot reallocate memory "
--    "(old_size=%u new_size=%u)\n", old_size, new_size);
-+  void *ret = (void*)malloc(new_size);
-+  if (!ret) error("GMP: Cannot reallocate memory "
-+    "(old_size=%Zu new_size=%Zu)\n", old_size, new_size);
-   memcpy(ret, oldptr, old_size);
--  kfree(oldptr);
-+  free(oldptr);
-   return ret;
- }
- 
-@@ -99,7 +94,7 @@ void __attribute__ ((regparm(0))) kernel
-   /* overwrite used memory */
-   if (blk_ptr != NULL) { 
-     memset(blk_ptr, 0, blk_size);
--    kfree(blk_ptr);
-+    free(blk_ptr);
-   }
- }
- 
-diff -uprN orig/tpm_emulator-0.4/crypto/rsa.c tpm_emulator/crypto/rsa.c
---- orig/tpm_emulator-0.4/crypto/rsa.c 2006-06-23 03:37:07.000000000 -0700
-+++ tpm_emulator/crypto/rsa.c  2006-07-24 14:35:35.000000000 -0700
-@@ -1,5 +1,6 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -381,7 +382,7 @@ static int encode_message(int type, uint
-       msg[0] = 0x00;
-       get_random_bytes(&msg[1], SHA1_DIGEST_LENGTH);
-       sha1_init(&ctx);
--      sha1_update(&ctx, "TCPA", 4);
-+      sha1_update(&ctx, (uint8_t *) "TCPA", 4);
-       sha1_final(&ctx, &msg[1 + SHA1_DIGEST_LENGTH]);
-       memset(&msg[1 + 2 * SHA1_DIGEST_LENGTH], 0x00, 
-         msg_len - data_len - 2 * SHA1_DIGEST_LENGTH - 2);
-@@ -429,7 +430,7 @@ static int decode_message(int type, uint
-       mask_generation(&msg[1], SHA1_DIGEST_LENGTH,
-         &msg[1 + SHA1_DIGEST_LENGTH], msg_len - SHA1_DIGEST_LENGTH - 1);
-       sha1_init(&ctx);
--      sha1_update(&ctx, "TCPA", 4);
-+      sha1_update(&ctx, (uint8_t *) "TCPA", 4);
-       sha1_final(&ctx, &msg[1]);
-       if (memcmp(&msg[1], &msg[1 + SHA1_DIGEST_LENGTH], 
-           SHA1_DIGEST_LENGTH) != 0) return -1;
-diff -uprN orig/tpm_emulator-0.4/linux_module.c tpm_emulator/linux_module.c
---- orig/tpm_emulator-0.4/linux_module.c       2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/linux_module.c        1969-12-31 16:00:00.000000000 -0800
-@@ -1,195 +0,0 @@
--/* Software-Based Trusted Platform Module (TPM) Emulator for Linux 
-- * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-- *
-- * This module is free software; you can redistribute it and/or modify 
-- * it under the terms of the GNU General Public License as published 
-- * by the Free Software Foundation; either version 2 of the License, 
-- * or (at your option) any later version.  
-- *
-- * This module is distributed in the hope that it will be useful, 
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of 
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
-- * GNU General Public License for more details.
-- *
-- * $Id: linux_module.c 91 2006-03-13 13:51:41Z mast $
-- */
--
--#include <linux/module.h>
--#include <linux/kernel.h>
--#include <linux/init.h>
--#include <linux/miscdevice.h>
--#include <linux/poll.h>
--#include "linux_module.h"
--#include "tpm/tpm_emulator.h"
--
--MODULE_LICENSE("GPL");
--MODULE_AUTHOR("Mario Strasser <mast@xxxxxxx>");
--MODULE_DESCRIPTION("Trusted Platform Module (TPM) Emulator");
--MODULE_SUPPORTED_DEVICE(TPM_DEVICE_NAME);
--
--/* module startup parameters */
--char *startup = "save";
--module_param(startup, charp, 0444);
--MODULE_PARM_DESC(startup, " Sets the startup mode of the TPM. "
--  "Possible values are 'clear', 'save' (default) and 'deactivated.");
--char *storage_file = "/var/tpm/tpm_emulator-1.2.0.2";
--module_param(storage_file, charp, 0644);
--MODULE_PARM_DESC(storage_file, " Sets the persistent-data storage " 
--  "file of the TPM.");
--
--/* TPM lock */
--static struct semaphore tpm_mutex;
--
--/* TPM command response */
--static struct {
--  uint8_t *data;
--  uint32_t size;
--} tpm_response;
--
--/* module state */
--#define STATE_IS_OPEN 0
--static uint32_t module_state;
--static struct timespec old_time;
--
--static int tpm_open(struct inode *inode, struct file *file)
--{
--  debug("%s()", __FUNCTION__);
--  if (test_and_set_bit(STATE_IS_OPEN, (void*)&module_state)) return -EBUSY;
--  return 0;
--}
--
--static int tpm_release(struct inode *inode, struct file *file)
--{
--  debug("%s()", __FUNCTION__);
--  clear_bit(STATE_IS_OPEN, (void*)&module_state);
--  down(&tpm_mutex);
--  if (tpm_response.data != NULL) {
--    kfree(tpm_response.data);
--    tpm_response.data = NULL;
--  }
--  up(&tpm_mutex);
--  return 0;
--}
--
--static ssize_t tpm_read(struct file *file, char *buf, size_t count, loff_t 
*ppos)
--{
--  debug("%s(%d)", __FUNCTION__, count);
--  down(&tpm_mutex);
--  if (tpm_response.data != NULL) {
--    count = min(count, (size_t)tpm_response.size - (size_t)*ppos);
--    count -= copy_to_user(buf, &tpm_response.data[*ppos], count);
--    *ppos += count;
--    if ((size_t)tpm_response.size == (size_t)*ppos) {
--      kfree(tpm_response.data);
--      tpm_response.data = NULL;
--    }
--  } else {
--    count = 0;
--  }
--  up(&tpm_mutex);
--  return count;
--}
--
--static ssize_t tpm_write(struct file *file, const char *buf, size_t count, 
loff_t *ppos)
--{
--  debug("%s(%d)", __FUNCTION__, count);
--  down(&tpm_mutex);
--  *ppos = 0;
--  if (tpm_response.data != NULL) kfree(tpm_response.data);
--  if (tpm_handle_command(buf, count, &tpm_response.data, 
--                         &tpm_response.size) != 0) { 
--    count = -EILSEQ;
--    tpm_response.data = NULL;
--  }
--  up(&tpm_mutex);
--  return count;
--}
--
--#define TPMIOC_CANCEL   _IO('T', 0x00)
--#define TPMIOC_TRANSMIT _IO('T', 0x01)
--
--static int tpm_ioctl(struct inode *inode, struct file *file, unsigned int 
cmd, unsigned long arg)
--{
--  debug("%s(%d, %p)", __FUNCTION__, cmd, (char*)arg);
--  if (cmd == TPMIOC_TRANSMIT) {
--    uint32_t count = ntohl(*(uint32_t*)(arg + 2));
--    down(&tpm_mutex);
--    if (tpm_response.data != NULL) kfree(tpm_response.data);
--    if (tpm_handle_command((char*)arg, count, &tpm_response.data,
--                           &tpm_response.size) == 0) {
--      tpm_response.size -= copy_to_user((char*)arg, tpm_response.data,
--                            tpm_response.size);
--      kfree(tpm_response.data);
--      tpm_response.data = NULL;
--    } else {
--      tpm_response.size = 0;
--      tpm_response.data = NULL;
--    }
--    up(&tpm_mutex);
--    return tpm_response.size;
--  }
--  return -1;
--}
--
--struct file_operations fops = {
--  .owner   = THIS_MODULE,
--  .open    = tpm_open,
--  .release = tpm_release,
--  .read    = tpm_read,
--  .write   = tpm_write,
--  .ioctl   = tpm_ioctl,
--};
--
--static struct miscdevice tpm_dev = {
--  .minor      = TPM_DEVICE_MINOR, 
--  .name       = TPM_DEVICE_NAME, 
--  .fops       = &fops,
--};
--
--int __init init_tpm_module(void)
--{
--  int res = misc_register(&tpm_dev);
--  if (res != 0) {
--    error("misc_register() failed for minor %d\n", TPM_DEVICE_MINOR);
--    return res;
--  }
--  /* initialize variables */
--  sema_init(&tpm_mutex, 1);
--  module_state = 0;
--  tpm_response.data = NULL;
--  old_time = current_kernel_time();
--  /* initialize TPM emulator */
--  if (!strcmp(startup, "clear")) {
--    tpm_emulator_init(1);
--  } else if (!strcmp(startup, "save")) {
--    tpm_emulator_init(2);
--  } else if (!strcmp(startup, "deactivated")) {
--    tpm_emulator_init(3);
--  } else {
--    error("invalid startup mode '%s'; must be 'clear', "
--      "'save' (default) or 'deactivated", startup);
--    misc_deregister(&tpm_dev);
--    return -EINVAL;
--  }
--  return 0;
--}
--
--void __exit cleanup_tpm_module(void)
--{
--  tpm_emulator_shutdown();
--  misc_deregister(&tpm_dev);
--  if (tpm_response.data != NULL) kfree(tpm_response.data);
--}
--
--module_init(init_tpm_module);
--module_exit(cleanup_tpm_module);
--
--uint64_t tpm_get_ticks(void)
--{
--  struct timespec new_time = current_kernel_time();
--  uint64_t ticks = (uint64_t)(new_time.tv_sec - old_time.tv_sec) * 1000000
--                   + (new_time.tv_nsec - old_time.tv_nsec) / 1000;
--  old_time = new_time;
--  return (ticks > 0) ? ticks : 1;
--}
--
-diff -uprN orig/tpm_emulator-0.4/linux_module.h tpm_emulator/linux_module.h
---- orig/tpm_emulator-0.4/linux_module.h       2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/linux_module.h        2006-07-24 14:35:35.000000000 -0700
-@@ -1,5 +1,6 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -17,54 +18,62 @@
- #ifndef _LINUX_MODULE_H_
- #define _LINUX_MODULE_H_
- 
--#include <linux/version.h>
--#include <linux/kernel.h>
--#include <linux/slab.h>
-+#include <malloc.h>
-+#include <stdint.h>
-+#include <stdio.h>
-+#include <string.h>
- #include <linux/types.h>
--#include <linux/string.h>
--#include <linux/random.h>
--#include <linux/time.h>
--#include <asm/byteorder.h>
- 
--/* module settings */
-+#include <endian.h>
-+#define __BYTEORDER_HAS_U64__
-+#ifdef LITTLE_ENDIAN
-+ #include <linux/byteorder/little_endian.h>
-+#else
-+ #include <linux/byteorder/big_endian.h>
-+#endif
- 
-+/* module settings */
-+#define min(A,B) ((A)<(B)?(A):(B))
-+#ifndef STR
- #define STR(s) __STR__(s)
- #define __STR__(s) #s
-+#endif
- #include "tpm_version.h"
- 
- #define TPM_DEVICE_MINOR  224
- #define TPM_DEVICE_NAME   "tpm"
- #define TPM_MODULE_NAME   "tpm_emulator"
- 
--/* debug and log output functions */
--
- #ifdef DEBUG
--#define debug(fmt, ...) printk(KERN_DEBUG "%s %s:%d: Debug: " fmt "\n", \
--                        TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \
-+                        __FILE__, __LINE__, ## __VA_ARGS__)
- #else
- #define debug(fmt, ...) 
- #endif
--#define info(fmt, ...)  printk(KERN_INFO "%s %s:%d: Info: " fmt "\n", \
--                        TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__)
--#define error(fmt, ...) printk(KERN_ERR "%s %s:%d: Error: " fmt "\n", \
--                        TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__)
--#define alert(fmt, ...) printk(KERN_ALERT "%s %s:%d: Alert: " fmt "\n", \
--                        TPM_MODULE_NAME, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define info(fmt, ...)  printf("TPMD: %s:%d: Info: " fmt "\n", \
-+                        __FILE__, __LINE__, ## __VA_ARGS__)
-+#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \
-+                        __FILE__, __LINE__, ## __VA_ARGS__)
-+#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \
-+                        __FILE__, __LINE__, ## __VA_ARGS__)
- 
- /* memory allocation */
- 
- static inline void *tpm_malloc(size_t size) 
- {
--  return kmalloc(size, GFP_KERNEL);  
-+  return malloc(size);  
- }
- 
- static inline void tpm_free(const void *ptr)
- {
--  if (ptr != NULL) kfree(ptr);
-+  if (ptr != NULL) free( (void *) ptr);
- }
- 
- /* random numbers */
- 
-+//FIXME;
-+void get_random_bytes(void *buf, int nbytes);
-+
- static inline void tpm_get_random_bytes(void *buf, int nbytes)
- {
-   get_random_bytes(buf, nbytes);
-@@ -84,9 +93,9 @@ uint64_t tpm_get_ticks(void);
- #define CPU_TO_LE16(x) __cpu_to_le16(x)
- 
- #define BE64_TO_CPU(x) __be64_to_cpu(x)
--#define LE64_TO_CPU(x) __be64_to_cpu(x)
-+#define LE64_TO_CPU(x) __le64_to_cpu(x)
- #define BE32_TO_CPU(x) __be32_to_cpu(x)
--#define LE32_TO_CPU(x) __be32_to_cpu(x)
-+#define LE32_TO_CPU(x) __le32_to_cpu(x)
- #define BE16_TO_CPU(x) __be16_to_cpu(x)
- #define LE16_TO_CPU(x) __le16_to_cpu(x)
- 
-diff -uprN orig/tpm_emulator-0.4/Makefile tpm_emulator/Makefile
---- orig/tpm_emulator-0.4/Makefile     2006-06-23 03:37:07.000000000 -0700
-+++ tpm_emulator/Makefile      2006-07-24 14:35:35.000000000 -0700
-@@ -1,24 +1,40 @@
- # Software-Based Trusted Platform Module (TPM) Emulator for Linux
- # Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>
-+# Copyright (C) 2006 INTEL Corp.
- #
- # $Id: Makefile 115 2006-06-23 10:36:44Z mast $
- 
--# kernel settings
--KERNEL_RELEASE := $(shell uname -r)
--KERNEL_BUILD   := /lib/modules/$(KERNEL_RELEASE)/build
--MOD_SUBDIR     := misc
-+COMPILE_ARCH    ?= $(shell uname -m | sed -e s/i.86/x86_32/)
- 
- # module settings
--MODULE_NAME    := tpm_emulator
-+BIN            := tpm_emulator
- VERSION_MAJOR  := 0
- VERSION_MINOR  := 4
- VERSION_BUILD  := $(shell date +"%s")
- 
--# enable/disable DEBUG messages
--EXTRA_CFLAGS   += -Wall -DDEBUG -g  
-+# Installation program and options
-+INSTALL         = install
-+INSTALL_PROG    = $(INSTALL) -m0755
-+INSTALL_DIR     = $(INSTALL) -d -m0755
-+
-+# Xen tools installation directory
-+TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
-+
-+CC      := gcc
-+CFLAGS  += -g -Wall $(INCLUDE) -DDEBUG
-+CFLAGS  += -I. -Itpm
-+
-+# Is the simulator running in it's own vm?
-+#CFLAGS += -DVTPM_MULTI_VM
-+
-+ifeq ($(COMPILE_ARCH),x86_64)
-+LIBDIR = lib64
-+else
-+LIBDIR = lib
-+endif
- 
- # GNU MP configuration
--GMP_LIB        := /usr/lib/libgmp.a
-+GMP_LIB        := /usr/$(LIBDIR)/libgmp.a
- GMP_HEADER     := /usr/include/gmp.h
- 
- # sources and objects
-@@ -27,38 +43,32 @@ DIRS           := . crypto tpm 
- SRCS           := $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.c))
- OBJS           := $(patsubst %.c, %.o, $(SRCS))
- SRCS           += $(foreach dir, $(DIRS), $(wildcard $(src)/$(dir)/*.h))
--DISTSRC        := ./README ./AUTHORS ./ChangeLog ./Makefile $(SRCS)
--DISTDIR        := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR)
- 
--obj-m               := $(MODULE_NAME).o
--$(MODULE_NAME)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a
-+obj-m               := $(BIN)
-+$(BIN)-objs := $(patsubst $(src)/%.o, %.o, $(OBJS)) crypto/libgmp.a
- 
- EXTRA_CFLAGS   += -I$(src) -I$(src)/crypto -I$(src)/tpm 
- 
- # do not print "Entering directory ..."
- MAKEFLAGS      += --no-print-directory
- 
--all:  $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version
--      @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules
-+all: $(BIN)
- 
--install:
--      @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) modules_install
--      test -d /var/tpm || mkdir /var/tpm
--      test -c /dev/tpm || mknod /dev/tpm c 10 224
--      chmod 666 /dev/tpm
--      depmod -a
-+$(BIN):       $(src)/crypto/gmp.h $(src)/crypto/libgmp.a version $(SRCS) 
$(OBJS)
-+      $(CC) $(CFLAGS) $(OBJS) $(src)/crypto/libgmp.a -o $(BIN)
-+
-+%.o: %.c
-+      $(CC) $(CFLAGS) -c $< -o $@
-+
-+install: $(BIN)
-+      $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR)
-+      @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi
- 
- clean:
--      @$(MAKE) -C $(KERNEL_BUILD) M=$(CURDIR) clean
--      rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a
-+      rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS)
- 
--dist: $(DISTSRC)
--      rm -rf $(DISTDIR)
--      mkdir $(DISTDIR)
--      cp --parents $(DISTSRC) $(DISTDIR)/
--      rm -f $(DISTDIR)/crypto/gmp.h 
--      tar -chzf $(DISTDIR).tar.gz $(DISTDIR)
--      rm -rf $(DISTDIR)
-+mrproper: clean
-+      rm -f $(BIN) tpm_version.h
- 
- $(src)/crypto/libgmp.a:
-       test -f $(src)/crypto/libgmp.a || ln -s $(GMP_LIB) 
$(src)/crypto/libgmp.a
-@@ -88,4 +98,3 @@ version:
-       @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h
- 
- .PHONY: all install clean dist gmp version
--
-diff -uprN orig/tpm_emulator-0.4/README tpm_emulator/README
---- orig/tpm_emulator-0.4/README       2006-06-23 03:37:07.000000000 -0700
-+++ tpm_emulator/README        2006-07-24 14:35:35.000000000 -0700
-@@ -13,7 +13,8 @@ $Id: README 113 2006-06-18 12:38:13Z hst
- Copyright
- --------------------------------------------------------------------------
- Copyright (C) 2004 Mario Strasser <mast@xxxxxxx> and Swiss Federal 
--Institute of Technology (ETH) Zurich.
-+                   Institute of Technology (ETH) Zurich.
-+Copyright (C) 2005 INTEL Corp 
-               
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
-@@ -43,6 +44,12 @@ Example:
- GMP_LIB        := /usr/lib/libgmp.a
- GMP_HEADER     := /usr/include/gmp.h
- 
-+GNU MP Library on 64 bit Systems
-+--------------------------------------------------------------------------
-+Some 64-bit kernels have problems with importing the user-space gmp 
-+library (/usr/lib*/libgmp.a) into kernel space.  These kernels will require
-+that the gmp library be recompiled for kernel space with -mcmodel=kernel.
-+
- Installation
- --------------------------------------------------------------------------
- The compilation and installation process uses the build environment for 
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_capability.c 
tpm_emulator/tpm/tpm_capability.c
---- orig/tpm_emulator-0.4/tpm/tpm_capability.c 2006-06-23 19:37:07.000000000 
+0900
-+++ tpm_emulator/tpm/tpm_capability.c  2007-12-28 22:50:19.000000000 +0900
-@@ -701,7 +701,10 @@ TPM_RESULT TPM_GetCapabilityOwner(TPM_VE
-   TPM_RESULT res;
-   
-   info("TPM_GetCapabilityOwner()");
--  
-+ 
-+  if (!tpmData.permanent.flags.owned) {
-+    return TPM_NOSRK;
-+  } 
-   /* Verify owner authorization */
-   res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, 
TPM_KH_OWNER);
-   if (res != TPM_SUCCESS) return res;
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c 
tpm_emulator/tpm/tpm_cmd_handler.c
---- orig/tpm_emulator-0.4/tpm/tpm_cmd_handler.c        2006-06-23 
19:37:07.000000000 +0900
-+++ tpm_emulator/tpm/tpm_cmd_handler.c 2007-09-12 20:23:00.000000000 +0900
-@@ -565,7 +565,7 @@ static TPM_RESULT execute_TPM_Seal(TPM_R
-   if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle)
-       || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth)
-       || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize)
--      || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)
-+      || (pcrInfoSize >0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo))
-       || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize)
-       || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize)
-       || len != 0) return TPM_BAD_PARAMETER;
-@@ -798,7 +798,7 @@ static TPM_RESULT execute_TPM_Sealx(TPM_
-   if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &keyHandle)
-       || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &encAuth)
-       || tpm_unmarshal_UINT32(&ptr, &len, &pcrInfoSize)
--      || tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo)
-+      || (pcrInfoSize > 0 && tpm_unmarshal_TPM_PCR_INFO(&ptr, &len, &pcrInfo))
-       || tpm_unmarshal_UINT32(&ptr, &len, &inDataSize)
-       || tpm_unmarshal_BLOB(&ptr, &len, &inData, inDataSize)
-       || len != 0) return TPM_BAD_PARAMETER;
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_credentials.c 
tpm_emulator/tpm/tpm_credentials.c
---- orig/tpm_emulator-0.4/tpm/tpm_credentials.c        2006-06-23 
19:37:07.000000000 +0900
-+++ tpm_emulator/tpm/tpm_credentials.c 2007-09-12 20:23:30.000000000 +0900
-@@ -47,20 +47,20 @@ int tpm_compute_pubkey_checksum(TPM_NONC
- 
- TPM_RESULT tpm_get_pubek(TPM_PUBKEY *pubEndorsementKey)
- {
--  UINT32 key_length;
-+  size_t key_length;
-   if (!tpmData.permanent.data.endorsementKey.size) return TPM_NO_ENDORSEMENT;
-   /* setup TPM_PUBKEY structure */
--  key_length = tpmData.permanent.data.endorsementKey.size;
--  pubEndorsementKey->pubKey.keyLength = key_length >> 3;
-+  pubEndorsementKey->pubKey.keyLength = 
tpmData.permanent.data.endorsementKey.size >> 3;
-   pubEndorsementKey->pubKey.key = 
tpm_malloc(pubEndorsementKey->pubKey.keyLength);
-   if (pubEndorsementKey->pubKey.key == NULL) return TPM_FAIL;
-   rsa_export_modulus(&tpmData.permanent.data.endorsementKey,
--    pubEndorsementKey->pubKey.key,
--    &pubEndorsementKey->pubKey.keyLength);
-+                   pubEndorsementKey->pubKey.key,
-+                   &key_length);
-+  pubEndorsementKey->pubKey.keyLength = key_length;
-   pubEndorsementKey->algorithmParms.algorithmID = TPM_ALG_RSA;
-   pubEndorsementKey->algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
-   pubEndorsementKey->algorithmParms.sigScheme = TPM_SS_NONE;
--  pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length;
-+  pubEndorsementKey->algorithmParms.parms.rsa.keyLength = key_length << 3;
-   pubEndorsementKey->algorithmParms.parms.rsa.numPrimes = 2;
-   pubEndorsementKey->algorithmParms.parms.rsa.exponentSize = 0;
-   pubEndorsementKey->algorithmParms.parms.rsa.exponent = NULL;
-@@ -175,6 +175,7 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_
- {
-   TPM_RESULT res;
-   TPM_KEY_DATA *srk = &tpmData.permanent.data.srk;
-+  size_t key_length;
-   info("TPM_OwnerReadInternalPub()");
-   /* verify authorization */
-   res = tpm_verify_auth(auth1, tpmData.permanent.data.ownerAuth, 
TPM_KH_OWNER);
-@@ -186,7 +187,8 @@ TPM_RESULT TPM_OwnerReadInternalPub(TPM_
-     publicPortion->pubKey.key = tpm_malloc(publicPortion->pubKey.keyLength);
-     if (publicPortion->pubKey.key == NULL) return TPM_FAIL;
-     rsa_export_modulus(&srk->key, publicPortion->pubKey.key, 
--      &publicPortion->pubKey.keyLength);
-+      &key_length);
-+    publicPortion->pubKey.keyLength = key_length;
-     publicPortion->algorithmParms.algorithmID = TPM_ALG_RSA;
-     publicPortion->algorithmParms.encScheme = srk->encScheme;
-     publicPortion->algorithmParms.sigScheme = srk->sigScheme;
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_crypto.c tpm_emulator/tpm/tpm_crypto.c
---- orig/tpm_emulator-0.4/tpm/tpm_crypto.c     2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_crypto.c      2006-07-24 14:35:35.000000000 -0700
-@@ -182,7 +182,8 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE
-   TPM_KEY_DATA *cert, *key;
-   sha1_ctx_t sha1_ctx;
-   BYTE *buf, *p;
--  UINT32 length;
-+  UINT32 length32;
-+  size_t length;
-   info("TPM_CertifyKey()");
-   /* get keys */
-   cert = tpm_get_key(certHandle);
-@@ -264,14 +265,15 @@ TPM_RESULT TPM_CertifyKey(TPM_KEY_HANDLE
-   /* compute the digest of the CERTIFY_INFO[2] structure and sign it */
-   length = sizeof_TPM_CERTIFY_INFO((*certifyInfo));
-   p = buf = tpm_malloc(length);
-+  length32=(UINT32) length;
-   if (buf == NULL
--      || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) {
-+      || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) {
-     free_TPM_KEY_PARMS(certifyInfo->algorithmParms);
-     return TPM_FAIL;
-   }
-   length = sizeof_TPM_CERTIFY_INFO((*certifyInfo));
-   sha1_init(&sha1_ctx);
--  sha1_update(&sha1_ctx, buf, length);
-+  sha1_update(&sha1_ctx, buf, (size_t) length);
-   sha1_final(&sha1_ctx, buf);
-   res = tpm_sign(cert, auth1, FALSE, buf, SHA1_DIGEST_LENGTH, outData, 
outDataSize);
-   tpm_free(buf);
-@@ -292,7 +294,8 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL
-   TPM_KEY_DATA *cert, *key;
-   sha1_ctx_t sha1_ctx;
-   BYTE *buf, *p;
--  UINT32 length;
-+  size_t length;
-+  UINT32 length32;
-   info("TPM_CertifyKey2()");
-   /* get keys */
-   cert = tpm_get_key(certHandle);
-@@ -362,8 +365,9 @@ TPM_RESULT TPM_CertifyKey2(TPM_KEY_HANDL
-   /* compute the digest of the CERTIFY_INFO[2] structure and sign it */
-   length = sizeof_TPM_CERTIFY_INFO((*certifyInfo));
-   p = buf = tpm_malloc(length);
-+  length32 = (UINT32) length;
-   if (buf == NULL
--      || tpm_marshal_TPM_CERTIFY_INFO(&p, &length, certifyInfo)) {
-+      || tpm_marshal_TPM_CERTIFY_INFO(&p, &length32, certifyInfo)) {
-     free_TPM_KEY_PARMS(certifyInfo->algorithmParms);
-     return TPM_FAIL;
-   }
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_daa.c tpm_emulator/tpm/tpm_daa.c
---- orig/tpm_emulator-0.4/tpm/tpm_daa.c        2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_daa.c 2006-07-24 14:35:35.000000000 -0700
-@@ -716,14 +716,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -805,14 +805,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -1489,14 +1489,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -1712,14 +1712,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -1793,14 +1793,14 @@ TPM_RESULT TPM_DAA_Join(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -2918,14 +2918,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -3143,7 +3143,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl
-         sha1_init(&sha1);
-         sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, 
-           sizeof(session->DAA_session.DAA_digest));
--        sha1_update(&sha1, "\x01", 1);
-+        sha1_update(&sha1, (BYTE *) "\x01", 1);
-         sha1_update(&sha1, inputData1, inputSize1);
-         sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest);
-       }
-@@ -3172,7 +3172,7 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl
-         sha1_init(&sha1);
-         sha1_update(&sha1, (BYTE*) &session->DAA_session.DAA_digest, 
-           sizeof(session->DAA_session.DAA_digest));
--        sha1_update(&sha1, "\x00", 1);
-+        sha1_update(&sha1, (BYTE*) "\x00", 1);
-         rsa_export_modulus(&aikData->key, scratch, &size);
-         sha1_update(&sha1, scratch, size);
-         sha1_final(&sha1, (BYTE*) &session->DAA_session.DAA_digest);
-@@ -3229,14 +3229,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-@@ -3309,14 +3309,14 @@ TPM_RESULT TPM_DAA_Sign(TPM_HANDLE handl
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x00", 1);
-+      sha1_update(&sha1, (BYTE *) "\x00", 1);
-       sha1_final(&sha1, scratch);
-       sha1_init(&sha1);
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_rekey, 
-           sizeof(session->DAA_tpmSpecific.DAA_rekey));
-       sha1_update(&sha1, (BYTE*) &session->DAA_tpmSpecific.DAA_count, 
-           sizeof(session->DAA_tpmSpecific.DAA_count));
--      sha1_update(&sha1, "\x01", 1);
-+      sha1_update(&sha1, (BYTE *) "\x01", 1);
-       sha1_final(&sha1, scratch + SHA1_DIGEST_LENGTH);
-       mpz_init(f), mpz_init(q);
-       mpz_import(f, 2 * SHA1_DIGEST_LENGTH, 1, 1, 0, 0, scratch);
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_data.c tpm_emulator/tpm/tpm_data.c
---- orig/tpm_emulator-0.4/tpm/tpm_data.c       2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_data.c        2006-07-24 14:35:35.000000000 -0700
-@@ -40,6 +40,7 @@ static inline void init_pcr_attr(int pcr
- void tpm_init_data(void)
- {
-   /* endorsement key */
-+#ifndef TPM_GENERATE_EK
-   uint8_t ek_n[] =  "\xa8\xdb\xa9\x42\xa8\xf3\xb8\x06\x85\x90\x76\x93\xad\xf7"
-     "\x74\xec\x3f\xd3\x3d\x9d\xe8\x2e\xff\x15\xed\x0e\xce\x5f\x93"
-     "\x92\xeb\xd1\x96\x2b\x72\x18\x81\x79\x12\x9d\x9c\x40\xd7\x1a"
-@@ -77,6 +78,8 @@ void tpm_init_data(void)
-     "\xd1\xc0\x8b\x5b\xa2\x2e\xa7\x15\xca\x50\x75\x10\x48\x9c\x2b"
-     "\x18\xb9\x67\x8f\x5d\x64\xc3\x28\x9f\x2f\x16\x2f\x08\xda\x47"
-     "\xec\x86\x43\x0c\x80\x99\x07\x34\x0f";
-+#endif
-+
-   int i;
-   /* reset all data to NULL, FALSE or 0 */
-   memset(&tpmData, 0, sizeof(tpmData));
-@@ -152,44 +155,43 @@ void tpm_release_data(void)
- 
- #ifdef TPM_STORE_TO_FILE
- 
--#include <linux/fs.h>
--#include <linux/unistd.h>
--#include <asm/uaccess.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#include <unistd.h>
- 
- #define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." 
STR(VERSION_MINOR) 
- 
- static int write_to_file(uint8_t *data, size_t data_length)
- {
-   int res;
--  struct file *fp;
--  mm_segment_t old_fs = get_fs();
--  fp = filp_open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | 
S_IWUSR);
--  if (IS_ERR(fp)) return -1;
--  set_fs(get_ds());
--  res = fp->f_op->write(fp, data, data_length, &fp->f_pos);
--  set_fs(old_fs);
--  filp_close(fp, NULL);
-+  int fp;
-+  fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | 
S_IWUSR);
-+  res = write(fp, data, data_length);
-+  close(fp);
-   return (res == data_length) ? 0 : -1;
- }
- 
- static int read_from_file(uint8_t **data, size_t *data_length)
- {
-   int res;
--  struct file *fp;
--  mm_segment_t old_fs = get_fs();
--  fp = filp_open(TPM_STORAGE_FILE, O_RDONLY, 0);
--  if (IS_ERR(fp)) return -1;
--  *data_length = (size_t)fp->f_dentry->d_inode->i_size;
--  /* *data_length = i_size_read(fp->f_dentry->d_inode); */
-+  int fp, file_status;
-+  struct stat file_info;
-+  fp = open(TPM_STORAGE_FILE, O_RDONLY, 0);
-+  file_status = fstat(fp, &file_info);
-+  if (file_status < 0) {
-+    close(fp);
-+    return -1;
-+  } 
-+
-+  *data_length = file_info.st_size; 
-   *data = tpm_malloc(*data_length);
-   if (*data == NULL) {
--    filp_close(fp, NULL);
-+    close(fp);
-     return -1;
-   }
--  set_fs(get_ds());
--  res = fp->f_op->read(fp, *data, *data_length, &fp->f_pos);
--  set_fs(old_fs);
--  filp_close(fp, NULL);
-+  res = read(fp, *data, *data_length);
-+  close(fp);
-   if (res != *data_length) {
-     tpm_free(*data);
-     return -1;
-@@ -216,23 +218,30 @@ static int read_from_file(uint8_t **data
- int tpm_store_permanent_data(void)
- {
-   uint8_t *buf, *ptr;
--  size_t buf_length, len;
-+  UINT32 buf_length, len;
- 
-   /* marshal data */
--  buf_length = len = sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags)
--    + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) + 2
--    + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data);
-+  buf_length = len = 4 + sizeof_TPM_STCLEAR_FLAGS(tpmData.stclear.flags)
-+    + sizeof_TPM_PERMANENT_FLAGS(tpmData.permanent.flags) 
-+    + sizeof_TPM_STANY_FLAGS(tpmData.stany.flags) + 2
-+    + sizeof_TPM_STCLEAR_DATA(tpmData.stclear.data) 
-+    + sizeof_TPM_PERMANENT_DATA(tpmData.permanent.data)
-+    + sizeof_TPM_STANY_DATA(tpmData.stany.data);
-   buf = ptr = tpm_malloc(buf_length);
-   if (buf == NULL
-       || tpm_marshal_TPM_VERSION(&ptr, &len, &tpmData.permanent.data.version)
-       || tpm_marshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags)
-       || tpm_marshal_TPM_PERMANENT_FLAGS(&ptr, &len, &tpmData.permanent.flags)
-+      || tpm_marshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags)
-       || tpm_marshal_BOOL(&ptr, &len, 
tpmData.permanent.flags.selfTestSucceeded)
-       || tpm_marshal_BOOL(&ptr, &len, tpmData.permanent.flags.owned)
--      || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)) 
{
-+      || tpm_marshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data)
-+      || tpm_marshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)
-+      || tpm_marshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) {
-     tpm_free(buf);
-     return -1;
-   }
-+
-   if (write_to_file(buf, buf_length - len)) {
-     tpm_free(buf);
-     return -1; 
-@@ -244,31 +253,36 @@ int tpm_store_permanent_data(void)
- int tpm_restore_permanent_data(void)
- {
-   uint8_t *buf, *ptr;
--  size_t buf_length, len;
-+  size_t buf_length;
-+  UINT32 len;
-   TPM_VERSION ver;
- 
-   /* read data */
-   if (read_from_file(&buf, &buf_length)) return -1;
-   ptr = buf;
--  len = buf_length;
-+  len = (uint32_t) buf_length;
-   /* unmarshal data */
-   if (tpm_unmarshal_TPM_VERSION(&ptr, &len, &ver)
-       || memcmp(&ver, &tpmData.permanent.data.version, sizeof(TPM_VERSION))
-       || tpm_unmarshal_TPM_STCLEAR_FLAGS(&ptr, &len, &tpmData.stclear.flags)
-       || tpm_unmarshal_TPM_PERMANENT_FLAGS(&ptr, &len, 
&tpmData.permanent.flags)
-+      || tpm_unmarshal_TPM_STANY_FLAGS(&ptr, &len, &tpmData.stany.flags)
-       || tpm_unmarshal_BOOL(&ptr, &len, 
&tpmData.permanent.flags.selfTestSucceeded)
-       || tpm_unmarshal_BOOL(&ptr, &len, &tpmData.permanent.flags.owned)
--      || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, 
&tpmData.permanent.data)) {
-+      || tpm_unmarshal_TPM_STCLEAR_DATA(&ptr, &len, &tpmData.stclear.data)
-+      || tpm_unmarshal_TPM_PERMANENT_DATA(&ptr, &len, &tpmData.permanent.data)
-+      || tpm_unmarshal_TPM_STANY_DATA(&ptr, &len, &tpmData.stany.data)) {
-     tpm_free(buf);
-     return -1;
-   }
-+
-   tpm_free(buf);
-   return 0;
- }
- 
- int tpm_erase_permanent_data(void)
- {
--  int res = write_to_file("", 0);
-+  int res = write_to_file((uint8_t *) "", 0);
-   return res;
- }
- 
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_deprecated.c 
tpm_emulator/tpm/tpm_deprecated.c
---- orig/tpm_emulator-0.4/tpm/tpm_deprecated.c 2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_deprecated.c  2006-07-24 14:35:35.000000000 -0700
-@@ -1,6 +1,7 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-  *                    Swiss Federal Institute of Technology (ETH) Zurich
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -50,7 +51,7 @@ TPM_RESULT TPM_SaveKeyContext(TPM_KEY_HA
-   BYTE *ptr;
-   UINT32 len;
-   info("TPM_SaveKeyContext()");
--  res = TPM_SaveContext(keyHandle, TPM_RT_KEY, "SaveKeyContext..", 
-+  res = TPM_SaveContext(keyHandle, TPM_RT_KEY, (BYTE*)"SaveKeyContext..", 
-                         keyContextSize, &contextBlob);
-   if (res != TPM_SUCCESS) return res;
-   len = *keyContextSize;
-@@ -82,7 +83,7 @@ TPM_RESULT TPM_SaveAuthContext(TPM_AUTHH
-   BYTE *ptr;
-   UINT32 len;
-   info("TPM_SaveAuthContext()");
--  res = TPM_SaveContext(authHandle, TPM_RT_KEY, "SaveAuthContext.", 
-+  res = TPM_SaveContext(authHandle, TPM_RT_KEY, (BYTE*)"SaveAuthContext.", 
-                         authContextSize, &contextBlob);
-   if (res != TPM_SUCCESS) return res;
-   len = *authContextSize;
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_emulator.h 
tpm_emulator/tpm/tpm_emulator.h
---- orig/tpm_emulator-0.4/tpm/tpm_emulator.h   2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_emulator.h    2006-07-24 14:35:35.000000000 -0700
-@@ -1,5 +1,6 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -22,7 +23,8 @@
- /* TPM configuration */
- #define TPM_STORE_TO_FILE       1
- #undef  TPM_STRONG_PERSISTENCE
--#undef  TPM_GENERATE_EK
-+//#undef  TPM_GENERATE_EK
-+#define  TPM_GENERATE_EK
- #undef  TPM_GENERATE_SEED_DAA
- 
- #define TPM_MANUFACTURER 0x4554485A /* 'ETHZ' */        
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.c 
tpm_emulator/tpm/tpm_marshalling.c
---- orig/tpm_emulator-0.4/tpm/tpm_marshalling.c        2006-06-23 
03:37:07.000000000 -0700
-+++ tpm_emulator/tpm/tpm_marshalling.c 2006-07-24 14:35:35.000000000 -0700
-@@ -1312,7 +1312,7 @@ int tpm_unmarshal_TPM_STANY_FLAGS(BYTE *
- 
- int tpm_marshal_RSA(BYTE **ptr, UINT32 *length, rsa_private_key_t *v)
- {
--  UINT32 m_len, e_len, q_len;
-+  size_t m_len, e_len, q_len;
-   if (*length < sizeof_RSA((*v))) return -1;
-   if (v->size > 0) {
-     rsa_export_modulus(v, &(*ptr)[6], &m_len);
-@@ -1460,6 +1460,66 @@ int tpm_unmarshal_TPM_PERMANENT_DATA(BYT
-   return 0;
- }
- 
-+int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA 
*v)
-+{
-+  if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag)
-+    || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceKey)
-+    || tpm_marshal_TPM_COUNT_ID(ptr, length, v->countID) ) return -1;
-+
-+  return 0;
-+}
-+
-+int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, 
TPM_STCLEAR_DATA *v)
-+{
-+  if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag)
-+    || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceKey)
-+    || tpm_unmarshal_TPM_COUNT_ID(ptr, length, &v->countID) ) return -1;
-+
-+  return 0;
-+}
-+
-+int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v)
-+{
-+  UINT32 i;
-+  if (tpm_marshal_TPM_STRUCTURE_TAG(ptr, length, v->tag)
-+    || tpm_marshal_TPM_NONCE(ptr, length, &v->contextNonceSession)
-+    || tpm_marshal_TPM_DIGEST(ptr, length, &v->auditDigest)
-+    || tpm_marshal_BOOL(ptr, length, v->auditSession)
-+    || tpm_marshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks)
-+    || tpm_marshal_UINT32(ptr, length, v->contextCount)
-+    || tpm_marshal_UINT32_ARRAY(ptr, length, v->contextList, 
TPM_MAX_SESSION_LIST)) return -1;
-+  for (i = 0; i < TPM_MAX_SESSIONS; i++) {
-+    if (tpm_marshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return -1;
-+  }
-+  for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) {
-+    if (tpm_marshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) 
return -1;
-+  }
-+  if (tpm_marshal_TPM_TRANSHANDLE(ptr, length, v->transExclusive)) return -1;
-+
-+  return 0;
-+}
-+
-+int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA 
*v)
-+{
-+  UINT32 i;
-+  if (tpm_unmarshal_TPM_STRUCTURE_TAG(ptr, length, &v->tag)
-+    || tpm_unmarshal_TPM_NONCE(ptr, length, &v->contextNonceSession)
-+    || tpm_unmarshal_TPM_DIGEST(ptr, length, &v->auditDigest)
-+    || tpm_unmarshal_BOOL(ptr, length, &v->auditSession)
-+    || tpm_unmarshal_TPM_CURRENT_TICKS(ptr, length, &v->currentTicks)
-+    || tpm_unmarshal_UINT32(ptr, length, &v->contextCount)
-+    || tpm_unmarshal_UINT32_ARRAY(ptr, length, v->contextList, 
TPM_MAX_SESSION_LIST)) return -1;
-+  for (i = 0; i < TPM_MAX_SESSIONS; i++) {
-+    if (tpm_unmarshal_TPM_SESSION_DATA(ptr, length, &v->sessions[i])) return 
-1;
-+  }
-+  for (i = 0; i < TPM_MAX_SESSIONS_DAA; i++) {
-+    if (tpm_unmarshal_TPM_DAA_SESSION_DATA(ptr, length, &v->sessionsDAA[i])) 
return -1;
-+  }
-+  if (tpm_unmarshal_TPM_TRANSHANDLE(ptr, length, &v->transExclusive)) return 
-1;
-+
-+  return 0;
-+}
-+
- int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA 
*v)
- {
-   if (tpm_marshal_BYTE(ptr, length, v->type)
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_marshalling.h 
tpm_emulator/tpm/tpm_marshalling.h
---- orig/tpm_emulator-0.4/tpm/tpm_marshalling.h        2006-06-23 
03:37:07.000000000 -0700
-+++ tpm_emulator/tpm/tpm_marshalling.h 2006-07-24 14:35:35.000000000 -0700
-@@ -432,6 +432,12 @@ int tpm_unmarshal_TPM_KEY_DATA(BYTE **pt
- int tpm_marshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, 
TPM_PERMANENT_DATA *);
- int tpm_unmarshal_TPM_PERMANENT_DATA(BYTE **ptr, UINT32 *length, 
TPM_PERMANENT_DATA *);
- 
-+int tpm_marshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, TPM_STCLEAR_DATA 
*v);
-+int tpm_unmarshal_TPM_STCLEAR_DATA(BYTE **ptr, UINT32 *length, 
TPM_STCLEAR_DATA *v);
-+
-+int tpm_marshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA *v);
-+int tpm_unmarshal_TPM_STANY_DATA(BYTE **ptr, UINT32 *length, TPM_STANY_DATA 
*v);
-+
- int tpm_marshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, TPM_SESSION_DATA 
*v);
- int tpm_unmarshal_TPM_SESSION_DATA(BYTE **ptr, UINT32 *length, 
TPM_SESSION_DATA *v);
- 
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_owner.c tpm_emulator/tpm/tpm_owner.c
---- orig/tpm_emulator-0.4/tpm/tpm_owner.c      2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_owner.c       2006-07-24 14:35:35.000000000 -0700
-@@ -108,7 +108,7 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO
-   TPM_RESULT res;
-   rsa_private_key_t *ek = &tpmData.permanent.data.endorsementKey;
-   TPM_KEY_DATA *srk = &tpmData.permanent.data.srk;
--  UINT32 buf_size = ek->size >> 3;
-+  size_t buf_size = ek->size >> 3, key_length; 
-   BYTE buf[buf_size];
- 
-   info("TPM_TakeOwnership()");
-@@ -173,7 +173,8 @@ TPM_RESULT TPM_TakeOwnership(TPM_PROTOCO
-     return TPM_FAIL;
-   }
-   rsa_export_modulus(&srk->key, srkPub->pubKey.key,
--    &srkPub->pubKey.keyLength);
-+                   &key_length);
-+  srkPub->pubKey.keyLength = (UINT32) key_length;
-   /* setup tpmProof and set state to owned */
-   tpm_get_random_bytes(tpmData.permanent.data.tpmProof.nonce, 
-     sizeof(tpmData.permanent.data.tpmProof.nonce));
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_startup.c 
tpm_emulator/tpm/tpm_startup.c
---- orig/tpm_emulator-0.4/tpm/tpm_startup.c    2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_startup.c     2006-07-24 14:35:35.000000000 -0700
-@@ -41,26 +41,29 @@ void TPM_Init(TPM_STARTUP_TYPE startupTy
- TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE startupType)
- {
-   int i;
-+  int restore_fail;
-   info("TPM_Startup(%d)", startupType);
-   if (tpmData.stany.flags.postInitialise == FALSE) return 
TPM_INVALID_POSTINIT;
--  /* reset STANY_FLAGS */
--  SET_TO_ZERO(&tpmData.stany.flags);
--  tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS;
--  /* reset STANY_DATA (invalidates ALL sessions) */
--  SET_TO_ZERO(&tpmData.stany.data);
--  tpmData.stany.data.tag = TPM_TAG_STANY_DATA;
--  /* init session-context nonce */
--  SET_TO_RAND(&tpmData.stany.data.contextNonceSession);
-+
-+  /* try and restore state to get EK, SRK, etc */
-+  restore_fail = tpm_restore_permanent_data();
-+
-   /* set data and flags according to the given startup type */
-   if (startupType == TPM_ST_CLEAR) {
--    /* if available, restore permanent data */
--    tpm_restore_permanent_data();
-+    /* reset STANY_FLAGS */
-+    SET_TO_ZERO(&tpmData.stany.flags);
-+    tpmData.stany.flags.tag = TPM_TAG_STANY_FLAGS;
-+    /* reset STANY_DATA (invalidates ALL sessions) */
-+    SET_TO_ZERO(&tpmData.stany.data);
-+    tpmData.stany.data.tag = TPM_TAG_STANY_DATA;
-+    /* init session-context nonce */
-+    SET_TO_RAND(&tpmData.stany.data.contextNonceSession);
-     /* reset PCR values */
-     for (i = 0; i < TPM_NUM_PCR; i++) {
--      if (tpmData.permanent.data.pcrAttrib[i].pcrReset)
--        SET_TO_ZERO(tpmData.permanent.data.pcrValue[i].digest);
-+      if (!tpmData.permanent.data.pcrAttrib[i].pcrReset)
-+        SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest);
-       else
--        SET_TO_0xFF(tpmData.permanent.data.pcrValue[i].digest);
-+        SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest);
-     }
-     /* reset STCLEAR_FLAGS */
-     SET_TO_ZERO(&tpmData.stclear.flags);
-@@ -79,7 +82,8 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE 
-     /* init key-context nonce */
-     SET_TO_RAND(&tpmData.stclear.data.contextNonceKey);
-   } else if (startupType == TPM_ST_STATE) {
--    if (tpm_restore_permanent_data()) {
-+    /* restore must have been successful for TPM_ST_STATE */
-+    if (restore_fail) {
-       error("restoring permanent data failed");
-       tpmData.permanent.data.testResult = "tpm_restore_permanent_data() 
failed";
-       tpmData.permanent.flags.selfTestSucceeded = FALSE;
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_storage.c 
tpm_emulator/tpm/tpm_storage.c
---- orig/tpm_emulator-0.4/tpm/tpm_storage.c    2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_storage.c     2006-07-24 14:35:35.000000000 -0700
-@@ -58,6 +58,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke
-                         BYTE *enc, UINT32 *enc_size)
- {
-   UINT32 len;
-+  size_t enc_size32 = *enc_size;
-   BYTE *buf, *ptr;
-   rsa_public_key_t pub_key;
-   int scheme;
-@@ -72,7 +73,7 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke
-   if (buf == NULL
-       || tpm_marshal_TPM_SEALED_DATA(&ptr, &len, seal)
-       || rsa_encrypt(&pub_key, scheme, buf, sizeof_TPM_SEALED_DATA((*seal)),
--                     enc, enc_size)) {
-+                     enc, &enc_size32)) {
-     tpm_free(buf);
-     rsa_release_public_key(&pub_key);
-     return -1;
-@@ -85,7 +86,8 @@ int encrypt_sealed_data(TPM_KEY_DATA *ke
- int decrypt_sealed_data(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size,
-                         TPM_SEALED_DATA *seal, BYTE **buf) 
- {
--  UINT32 len;
-+  size_t len;
-+  UINT32 len32;
-   BYTE *ptr;
-   int scheme;
-   switch (key->encScheme) {
-@@ -96,8 +98,12 @@ int decrypt_sealed_data(TPM_KEY_DATA *ke
-   len = enc_size;
-   *buf = ptr = tpm_malloc(len);
-   if (*buf == NULL
--      || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len)
--      || tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len, seal)) {
-+      || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ){
-+    tpm_free(*buf);
-+    return -1;
-+  }
-+  len32 = len;
-+  if (tpm_unmarshal_TPM_SEALED_DATA(&ptr, &len32, seal)) {
-     tpm_free(*buf);
-     return -1;
-   }
-@@ -240,11 +246,12 @@ TPM_RESULT TPM_Unseal(TPM_KEY_HANDLE par
- 
- TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE keyHandle, UINT32 inDataSize,
-                       BYTE *inData, TPM_AUTH *auth1, 
--                      UINT32 *outDataSize, BYTE **outData)
-+                      UINT32 *outDataSize32, BYTE **outData)
- {
-   TPM_RESULT res;
-   TPM_KEY_DATA *key;
-   int scheme;
-+  size_t outDataSize;
-   
-   info("TPM_UnBind()");
-   /* get key */
-@@ -262,8 +269,8 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key
-   /* the size of the input data muss be greater than zero */
-   if (inDataSize == 0) return TPM_BAD_PARAMETER;
-   /* decrypt data */
--  *outDataSize = inDataSize;
--  *outData = tpm_malloc(*outDataSize);
-+  outDataSize = inDataSize;
-+  *outData = tpm_malloc(outDataSize);
-   if (*outData == NULL) return TPM_NOSPACE;
-   switch (key->encScheme) {
-     case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break;
-@@ -271,20 +278,21 @@ TPM_RESULT TPM_UnBind(TPM_KEY_HANDLE key
-     default: tpm_free(*outData); return TPM_DECRYPT_ERROR;
-   }
-   if (rsa_decrypt(&key->key, scheme, inData, inDataSize, 
--      *outData, outDataSize)) {
-+      *outData, &outDataSize)) {
-     tpm_free(*outData);
-     return TPM_DECRYPT_ERROR;
-   }
-   /* verify data if it is of type TPM_BOUND_DATA */
-   if (key->encScheme == TPM_ES_RSAESOAEP_SHA1_MGF1 
-       || key->keyUsage != TPM_KEY_LEGACY) {
--    if (*outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) {
-+    if (outDataSize < 5 || memcmp(*outData, "\x01\x01\00\x00\x02", 5) != 0) {
-       tpm_free(*outData);
-       return TPM_DECRYPT_ERROR;
-     }
--    *outDataSize -= 5;
--    memmove(*outData, &(*outData)[5], *outDataSize);
-+    outDataSize -= 5;
-+    memmove(*outData, &(*outData)[5], outDataSize);
-   }
-+  *outDataSize32 = (UINT32) outDataSize;
-   return TPM_SUCCESS;
- }
- 
-@@ -334,12 +342,13 @@ int compute_pubkey_digest(TPM_PUBKEY *ke
- }
- 
- int encrypt_private_key(TPM_KEY_DATA *key, TPM_STORE_ASYMKEY *store,
--                        BYTE *enc, UINT32 *enc_size)
-+                        BYTE *enc, UINT32 *enc_size32)
- {
-   UINT32 len;
-   BYTE *buf, *ptr;
-   rsa_public_key_t pub_key;
-   int scheme;
-+  size_t enc_size;
-   switch (key->encScheme) {
-     case TPM_ES_RSAESOAEP_SHA1_MGF1: scheme = RSA_ES_OAEP_SHA1; break;
-     case TPM_ES_RSAESPKCSv15: scheme = RSA_ES_PKCSV15; break;
-@@ -351,11 +360,12 @@ int encrypt_private_key(TPM_KEY_DATA *ke
-   if (buf == NULL
-       || tpm_marshal_TPM_STORE_ASYMKEY(&ptr, &len, store)
-       || rsa_encrypt(&pub_key, scheme, buf, 
sizeof_TPM_STORE_ASYMKEY((*store)),
--                     enc, enc_size)) {
-+                     enc, &enc_size)) {
-     tpm_free(buf);
-     rsa_release_public_key(&pub_key);
-     return -1;
-   }
-+  *enc_size32 = (UINT32) enc_size;
-   tpm_free(buf);
-   rsa_release_public_key(&pub_key);
-   return 0;
-@@ -364,7 +374,8 @@ int encrypt_private_key(TPM_KEY_DATA *ke
- int decrypt_private_key(TPM_KEY_DATA *key, BYTE *enc, UINT32 enc_size, 
-                         TPM_STORE_ASYMKEY *store, BYTE **buf) 
- {
--  UINT32 len;
-+  UINT32 len32;
-+  size_t len;
-   BYTE *ptr;
-   int scheme;
-   switch (key->encScheme) {
-@@ -375,8 +386,12 @@ int decrypt_private_key(TPM_KEY_DATA *ke
-   len = enc_size;
-   *buf = ptr = tpm_malloc(len);
-   if (*buf == NULL
--      || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len)
--      || tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len, store)) {
-+      || rsa_decrypt(&key->key, scheme, enc, enc_size, *buf, &len) ) {
-+    tpm_free(*buf);
-+    return -1;
-+  }
-+  len32 = (UINT32) len;
-+  if (tpm_unmarshal_TPM_STORE_ASYMKEY(&ptr, &len32, store)) {  
-     tpm_free(*buf);
-     return -1;
-   }
-@@ -394,7 +409,7 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN
-   TPM_SESSION_DATA *session;
-   TPM_STORE_ASYMKEY store;
-   rsa_private_key_t rsa;
--  UINT32 key_length;
-+  size_t key_length;
- 
-   info("TPM_CreateWrapKey()");
-   /* get parent key */
-@@ -450,11 +465,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN
-     }
-   }
-   /* generate key and store it */
--  key_length = keyInfo->algorithmParms.parms.rsa.keyLength;
--  if (rsa_generate_key(&rsa, key_length)) return TPM_FAIL;
--  wrappedKey->pubKey.keyLength = key_length >> 3;
-+  if (rsa_generate_key(&rsa, keyInfo->algorithmParms.parms.rsa.keyLength)) 
-+    return TPM_FAIL;
-+  wrappedKey->pubKey.keyLength = keyInfo->algorithmParms.parms.rsa.keyLength 
>> 3;
-   wrappedKey->pubKey.key = tpm_malloc(wrappedKey->pubKey.keyLength);
--  store.privKey.keyLength = key_length >> 4;
-+  store.privKey.keyLength = keyInfo->algorithmParms.parms.rsa.keyLength >> 4;
-   store.privKey.key = tpm_malloc(store.privKey.keyLength);
-   wrappedKey->encDataSize = parent->key.size >> 3;
-   wrappedKey->encData = tpm_malloc(wrappedKey->encDataSize);
-@@ -466,9 +481,11 @@ TPM_RESULT TPM_CreateWrapKey(TPM_KEY_HAN
-     tpm_free(wrappedKey->encData);
-     return TPM_NOSPACE;
-   }
--  rsa_export_modulus(&rsa, wrappedKey->pubKey.key, 
--    &wrappedKey->pubKey.keyLength);
--  rsa_export_prime1(&rsa, store.privKey.key, &store.privKey.keyLength);
-+  rsa_export_modulus(&rsa, wrappedKey->pubKey.key,
-+                   &key_length);
-+  wrappedKey->pubKey.keyLength = (UINT32) key_length;
-+  rsa_export_prime1(&rsa, store.privKey.key, &key_length);
-+  store.privKey.keyLength = (UINT32) key_length;
-   rsa_release_private_key(&rsa);
-   /* compute the digest of the wrapped key (without encData) */
-   if (compute_key_digest(wrappedKey, &store.pubDataDigest)) {
-@@ -602,6 +619,7 @@ TPM_RESULT TPM_LoadKey2(TPM_KEY_HANDLE p
- 
- int tpm_setup_key_parms(TPM_KEY_DATA *key, TPM_KEY_PARMS *parms)
- {
-+  size_t key_length;
-   parms->algorithmID = TPM_ALG_RSA;
-   parms->encScheme = key->encScheme;
-   parms->sigScheme = key->sigScheme;
-@@ -611,7 +629,8 @@ int tpm_setup_key_parms(TPM_KEY_DATA *ke
-   parms->parms.rsa.exponent = tpm_malloc(parms->parms.rsa.exponentSize);
-   if (parms->parms.rsa.exponent == NULL) return -1;
-   rsa_export_exponent(&key->key, parms->parms.rsa.exponent,
--    &parms->parms.rsa.exponentSize);
-+    &key_length);
-+  parms->parms.rsa.exponentSize = (UINT32) key_length;
-   parms->parmSize = 12 + parms->parms.rsa.exponentSize;
-   return 0;
- }
-@@ -622,6 +641,7 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE 
-   TPM_RESULT res;
-   TPM_KEY_DATA *key;
-   TPM_DIGEST digest;
-+  size_t key_length;
-   info("TPM_GetPubKey()");
-   /* get key */
-   if (keyHandle == TPM_KH_SRK
-@@ -650,8 +670,8 @@ TPM_RESULT TPM_GetPubKey(TPM_KEY_HANDLE 
-   pubKey->pubKey.keyLength = key->key.size >> 3;
-   pubKey->pubKey.key = tpm_malloc(pubKey->pubKey.keyLength);
-   if (pubKey->pubKey.key == NULL) return TPM_NOSPACE;
--  rsa_export_modulus(&key->key, pubKey->pubKey.key, 
--    &pubKey->pubKey.keyLength);
-+  rsa_export_modulus(&key->key, pubKey->pubKey.key, &key_length);
-+  pubKey->pubKey.keyLength = (UINT32) key_length;
-   if (tpm_setup_key_parms(key, &pubKey->algorithmParms) != 0) {
-     error("TPM_GetPubKey(): tpm_setup_key_parms() failed.");
-     tpm_free(pubKey->pubKey.key);
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_structures.h 
tpm_emulator/tpm/tpm_structures.h
---- orig/tpm_emulator-0.4/tpm/tpm_structures.h 2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_structures.h  2006-07-24 14:35:35.000000000 -0700
-@@ -1958,6 +1958,7 @@ typedef struct tdTPM_DAA_ISSUER {
-   TPM_DIGEST DAA_digest_gamma;
-   BYTE DAA_generic_q[26];
- } TPM_DAA_ISSUER;
-+#define sizeof_TPM_DAA_ISSUER(s) (2 + (20 * 6) + 26 )
- 
- /*
-  * TPM_DAA_TPM ([TPM_Part2], Section 22.4)
-@@ -1973,6 +1974,7 @@ typedef struct tdTPM_DAA_TPM {
-   TPM_DIGEST DAA_rekey;
-   UINT32 DAA_count;
- } TPM_DAA_TPM;
-+#define sizeof_TPM_DAA_TPM(s) (2 + (4 * 20) + 4)
- 
- /*
-  * TPM_DAA_CONTEXT ([TPM_Part2], Section 22.5)
-@@ -1987,6 +1989,7 @@ typedef struct tdTPM_DAA_CONTEXT {
-   BYTE DAA_scratch[256];
-   BYTE DAA_stage;
- } TPM_DAA_CONTEXT;
-+#define sizeof_TPM_DAA_CONTEXT(s) (2 + (3 * 20) + 256 + 1)
- 
- /*
-  * TPM_DAA_JOINDATA ([TPM_Part2], Section 22.6)
-@@ -1998,6 +2001,7 @@ typedef struct tdTPM_DAA_JOINDATA {
-   BYTE DAA_join_u1[138];
-   TPM_DIGEST DAA_digest_n0;
- } TPM_DAA_JOINDATA;
-+#define sizeof_TPM_DAA_JOINDATA(s) (1 + 1 + 20)
- 
- /*
-  * TPM_DAA_BLOB ([TPM_Part2], Section 22.8)
-@@ -2202,6 +2206,7 @@ typedef struct tdTPM_STCLEAR_DATA {
-   //UINT32 ownerReference;
-   //BOOL disableResetLock;
- } TPM_STCLEAR_DATA;
-+#define sizeof_TPM_STCLEAR_DATA(s) (2 + 20 + 4)
- 
- /*
-  * TPM_SESSION_DATA
-@@ -2238,6 +2243,11 @@ typedef struct tdTPM_DAA_SESSION_DATA {
-   TPM_DAA_JOINDATA DAA_joinSession;
-   TPM_HANDLE handle;
- } TPM_DAA_SESSION_DATA;
-+#define sizeof_TPM_DAA_SESSION_DATA(s) ( 1 \
-+  + sizeof_TPM_DAA_ISSUER(s.DAA_issuerSettings) \
-+  + sizeof_TPM_DAA_TPM(s.DAA_tpmSpecific) \
-+  + sizeof_TPM_DAA_CONTEXT(s.DAA_session) \
-+  + sizeof_TPM_DAA_JOINDATA(s.DAA_joinSession) + 4)
- 
- /*
-  * TPM_STANY_DATA ([TPM_Part2], Section 7.6)
-@@ -2262,6 +2272,11 @@ typedef struct tdTPM_STANY_DATA {
-   TPM_DAAHANDLE currentDAA;
-   TPM_TRANSHANDLE transExclusive;
- } TPM_STANY_DATA;
-+#define sizeof_TPM_STANY_DATA(s) (2 + 20 + 20 + 1 \
-+  + sizeof_TPM_CURRENT_TICKS(s.currentTicks) \
-+  + 4 + (4 * TPM_MAX_SESSION_LIST) \
-+  + (sizeof_TPM_SESSION_DATA(s.sessions[0]) * TPM_MAX_SESSION_LIST) \
-+  + (sizeof_TPM_DAA_SESSION_DATA(s.sessionsDAA[0]) * TPM_MAX_SESSIONS_DAA) + 
4)
- 
- /*
-  * TPM_DATA
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_testing.c 
tpm_emulator/tpm/tpm_testing.c
---- orig/tpm_emulator-0.4/tpm/tpm_testing.c    2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_testing.c     2006-07-24 14:35:35.000000000 -0700
-@@ -1,6 +1,7 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-  *                    Swiss Federal Institute of Technology (ETH) Zurich
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -95,24 +96,24 @@ static int tpm_test_sha1(void)
-   struct {
-     uint8_t *data; uint32_t repetitions; uint8_t *digest;
-   } test_cases[] =  {{
--    "abc", 1,
--    
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"
-+      (uint8_t*)"abc", 1,
-+    
(uint8_t*)"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"
-   }, {
--    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
--    
"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1"
-+    (uint8_t*)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1,
-+    
(uint8_t*)"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1"
-   }, {
--    "a", 1000000,
--    
"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"
-+    (uint8_t*)"a", 1000000,
-+    
(uint8_t*)"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"
-   }, {
--    "0123456701234567012345670123456701234567012345670123456701234567", 10,
--    
"\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52"
-+    
(uint8_t*)"0123456701234567012345670123456701234567012345670123456701234567", 
10,
-+    
(uint8_t*)"\xDE\xA3\x56\xA2\xCD\xDD\x90\xC7\xA7\xEC\xED\xC5\xEB\xB5\x63\x93\x4F\x46\x04\x52"
-   }};
- 
-   debug("tpm_test_sha1()");
-   for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
-     sha1_init(&ctx);
-     for (j = 0; j < test_cases[i].repetitions; j++)
--      sha1_update(&ctx, test_cases[i].data, strlen(test_cases[i].data));
-+      sha1_update(&ctx, test_cases[i].data, 
strlen((char*)test_cases[i].data));
-     sha1_final(&ctx, digest);
-     if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return 
-1;
-   }
-@@ -128,41 +129,41 @@ static int tpm_test_hmac(void)
-   struct {
-     uint8_t *key, key_len, *data, data_len, *digest;
-   } test_cases[] = {{
--    "\x0b", 20, "Hi There", 8,
--    
"\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00"
-+    (uint8_t*)"\x0b", 20, (uint8_t*)"Hi There", 8,
-+    
(uint8_t*)"\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00"
-   }, {
--    "Jefe", 4, "what do ya want for nothing?", 28,
--    
"\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79"
-+    (uint8_t*)"Jefe", 4, (uint8_t*)"what do ya want for nothing?", 28,
-+    
(uint8_t*)"\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79"
-   }, {
--    "\xaa", 20, "\xdd", 50,
--    
"\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3"
-+    (uint8_t*)"\xaa", 20, (uint8_t*)"\xdd", 50,
-+    
(uint8_t*)"\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3"
-   }, {
--    
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
--    "\x15\x16\x17\x18\x19", 25, "\xcd", 50,
--    
"\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda"
-+    
(uint8_t*)"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14"
-+    "\x15\x16\x17\x18\x19", 25, (uint8_t*)"\xcd", 50,
-+    
(uint8_t*)"\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda"
-   }, {
--    "\x0c", 20, "Test With Truncation", 20,
--    
"\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04"
-+    (uint8_t*)"\x0c", 20, (uint8_t*)"Test With Truncation", 20,
-+    
(uint8_t*)"\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04"
-   }, {
--    "\xaa", 80, "Test Using Larger Than Block-Size Key - Hash Key First", 54,
--    
"\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12"
-+    (uint8_t*)"\xaa", 80, (uint8_t*)"Test Using Larger Than Block-Size Key - 
Hash Key First", 54,
-+    
(uint8_t*)"\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12"
-   }, {
--    "\xaa", 80,
--    "Test Using Larger Than Block-Size Key and Larger Than One Block-Size 
Data", 73,
--    
"\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91"
-+    (uint8_t*)"\xaa", 80,
-+    (uint8_t*)"Test Using Larger Than Block-Size Key and Larger Than One 
Block-Size Data", 73,
-+    
(uint8_t*)"\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91"
-   }};
- 
-   debug("tpm_test_hmac()");
-   for (i = 0; i < sizeof(test_cases) / sizeof(test_cases[0]); i++) {
--    if (strlen(test_cases[i].key) < test_cases[i].key_len) {
-+    if (strlen((char*)test_cases[i].key) < test_cases[i].key_len) {
-       uint8_t key[test_cases[i].key_len];
-       memset(key, test_cases[i].key[0], test_cases[i].key_len);
-       hmac_init(&ctx, key, test_cases[i].key_len);
-     } else {
-       hmac_init(&ctx, test_cases[i].key, test_cases[i].key_len);
-     }
--    for (j = 0; j < test_cases[i].data_len; j += strlen(test_cases[i].data)) {
--      hmac_update(&ctx, test_cases[i].data, strlen(test_cases[i].data));
-+    for (j = 0; j < test_cases[i].data_len; j += 
strlen((char*)test_cases[i].data)) {
-+      hmac_update(&ctx, test_cases[i].data, 
strlen((char*)test_cases[i].data));
-     }
-     hmac_final(&ctx, digest);
-     if (memcmp(digest, test_cases[i].digest, SHA1_DIGEST_LENGTH) != 0) return 
-1;
-@@ -173,9 +174,9 @@ static int tpm_test_hmac(void)
- static int tpm_test_rsa_EK(void)
- {
-   int res = 0;
--  char *data = "RSA PKCS #1 v1.5 Test-String";
-+  uint8_t *data = (uint8_t*)"RSA PKCS #1 v1.5 Test-String";
-   uint8_t buf[256];
--  size_t buf_len, data_len = strlen(data);
-+  size_t buf_len, data_len = strlen((char*)data);
-   rsa_private_key_t priv_key;
-   rsa_public_key_t pub_key;
- 
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_ticks.c tpm_emulator/tpm/tpm_ticks.c
---- orig/tpm_emulator-0.4/tpm/tpm_ticks.c      2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_ticks.c       2006-07-24 14:35:35.000000000 -0700
-@@ -1,6 +1,7 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-  *                    Swiss Federal Institute of Technology (ETH) Zurich
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -39,9 +40,7 @@ TPM_RESULT TPM_SetTickType(TPM_TICKTYPE 
- TPM_RESULT TPM_GetTicks(TPM_CURRENT_TICKS *currentTime)
- {
-   info("TPM_GetTicks()");
--  memcpy(currentTime, &tpmData.stany.data.currentTicks, 
--    sizeof(TPM_CURRENT_TICKS));
--  return TPM_SUCCESS;
-+  return TPM_DISABLED_CMD;
- }
- 
- TPM_RESULT TPM_TickStampBlob(TPM_KEY_HANDLE keyHandle, TPM_NONCE *antiReplay,
-@@ -49,64 +48,11 @@ TPM_RESULT TPM_TickStampBlob(TPM_KEY_HAN
-                              TPM_CURRENT_TICKS *currentTicks, 
-                              UINT32 *sigSize, BYTE **sig)
- {
--  TPM_RESULT res;
--  TPM_KEY_DATA *key;
--  BYTE *info, *p;
--  UINT32 info_length, length;
-   info("TPM_TickStampBlob()");
--  /* get key */
--  key = tpm_get_key(keyHandle);
--  if (key == NULL) return TPM_INVALID_KEYHANDLE;
--  /* verify authorization */ 
--  res = tpm_verify_auth(auth1, key->usageAuth, keyHandle);
--  if (res != TPM_SUCCESS) return res;
--  if (key->keyUsage != TPM_KEY_SIGNING && key->keyUsage != TPM_KEY_LEGACY
--      && key->keyUsage != TPM_KEY_IDENTITY) return TPM_INVALID_KEYUSAGE;
--  /* get current ticks */
--  TPM_GetTicks(currentTicks);
--  /* sign data using signature scheme PKCS1_SHA1 and TPM_SIGN_INFO container 
*/
--  *sigSize = key->key.size >> 3;
--  *sig = tpm_malloc(*sigSize);
--  if (*sig == NULL) return TPM_FAIL; 
--  /* setup TPM_SIGN_INFO structure */
--  info_length = 30 + sizeof(TPM_DIGEST) + 
sizeof_TPM_CURRENT_TICKS(currentTicks);
--  info = tpm_malloc(info_length);
--  if (info == NULL) {
--    tpm_free(*sig);
--    return TPM_FAIL;
--  }
--  memcpy(&info[0], "\x05\x00TSTP", 6);
--  memcpy(&info[6], antiReplay->nonce, 20);
--  *(UINT32*)&info[26] = CPU_TO_BE32(20
--                        + sizeof_TPM_CURRENT_TICKS(currentTicks));
--  memcpy(&info[30], digestToStamp->digest, sizeof(TPM_DIGEST));
--  p = &info[30 + sizeof(TPM_DIGEST)]; 
--  length = sizeof_TPM_CURRENT_TICKS(currentTicks);
--  if (tpm_marshal_TPM_CURRENT_TICKS(&p, &length, currentTicks)
--      || rsa_sign(&key->key, RSA_SSA_PKCS1_SHA1, info, info_length, *sig)) {  
 
--    tpm_free(*sig);
--    tpm_free(info);
--    return TPM_FAIL;
--  } 
--  return TPM_SUCCESS;
-+  return TPM_DISABLED_CMD;
- }
- 
- void tpm_update_ticks(void)
- {
--  if (tpmData.stany.data.currentTicks.tag == 0) {
--    tpmData.stany.data.currentTicks.tag = TPM_TAG_CURRENT_TICKS;
--    tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks();
--/* removed since v1.2 rev 94
--    tpmData.stany.data.currentTicks.tickType = 
tpmData.permanent.data.tickType;
--*/
--    tpm_get_random_bytes(tpmData.stany.data.currentTicks.tickNonce.nonce, 
--      sizeof(TPM_NONCE));
--    tpmData.stany.data.currentTicks.tickRate = 1;
--/* removed since v1.2 rev 94
--    tpmData.stany.data.currentTicks.tickSecurity = TICK_SEC_NO_CHECK;
--*/
--  } else {
--    tpmData.stany.data.currentTicks.currentTicks += tpm_get_ticks();   
--  }
- }
- 
-diff -uprN orig/tpm_emulator-0.4/tpm/tpm_transport.c 
tpm_emulator/tpm/tpm_transport.c
---- orig/tpm_emulator-0.4/tpm/tpm_transport.c  2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm/tpm_transport.c   2006-07-24 14:35:35.000000000 -0700
-@@ -189,7 +189,7 @@ static void decrypt_wrapped_command(BYTE
-     sha1_init(&sha1);
-     sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce));
-     sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce));
--    sha1_update(&sha1, "in", 2);
-+    sha1_update(&sha1, (BYTE*)"in", 2);
-     sha1_update(&sha1, secret, sizeof(TPM_SECRET));
-     j = CPU_TO_BE32(i);
-     sha1_update(&sha1, (BYTE*)&j, 4);
-@@ -211,7 +211,7 @@ static void encrypt_wrapped_command(BYTE
-     sha1_init(&sha1);
-     sha1_update(&sha1, auth->nonceEven.nonce, sizeof(auth->nonceEven.nonce));
-     sha1_update(&sha1, auth->nonceOdd.nonce, sizeof(auth->nonceOdd.nonce));
--    sha1_update(&sha1, "out", 3);
-+    sha1_update(&sha1, (BYTE*)"out", 3);
-     sha1_update(&sha1, secret, sizeof(TPM_SECRET));
-     j = CPU_TO_BE32(i);
-     sha1_update(&sha1, (BYTE*)&j, 4);
-diff -uprN orig/tpm_emulator-0.4/tpmd.c tpm_emulator/tpmd.c
---- orig/tpm_emulator-0.4/tpmd.c       1969-12-31 16:00:00.000000000 -0800
-+++ tpm_emulator/tpmd.c        2006-07-24 14:35:35.000000000 -0700
-@@ -0,0 +1,156 @@
-+/* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-+ * Copyright (C) 2005 INTEL Corp
-+ *
-+ * This module is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published
-+ * by the Free Software Foundation; either version 2 of the License,
-+ * or (at your option) any later version.
-+ *
-+ * This module is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ * GNU General Public License for more details.
-+ *
-+ */
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <string.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#include <sys/time.h>
-+
-+#include "tpm_emulator.h"
-+
-+#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo"
-+#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo"
-+
-+#define BUFFER_SIZE 2048
-+
-+static int devurandom=0;
-+        
-+void get_random_bytes(void *buf, int nbytes) {
-+  
-+  if (devurandom == 0) {
-+    devurandom = open("/dev/urandom", O_RDONLY);
-+  }
-+
-+  if (read(devurandom, buf, nbytes) != nbytes) {
-+      printf("Can't get random number.\n");
-+      exit(-1);
-+  }
-+}
-+
-+uint64_t tpm_get_ticks(void)
-+{
-+  //struct timeval tv;
-+  //int gettimeofday(&tv, struct timezone *tz);
-+  return 0;
-+}
-+
-+int main(int argc, char **argv)
-+{
-+  uint8_t in[BUFFER_SIZE], *out;
-+  uint32_t out_size;
-+  int in_size, written;
-+  int i;
-+  struct stat file_info;
-+
-+  int tpm_tx_fh=-1, tpm_rx_fh=-1;
-+  if (argc < 2) {
-+    printf("Usage: tpmd clear|save|deactivated\n" );
-+        return -1;
-+  }
-+
-+  /* initialize TPM emulator */
-+  if (!strcmp(argv[1], "clear")) {
-+    printf("Initializing tpm: %s\n", argv[1]);
-+    tpm_emulator_init(1);
-+  } else if (!strcmp(argv[1], "save")) { 
-+    printf("Initializing tpm: %s\n", argv[1]);
-+    tpm_emulator_init(2);
-+  } else if (!strcmp(argv[1], "deactivated")) {
-+    printf("Initializing tpm: %s\n", argv[1]);
-+    tpm_emulator_init(3);
-+  } else {
-+    printf("invalid startup mode '%s'; must be 'clear', "
-+      "'save' (default) or 'deactivated", argv[1]);
-+    return -1;
-+  }
-+
-+  if ( stat(TPM_RX_FNAME, &file_info) == -1) {
-+    if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) {
-+      printf("Failed to create fifo %s.\n", TPM_RX_FNAME);
-+      return -1;
-+    }
-+  }
-+
-+  if ( stat(TPM_TX_FNAME, &file_info) == -1) {
-+    if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) {
-+      printf("Failed to create fifo %s.\n", TPM_TX_FNAME);
-+      return -1;
-+    }
-+  }
-+
-+  while (1) {
-+abort_command:
-+    if (tpm_rx_fh < 0) {
-+      tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY);
-+    }
-+    
-+    if (tpm_rx_fh < 0) {
-+      printf("ERROR: failed to open devices to listen to guest.\n");
-+      return -1;
-+    }
-+    
-+    if (tpm_tx_fh < 0) {
-+      tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY);
-+    }
-+
-+    if (tpm_tx_fh < 0) {
-+      printf("ERROR: failed to open devices to respond to guest.\n");
-+      return -1;
-+    }
-+
-+    in_size = read(tpm_rx_fh, in, BUFFER_SIZE);
-+    if (in_size < 6) { // Magic size of minium TPM command
-+      printf("Recv[%d] to small: 0x", in_size);
-+      if (in_size <= 0) {
-+          close(tpm_rx_fh);
-+          tpm_rx_fh = -1;
-+          goto abort_command;
-+      }
-+    } else { 
-+      printf("Recv[%d]: 0x", in_size);
-+      for (i=0; i< in_size; i++) 
-+        printf("%x ", in[i]);
-+      printf("\n");
-+    }
-+
-+    
-+    if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { 
-+        printf("ERROR: Handler Failed.\n");
-+    }
-+
-+    written = write(tpm_tx_fh, out, out_size);
-+
-+    if (written != out_size ) {
-+      printf("ERROR: Part of response not written %d/%d.\nAttempt: ", 
written, out_size);
-+    } else {
-+      printf("Sent[%Zu]: ", out_size);
-+    }
-+    for (i=0; i< out_size; i++)
-+      printf("%x ", out[i]);
-+    printf("\n");
-+    tpm_free(out);
-+
-+  } // loop
-+
-+  tpm_emulator_shutdown();
-+
-+  close(tpm_tx_fh);
-+  close(tpm_rx_fh);
-+
-+}
-Binary files orig/tpm_emulator-0.4/tpm_emulator and tpm_emulator/tpm_emulator 
differ
-diff -uprN orig/tpm_emulator-0.4/tpm_version.h tpm_emulator/tpm_version.h
---- orig/tpm_emulator-0.4/tpm_version.h        2006-06-23 03:37:07.000000000 
-0700
-+++ tpm_emulator/tpm_version.h 2006-07-24 14:35:41.000000000 -0700
-@@ -2,5 +2,5 @@
- #define _TPM_VERSION_H_
- #define VERSION_MAJOR 0
- #define VERSION_MINOR 4
--#define VERSION_BUILD 1151058734
-+#define VERSION_BUILD 1153776940
- #endif /* _TPM_VERSION_H_ */
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/vtpm-0.5.1-LDLIBS.patch
--- a/tools/vtpm/vtpm-0.5.1-LDLIBS.patch        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-diff -Naurp tpm_emulator-0.5.1/tpmd/Makefile tpm_emulator-0.5.1/tpmd/Makefile
---- tpm_emulator-0.5.1/tpmd/Makefile
-+++ tpm_emulator-0.5.1/tpmd/Makefile
-@@ -8,7 +8,7 @@ WFLAGS  := -Wall -Wno-unused -Wpointer-a
-            #WFLAGS  += -Wextra -Wcast-qual -Wmissing-prototypes 
-Wmissing-declarations -Wstrict-aliasing
- CFLAGS  += $(WFLAGS) -g -I.. -I. -O2 -fno-strict-aliasing
- CFLAGS  += -I../../../../tools/vtpm_manager/manager
--LDFLAGS += -lgmp
-+LDLIBS  += -lgmp
- 
- BINDIR  := /usr/bin/
- 
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/vtpm-0.5.1.patch
--- a/tools/vtpm/vtpm-0.5.1.patch       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,766 +0,0 @@
-diff -Naurp tpm_emulator-0.5.1/Makefile tpm5-test/Makefile
---- tpm_emulator-0.5.1/Makefile        2008-02-14 03:22:48.000000000 -0500
-+++ tpm5-test/Makefile 2009-07-15 09:45:28.000000000 -0400
-@@ -10,7 +10,7 @@ VERSION_MINOR  := 5
- VERSION_BUILD  := $(shell date +"%s")
- VERSION_SUFFIX := .1
- 
--SUBDIRS := tpmd tpmd_dev tddl
-+SUBDIRS := tpmd 
- 
- all: version all-recursive
- 
-@@ -48,12 +48,12 @@ user_install: user
- modules_install: modules
-       @$(MAKE) -C tpmd_dev install || exit -1
- 
--DIRS    := . tpm crypto tpmd tpmd_dev tddl tpmd_dev_openbsd
-+DIRS    := . tpm crypto tpmd 
- DISTSRC := $(foreach dir, $(DIRS), $(wildcard $(dir)/*.c))
- DISTSRC += $(foreach dir, $(DIRS), $(wildcard $(dir)/*.h))
--DIRS    := . tpmd tpmd_dev tddl tpmd_dev_openbsd
-+DIRS    := . tpmd 
- DISTSRC += $(foreach dir, $(DIRS), $(dir)/Makefile)
--DISTSRC += ./README ./AUTHORS ./ChangeLog tpmd_dev/tpmd_dev.rules.in
-+DISTSRC += ./README ./AUTHORS ./ChangeLog 
- DISTDIR := tpm_emulator-$(VERSION_MAJOR).$(VERSION_MINOR)$(VERSION_SUFFIX)
- 
- dist: $(DISTSRC)
-diff -Naurp tpm_emulator-0.5.1/tpm/tpm_capability.c 
tpm5-test/tpm/tpm_capability.c
---- tpm_emulator-0.5.1/tpm/tpm_capability.c    2008-02-14 03:22:48.000000000 
-0500
-+++ tpm5-test/tpm/tpm_capability.c     2009-07-16 12:04:20.000000000 -0400
-@@ -136,8 +136,19 @@ static TPM_RESULT cap_property(UINT32 su
- 
-     case TPM_CAP_PROP_TIS_TIMEOUT:
-       debug("[TPM_CAP_PROP_TIS_TIMEOUT]");
--      /* TODO: TPM_CAP_PROP_TIS_TIMEOUT */
--      return TPM_FAIL;
-+      /* TODO: TPM_CAP_PROP_TIS_TIMEOUT: Measure these values and determine 
correct ones */
-+      UINT32 len = *respSize = 16;
-+      BYTE *ptr = *resp = tpm_malloc(*respSize);
-+      if (ptr == NULL || 
-+          tpm_marshal_UINT32(&ptr, &len, 200000) ||
-+          tpm_marshal_UINT32(&ptr, &len, 200000) ||
-+          tpm_marshal_UINT32(&ptr, &len, 200000) ||
-+          tpm_marshal_UINT32(&ptr, &len, 200000)) {
-+        tpm_free(*resp);
-+        return TPM_FAIL;
-+      }
-+      return TPM_SUCCESS;
-+
- 
-     case TPM_CAP_PROP_STARTUP_EFFECT:
-       debug("[TPM_CAP_PROP_STARTUP_EFFECT]");
-@@ -189,8 +200,12 @@ static TPM_RESULT cap_property(UINT32 su
- 
-     case TPM_CAP_PROP_DURATION:
-       debug("[TPM_CAP_PROP_DURATION]");
--      /* TODO: TPM_CAP_PROP_DURATION */
--      return TPM_FAIL;
-+      /* TODO: TPM_CAP_PROP_DURATION: Measure these values and return 
accurate ones */
-+      BYTE dur[]= 
{0x0,0x0,0x0,0xc,0x0,0x7,0xa1,0x20,0x0,0x1e,0x84,0x80,0x11,0xe1,0xa3,0x0}; 
-+      *respSize = 16;
-+      *resp = tpm_malloc(*respSize);
-+      memcpy(*resp,dur,16); 
-+
- 
-     case TPM_CAP_PROP_ACTIVE_COUNTER:
-       debug("[TPM_CAP_PROP_ACTIVE_COUNTER]");
-diff -Naurp tpm_emulator-0.5.1/tpmd/Makefile tpm5-test/tpmd/Makefile
---- tpm_emulator-0.5.1/tpmd/Makefile   2008-02-14 03:22:48.000000000 -0500
-+++ tpm5-test/tpmd/Makefile    2009-07-16 12:08:26.000000000 -0400
-@@ -8,9 +8,10 @@ WFLAGS  := -Wall -Wno-unused -Wpointer-a
-            -Wwrite-strings -Wsign-compare -Wno-multichar
-            #WFLAGS  += -Wextra -Wcast-qual -Wmissing-prototypes 
-Wmissing-declarations -Wstrict-aliasing
- CFLAGS  += $(WFLAGS) -g -I.. -I. -O2 -fno-strict-aliasing
-+CFLAGS  += -I../../../../tools/vtpm_manager/manager
- LDFLAGS += -lgmp
- 
--BINDIR  := /usr/sbin/
-+BINDIR  := /usr/bin/
- 
- TPMD    := tpmd
- DIRS    := ../tpm ../crypto
-@@ -18,6 +19,8 @@ SRCS    := $(foreach dir, $(DIRS), $(wil
- OBJS    := $(patsubst %.c, %.o, $(SRCS))
- OBJS    := $(foreach dir, $(DIRS), $(patsubst $(dir)/%.o, %.o, $(filter 
$(dir)/%.o, $(OBJS))))
- 
-+VTPM_BIN := vtpmd
-+
- vpath %.c $(strip $(DIRS))
- 
- all: $(TPMD)
-@@ -32,10 +35,8 @@ TPMD_GROUP ?= tss
- INSTALL    ?= install
- 
- install: $(TPMD)
--      $(INSTALL) -m 755 -o $(TPMD_USER) -g $(TPMD_GROUP) -d 
$(DESTDIR)/var/lib/tpm
--      $(INSTALL) -m 755 -o $(TPMD_USER) -g $(TPMD_GROUP) -d 
$(DESTDIR)/var/run/tpm
-       $(INSTALL) -D -d $(DESTDIR)/$(BINDIR)
--      $(INSTALL) -m 755 $(TPMD) $(DESTDIR)/$(BINDIR)
-+      $(INSTALL) -m 755 $(TPMD) $(DESTDIR)/$(BINDIR)/$(VTPM_BIN)
- 
- .PHONY: all clean install
- 
-diff -Naurp tpm_emulator-0.5.1/tpmd/tpmd.c tpm5-test/tpmd/tpmd.c
---- tpm_emulator-0.5.1/tpmd/tpmd.c     2008-02-14 03:22:48.000000000 -0500
-+++ tpm5-test/tpmd/tpmd.c      2009-07-16 11:19:05.000000000 -0400
-@@ -32,6 +32,9 @@
- #include <grp.h>
- #include "tpm_emulator_config.h"
- #include "tpm/tpm_emulator.h"
-+#include "tpm/tpm_structures.h"
-+#include "tpm/tpm_marshalling.h"
-+#include "vtpm_manager.h"
- 
- #define TPM_DAEMON_NAME     "tpmd"
- #define TPM_CMD_BUF_SIZE    4096
-@@ -39,6 +42,24 @@
- #define TPM_RANDOM_DEVICE   "/dev/urandom"
- #undef  TPM_MKDIRS
- 
-+#ifdef VTPM_MULTI_VM
-+ #define DEV_BE "/dev/vtpm"
-+ #define DEV_FE "/dev/tpm"
-+#else
-+ #define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo"
-+ #define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo"
-+ #define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket"
-+
-+ #define VTPM_RX_FIFO_D "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo"
-+ #define VTPM_TX_FIFO "/var/vtpm/fifos/vtpm_cmd_from_all.fifo"
-+
-+ static char *vtpm_rx_name=NULL;
-+#endif
-+
-+ static int vtpm_tx_fh=-1, vtpm_rx_fh=-1;
-+
-+#define BUFFER_SIZE 2048
-+
- static volatile int stopflag = 0;
- static int is_daemon = 0;
- static int opt_debug = 0;
-@@ -49,6 +70,8 @@ static const char *opt_storage_file = "/
- static uid_t opt_uid = 0;
- static gid_t opt_gid = 0;
- static int tpm_startup = 2;
-+static int vtpm_type = VTPM_TYPE_PVM;
-+int dmi_id = 0;
- static int rand_fh;
- 
- void tpm_log(int priority, const char *fmt, ...)
-@@ -90,56 +113,241 @@ uint64_t tpm_get_ticks(void)
- 
- int tpm_write_to_file(uint8_t *data, size_t data_length)
- {
--    int fh;
--    ssize_t res;
--    fh = open(opt_storage_file, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | 
S_IWUSR);
--    if (fh < 0) return -1;
--    while (data_length > 0) {
--        res = write(fh, data, data_length);
--      if (res < 0) {
--          close(fh);
--          return -1;
--      }
--      data_length -= res; 
--      data += res;
-+  int res, out_data_size, in_header_size;
-+  BYTE *ptr, *out_data, *in_header;
-+  UINT32 result, len, in_rsp_size;
-+  UINT16 tag = VTPM_TAG_REQ;
-+      
-+  printf("Saving NVM\n");
-+  if (vtpm_tx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_tx_fh = open(DEV_FE, O_RDWR);
-+#else
-+      vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY);
-+#endif
-+  }
-+
-+  if (vtpm_tx_fh < 0) {
-+              return -1;
-+  }
-+ 
-+  // Send request to VTPM Manager to encrypt data
-+#ifdef VTPM_MUTLI_VM
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT + data_length;
-+#else
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length;
-+#endif
-+  
-+  out_data = ptr = (BYTE *) malloc(len);
-+
-+  if (ptr == NULL
-+#ifndef VTPM_MUTLI_VM
-+      || tpm_marshal_UINT32(&ptr, &len, dmi_id)
-+#endif
-+        || tpm_marshal_UINT16(&ptr, &len, tag)
-+#ifdef VTPM_MUTLI_VM
-+        || tpm_marshal_UINT32(&ptr, &len, out_data_size)
-+#else
-+        || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t))
-+#endif  
-+        || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM)
-+        || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) {
-+      free(out_data);
-+      return -1;
-+  }
-+  
-+  printf("\tSending SaveNVM Command.\n");
-+  res = write(vtpm_tx_fh, out_data, out_data_size);
-+  free(out_data);
-+  if (res != out_data_size) return -1;
-+
-+  if (vtpm_rx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_rx_fh = vtpm_tx_fh
-+#else
-+    if (vtpm_rx_name == NULL) {
-+      vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D));
-+      sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id);
-     }
--    close(fh);
--    return 0;
-+      vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY);
-+#endif
-+  }
-+
-+  if (vtpm_rx_fh < 0) {
-+              return -1;
-+  }
-+  
-+  // Read Header of response so we can get the size & status
-+#ifdef VTPM_MUTLI_VM
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT;
-+#else
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
-+#endif
-+  in_header = ptr = malloc(in_header_size);
-+  
-+  printf("\tReading SaveNVM header.\n");
-+  res = read(vtpm_rx_fh, in_header, in_header_size);
-+
-+  if ( (res != in_header_size)
-+#ifndef VTPM_MUTLI_VM
-+       || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id)
-+#endif
-+         || tpm_unmarshal_UINT16(&ptr, &len, &tag)
-+         || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size)
-+         || tpm_unmarshal_UINT32(&ptr, &len, &result) ) {
-+        free(in_header);
-+        return -1;
-+  }
-+  free(in_header);
-+  
-+  if (result != VTPM_SUCCESS) {
-+      return -1;  
-+  }
-+
-+#ifdef VTPM_MUTLI_VM
-+  close(vtpm_tx_fh); close(vtpm_rx_fh);
-+#endif
-+        
-+  printf("\tFinishing up SaveNVM\n");
-+  return (0);
- }
- 
- int tpm_read_from_file(uint8_t **data, size_t *data_length)
- {
--    int fh;
--    ssize_t res;
--    size_t total_length;
--    fh = open(opt_storage_file, O_RDONLY);
--    if (fh < 0) return -1;
--    total_length = lseek(fh, 0, SEEK_END);
--    lseek(fh, 0, SEEK_SET);
--    *data = tpm_malloc(total_length);
--    if (*data == NULL) {
--        close(fh);
--        return -1;
--    }
--    *data_length = 0;
--    while (total_length > 0) {
--        res = read(fh, &(*data)[*data_length], total_length);
--      if (res < 0) {
--          close(fh);
--          tpm_free(*data);
--          return -1;
--      }
--        *data_length += res;
--      total_length -= res;
-+  int res, out_data_size, in_header_size;
-+  uint8_t *ptr, *out_data, *in_header;
-+  UINT16 tag = VTPM_TAG_REQ;
-+  UINT32 len, in_rsp_size, result;
-+#ifdef VTPM_MUTLI_VM
-+      int vtpm_rx_fh, vtpm_tx_fh;
-+#endif
-+      
-+  printf("Loading NVM.\n");
-+  if (vtpm_tx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_tx_fh = open(DEV_FE, O_RDWR);
-+#else
-+      vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY);
-+#endif
-+  }
-+
-+  if (vtpm_tx_fh < 0) {
-+      printf("Error in read_from_file:301\n");
-+              return -1;
-+  }
-+ 
-+  // Send request to VTPM Manager to encrypt data
-+#ifdef VTPM_MUTLI_VM
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT;
-+#else
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
-+#endif
-+  out_data = ptr = (BYTE *) malloc(len);
-+
-+  if (ptr == NULL
-+#ifndef VTPM_MUTLI_VM
-+      || tpm_marshal_UINT32(&ptr, &len, dmi_id)
-+#endif  
-+      || tpm_marshal_UINT16(&ptr, &len, tag)
-+#ifdef VTPM_MUTLI_VM
-+      || tpm_marshal_UINT32(&ptr, &len, out_data_size)
-+#else
-+      || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t))
-+#endif
-+      || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) {
-+    free(out_data);
-+    printf("Error in read_from_file:325\n");
-+
-+    return -1;
-+  }
-+
-+  printf("\tSending LoadNVM command\n");
-+  res = write(vtpm_tx_fh, out_data, out_data_size);
-+  free(out_data);
-+  if (res != out_data_size) 
-+    {
-+      printf("Error in read_from_file:335\n");
-+      return -1;
-+    }
-+
-+    if (vtpm_rx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_rx_fh = vtpm_tx_fh;
-+#else
-+    if (vtpm_rx_name == NULL) {
-+      vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D));
-+      sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id);
-     }
--    close(fh);
--    return 0;
-+      vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY);
-+#endif
-+  }
-+
-+  if (vtpm_rx_fh < 0) {
-+      printf("Error in read_from_file:352\n");        
-+      return -1;
-+  }
-+  
-+  // Read Header of response so we can get the size & status
-+#ifdef VTPM_MUTLI_VM
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT;
-+#else
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
-+#endif
-+  in_header = ptr = malloc(in_header_size);
-+  
-+  printf("\tReading LoadNVM header\n");
-+  res = read(vtpm_rx_fh, in_header, in_header_size);
-+
-+  if ( (res != in_header_size)
-+#ifndef VTPM_MUTLI_VM
-+       || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id)
-+#endif
-+       || tpm_unmarshal_UINT16(&ptr, &len, &tag)
-+       || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size)
-+       || tpm_unmarshal_UINT32(&ptr, &len, &result) ) {
-+      free(in_header);
-+      printf("Error in read_from_file:375\n");     
-+      return -1;
-+  }
-+  free(in_header);
-+  
-+  if (result != VTPM_SUCCESS) {
-+    printf("Error in read_from_file:381\n");
-+    return -1;  
-+  }
-+
-+  // Read Encrypted data from VTPM Manager
-+  *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT;
-+  *data = (uint8_t *) malloc(*data_length);
-+
-+  printf("\tReading clear data from LoadNVM.\n");
-+  res = read(vtpm_rx_fh, *data, *data_length);
-+#ifdef VTPM_MUTLI_VM
-+  close(vtpm_rx_fh);close(vtpm_tx_fh);
-+#endif 
-+      
-+  printf("\tReturing from loading NVM\n");
-+  if (res != (int)*data_length) {
-+      free(*data);
-+      printf("Error in read_from_file:398\n");
-+      return -1;
-+  } else {
-+      return 0;
-+  }
-+
-+
-+    
- }
- 
- static void print_usage(char *name)
- {
-     printf("usage: %s [-d] [-f] [-s storage file] [-u unix socket name] "
--           "[-o user name] [-g group name] [-h] [startup mode]\n", name);
-+           "[-o user name] [-g group name] [-h]"
-+#ifdef VTPM_MULTI_VM
-+         "clear|save|deactivated\n", name);
-+#else
-+         "clear|save|deactivated pvm|hvm vtpmid\n", name);
-+#endif
-     printf("  d : enable debug mode\n");
-     printf("  f : forces the application to run in the foreground\n");
-     printf("  s : storage file to use (default: %s)\n", opt_storage_file);
-@@ -205,7 +413,13 @@ static void parse_options(int argc, char
-                 exit(EXIT_SUCCESS);
-         }
-     }
--    if (optind < argc) {
-+    /*Make sure we have all required options*/
-+#ifdef VTPM_MULTI_VM
-+#define EXTRA_OPTS 0
-+#else
-+#define EXTRA_OPTS 2
-+#endif
-+    if (optind < argc - EXTRA_OPTS ) {
-         debug("startup mode = '%s'", argv[optind]);
-         if (!strcmp(argv[optind], "clear")) {
-             tpm_startup = 1;
-@@ -219,6 +433,25 @@ static void parse_options(int argc, char
-             print_usage(argv[0]);
-             exit(EXIT_SUCCESS);
-         }
-+#ifndef VTPM_MULTI_VM
-+        ++optind;
-+      if(!strcmp(argv[optind], "pvm")) {
-+              vtpm_type = VTPM_TYPE_PVM;      // Get commands from vTPM 
Manager through fifo
-+      } else if (!strcmp(argv[optind], "hvm")) {
-+              vtpm_type = VTPM_TYPE_HVM;      // Get commands from qemu via 
socket
-+        } else {
-+              error("Invalid vm mode '%s'; must be 'pvm', "
-+                      "or 'hvm' ", argv[optind]);
-+              print_usage(argv[0]);
-+              exit(EXIT_SUCCESS);
-+      }
-+        ++optind;
-+      dmi_id = atoi(argv[optind]);
-+#endif
-+    } else {
-+      error("Invalid number of arguments");
-+      print_usage(argv[0]);
-+      exit(EXIT_SUCCESS);
-     }
- }
- 
-@@ -348,93 +581,180 @@ static int init_socket(const char *name)
- 
- static void main_loop(void)
- {
--    int sock, fh, res;
--    int32_t in_len;
-+    int32_t in_len, written;
-     uint32_t out_len;
--    uint8_t in[TPM_CMD_BUF_SIZE], *out;
-+    uint8_t in[TPM_CMD_BUF_SIZE], *out, *addressed_out;
-+    int guest_id=-1;
-+    int i;
-+    char *vtpm_rx_file=NULL;
-+    int res;
-+
-+#ifndef VTPM_MULTI_VM
-+    int sockfd = -1;
-     struct sockaddr_un addr;
--    socklen_t addr_len;
--    fd_set rfds;
--    struct timeval tv;
-+    struct sockaddr_un client_addr;
-+    unsigned int client_length;
-+#endif
-+
-+    int vtpm_tx_fh=-1, vtpm_rx_fh=-1;
-+
-+#ifndef VTPM_MULTI_VM
-+  if (vtpm_type == VTPM_TYPE_PVM) {
-+    vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D));
-+    sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id);
-+  } else {
-+    vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D));
-+    sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id);
-+
-+    if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) {
-+          error("Unable to create socket. errno = %d\n", errno);
-+      exit (-1);
-+    }
-+
-+    memset(&addr, 0, sizeof(addr));
-+    addr.sun_family = AF_UNIX;
-+    strcpy(addr.sun_path,vtpm_rx_file );
-+    unlink(addr.sun_path);
-+  }
-+#endif
- 
-     info("staring main loop");
--    /* open UNIX socket */
--    sock = init_socket(opt_socket_name);
--    if (sock < 0) exit(EXIT_FAILURE);
-     /* init tpm emulator */
--    debug("initializing TPM emulator: %d", tpm_startup);
-+#ifdef VTPM_MULTI_VM
-+    debug("initializing TPM emulator: state=%d", tpm_startup);
-+#else
-+    debug("initializing TPM emulator: state=%d, type=%d, id=%d", tpm_startup, 
vtpm_type, dmi_id);
-+#endif
-     tpm_emulator_init(tpm_startup);
-     /* start command processing */
-     while (!stopflag) {
-         /* wait for incomming connections */
-         debug("waiting for connections...");
--        FD_ZERO(&rfds);
--        FD_SET(sock, &rfds);
--        tv.tv_sec = 10;
--        tv.tv_usec = 0;
--        res = select(sock + 1, &rfds, NULL, NULL, &tv);
--        if (res < 0) {
--            error("select(sock) failed: %s", strerror(errno));
--            break;
--        } else if (res == 0) {
--            continue;
--        }
--        addr_len = sizeof(addr);
--        fh = accept(sock, (struct sockaddr*)&addr, &addr_len);
--        if (fh < 0) {
--            error("accept() failed: %s", strerror(errno));
--            continue;
--        }
-+      if (vtpm_rx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+          vtpm_rx_fh = open(DEV_BE, O_RDWR);
-+#else
-+          if (vtpm_type == VTPM_TYPE_PVM)
-+          {
-+              vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY);
-+          } else {
-+              if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
-+                  error("Unable to bind(). errno = %d\n", errno);
-+                  exit (-1);
-+              }
-+
-+              if (listen(sockfd, 10) <0) {
-+                  error("Unable to listen(). errno = %d\n", errno);
-+                  exit (-1);
-+              } 
-+
-+               memset(&client_addr, 0, sizeof(client_addr));
-+               client_length = sizeof(client_addr);
-+
-+               vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr 
*)&client_addr, &client_length);
-+          }
-+#endif
-+      }
-+      
-+      /*Error Checking*/
-+      if (vtpm_rx_fh < 0) {
-+        error("Failed to open devices to listen to guest.\n");
-+        exit(-1);
-+      }
-+
-         /* receive and handle commands */
-         in_len = 0;
-         do {
-             debug("waiting for commands...");
--            FD_ZERO(&rfds);
--            FD_SET(fh, &rfds);
--            tv.tv_sec = TPM_COMMAND_TIMEOUT;
--            tv.tv_usec = 0;
--            res = select(fh + 1, &rfds, NULL, NULL, &tv);
--            if (res < 0) {
--                error("select(fh) failed: %s", strerror(errno));
--                close(fh);
--                break;
--            } else if (res == 0) {
--#ifdef TPMD_DISCONNECT_IDLE_CLIENTS       
--                info("connection closed due to inactivity");
--                close(fh);
--                break;
--#else         
--                continue;
--#endif                
--            }
--            in_len = read(fh, in, sizeof(in));
--            if (in_len > 0) {
-+
-+            in_len = read(vtpm_rx_fh, in, sizeof(in));
-+          /*Magic size of minimum TPM command is 6*/
-+              //FIXME Magic size check may not be required anymore
-+            if (in_len < 6) {
-+              info("Recv incomplete command of %d bytes.", in_len);
-+              if (in_len <= 0) {
-+                  close(vtpm_rx_fh);
-+                  vtpm_rx_fh = -1;
-+                  continue;
-+                 }
-+          } else {
-+              /*Debug Printouts*/
-                 debug("received %d bytes", in_len);
-+              debug_nostop("Recv[%d]: 0x", in_len);
-+              for (i=0; i< in_len; i++) 
-+                  debug_more("%x ", in[i]);
-+              debug_more("\n");
-+              /*Multiple Guest check*/
-+              if (guest_id == -1) {
-+                  guest_id = *((int32_t *) in);
-+              } else {
-+                  if (guest_id != *((int32_t *) in) ) {
-+                      error("WARNING: More than one guest attached\n");
-+                  }
-+              }
-+
-+              /*Open tx handle now*/
-+              if (vtpm_tx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+                  vtpm_tx_fh = open(DEV_BE, O_RDWR);
-+                  vtpm_rx_fh = vtpm_tx_fh;
-+#else
-+                  if (vtpm_type == VTPM_TYPE_PVM) {
-+                      vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY);
-+                  } // No need to open the other direction for HVM
-+#endif
-+              }
-+              if (vtpm_tx_fh < 0) {
-+                error("Failed to open devices to respond to guest.\n");
-+                exit(-1);
-+              }
-+
-+              /*Handle the TPM command now*/
-                 out = NULL;
--                res = tpm_handle_command(in, in_len, &out, &out_len);
-+                res = tpm_handle_command(in + sizeof(uint32_t), in_len - 
sizeof(uint32_t), &out, &out_len);
-                 if (res < 0) {
-                     error("tpm_handle_command() failed");
-                 } else {
-                     debug("sending %d bytes", out_len);
-+                  //FIXME this prepending may or may not be needed
-+                  /*Prepend the first 4 bytes of the in buffer.. why?*/
-+                  addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + 
out_len);
-+                  *(uint32_t *) addressed_out = *(uint32_t *) in;
-+                  memcpy(addressed_out + sizeof(uint32_t), out, out_len);
-+                  out_len += sizeof(uint32_t);
-+                  /*End Prepend*/
-+
-+                  /*Perform write operation now*/
-                     while (out_len > 0) {
--                        res = write(fh, out, out_len);
-+                        res = write(vtpm_tx_fh, addressed_out, out_len);
-+
-                         if (res < 0) {
-                             error("write(%d) failed: %s", out_len, 
strerror(errno));
-                             break;
--                        }
-+                        } else {
-+                        debug_nostop("Sent[%Zu]: ", out_len);
-+                        for (i=0; (unsigned int)i< out_len; i++)
-+                          debug_more("%x ", addressed_out[i]);
-+                        debug_more("\n");
-+                      }
-                         out_len       -= res;
-                     }
-                     tpm_free(out);
-+                  tpm_free(addressed_out);
-                 }
-             }
-         } while (in_len > 0);
--        close(fh);
-+        //close(fh);
-     }
-+    
-     /* shutdown tpm emulator */
-     tpm_emulator_shutdown();
--    /* close socket */
--    close(sock);
--    unlink(opt_socket_name);
-+    /* Close handles */
-+    close(vtpm_tx_fh);
-+#ifndef VTPM_MULTI_VM
-+    close(vtpm_rx_fh);
-+    free(vtpm_rx_file);
-+#endif
-     info("main loop stopped");
- }
- 
-@@ -450,12 +770,13 @@ int main(int argc, char **argv)
-     /* open random device */
-     init_random();
-     /* init signal handlers */
--    init_signal_handler();
-+    //init_signal_handler();
-     /* unless requested otherwiese, fork and daemonize process */
--    if (!opt_foreground) daemonize();
-+    //if (!opt_foreground) daemonize();
-     /* start main processing loop */
-     main_loop();
-     info("stopping TPM Emulator daemon");
-     closelog();
-     return 0;
- }
-+
-diff -Naurp tpm_emulator-0.5.1/tpmd/tpm_emulator_config.h 
tpm5-test/tpmd/tpm_emulator_config.h
---- tpm_emulator-0.5.1/tpmd/tpm_emulator_config.h      2008-02-14 
03:22:48.000000000 -0500
-+++ tpm5-test/tpmd/tpm_emulator_config.h       2009-07-16 11:25:26.000000000 
-0400
-@@ -29,23 +29,28 @@
- 
- /* TPM emulator configuration */
- 
--#undef  TPM_STRONG_PERSISTENCE
--#undef  TPM_GENERATE_EK
-+#define  TPM_STRONG_PERSISTENCE
-+#define  TPM_GENERATE_EK
- #undef  TPM_GENERATE_SEED_DAA
- #undef  TPM_MEMORY_ALIGNMENT_MANDATORY
- 
-+extern int dmi_id;
-+
- /* log macros */
- 
- void tpm_log(int priority, const char *fmt, ...);
- 
--#define debug(fmt, ...) tpm_log(LOG_DEBUG, "%s:%d: Debug: " fmt "\n", \
--                                __FILE__, __LINE__, ## __VA_ARGS__)
--#define info(fmt, ...)  tpm_log(LOG_INFO, "%s:%d: Info: " fmt "\n", \
--                                __FILE__, __LINE__, ## __VA_ARGS__)
--#define error(fmt, ...) tpm_log(LOG_ERR, "%s:%d: Error: " fmt "\n", \
--                                __FILE__, __LINE__, ## __VA_ARGS__)
--#define alert(fmt, ...) tpm_log(LOG_ALERT, "%s:%d: Alert: " fmt "\n", \
--                                __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug(fmt, ...) tpm_log(LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " fmt 
"\n", \
-+                                dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define info(fmt, ...)  tpm_log(LOG_INFO, "VTPMD[%d]: %s:%d: Info: " fmt 
"\n", \
-+                                dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define error(fmt, ...) tpm_log(LOG_ERR, "VTPMD[%d]: %s:%d: Error: " fmt 
"\n", \
-+                                dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define alert(fmt, ...) tpm_log(LOG_ALERT, "VTPMD[%d]: %s:%d: Alert: " fmt 
"\n", \
-+                                dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug_nostop(fmt, ...) tpm_log(LOG_DEBUG, "VTPMD[%d]: %s:%d: Debug: " 
fmt, \
-+                                dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug_more(fmt, ...) tpm_log(LOG_DEBUG, fmt, ## __VA_ARGS__)
- 
- /*  min/max macros that also do strict type-checking */
- 
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm/vtpm.patch
--- a/tools/vtpm/vtpm.patch     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,716 +0,0 @@
-diff -uprN tpm_emulator/AUTHORS vtpm/AUTHORS
---- tpm_emulator/AUTHORS       2006-12-08 12:51:29.000000000 -0800
-+++ vtpm/AUTHORS       2006-12-13 16:38:52.000000000 -0800
-@@ -1,3 +1,3 @@
- Mario Strasser <mast@xxxxxxx>
- Heiko Stamer <stamer@xxxxxxxx> [DAA]
--INTEL Corp <> [Dropped to Ring3]
-+INTEL Corp <> [VTPM Extensions]
-diff -uprN tpm_emulator/ChangeLog vtpm/ChangeLog
---- tpm_emulator/ChangeLog     2006-12-08 12:51:29.000000000 -0800
-+++ vtpm/ChangeLog     2006-12-13 16:38:52.000000000 -0800
-@@ -1,5 +1,6 @@
- ????-??-?? Intel Corp
-       * Moved module out of kernel to run as a ring 3 app
-+      * Modified save_to_file and load_from_file to call xen VTPM manager
- 
- 2006-06-23  Mario Strasser <mast@xxxxxxx>
-       * tpm_startup.c: behaviour of ST_CLEAR and storage of
-diff -uprN tpm_emulator/linux_module.h vtpm/linux_module.h
---- tpm_emulator/linux_module.h        2006-12-08 12:51:29.000000000 -0800
-+++ vtpm/linux_module.h        2007-01-09 14:49:06.000000000 -0800
-@@ -44,18 +44,26 @@
- #define TPM_DEVICE_NAME   "tpm"
- #define TPM_MODULE_NAME   "tpm_emulator"
- 
-+/* debug and log output functions */
-+extern int dmi_id; 
-+
- #ifdef DEBUG
--#define debug(fmt, ...) printf("TPMD: %s:%d: Debug: " fmt "\n", \
--                        __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug(fmt, ...) printf("TPMD[%d]: %s:%d: Debug: " fmt "\n", \
-+                        dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug_nostop(fmt, ...) printf("TPMD[%d]: %s:%d: Debug: " fmt, \
-+                        dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define debug_more(fmt, ...) printf( fmt, ## __VA_ARGS__ )
- #else
- #define debug(fmt, ...) 
-+#define debug_nostop(fmt, ...) 
-+#define debug_more(fmt, ...)
- #endif
--#define info(fmt, ...)  printf("TPMD: %s:%d: Info: " fmt "\n", \
--                        __FILE__, __LINE__, ## __VA_ARGS__)
--#define error(fmt, ...) printf("TPMD: %s:%d: Error: " fmt "\n", \
--                        __FILE__, __LINE__, ## __VA_ARGS__)
--#define alert(fmt, ...) printf("TPMD: %s:%d: Alert: " fmt "\n", \
--                        __FILE__, __LINE__, ## __VA_ARGS__)
-+#define info(fmt, ...)  printf("TPMD[%d]: %s:%d: Info: " fmt "\n", \
-+                        dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define error(fmt, ...) printf("TPMD[%d]: %s:%d: Error: " fmt "\n", \
-+                        dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
-+#define alert(fmt, ...) printf("TPMD[%d]: %s:%d: Alert: " fmt "\n", \
-+                        dmi_id, __FILE__, __LINE__, ## __VA_ARGS__)
- 
- /* memory allocation */
- 
-diff -uprN tpm_emulator/Makefile vtpm/Makefile
---- tpm_emulator/Makefile      2006-12-08 12:51:29.000000000 -0800
-+++ vtpm/Makefile      2006-12-13 16:38:52.000000000 -0800
-@@ -7,7 +7,7 @@
- COMPILE_ARCH    ?= $(shell uname -m | sed -e s/i.86/x86_32/)
- 
- # module settings
--BIN            := tpm_emulator
-+BIN            := vtpmd
- VERSION_MAJOR  := 0
- VERSION_MINOR  := 4
- VERSION_BUILD  := $(shell date +"%s")
-@@ -22,7 +22,7 @@ TOOLS_INSTALL_DIR = $(DESTDIR)/usr/bin
- 
- CC      := gcc
- CFLAGS  += -g -Wall $(INCLUDE) -DDEBUG
--CFLAGS  += -I. -Itpm
-+CFLAGS  += -I. -Itpm -I../../vtpm_manager/manager
- 
- # Is the simulator running in it's own vm?
- #CFLAGS += -DVTPM_MULTI_VM
-@@ -62,7 +62,6 @@ $(BIN):      $(src)/crypto/gmp.h $(src)/crypt
- 
- install: $(BIN)
-       $(INSTALL_PROG) $(BIN) $(TOOLS_INSTALL_DIR)
--      @if [ ! -d "/var/tpm" ]; then mkdir /var/tpm; fi
- 
- clean:
-       rm -f $(src)/crypto/gmp.h $(src)/crypto/libgmp.a $(OBJS)
-@@ -98,3 +97,4 @@ version:
-       @echo "#endif /* _TPM_VERSION_H_ */" >> $(src)/tpm_version.h
- 
- .PHONY: all install clean dist gmp version
-+
-diff -uprN tpm_emulator/tpm/tpm_capability.c vtpm/tpm/tpm_capability.c
---- tpm_emulator/tpm/tpm_capability.c  2006-06-23 03:37:07.000000000 -0700
-+++ vtpm/tpm/tpm_capability.c  2007-01-10 10:00:49.000000000 -0800
-@@ -136,8 +136,18 @@ static TPM_RESULT cap_property(UINT32 su
- 
-     case TPM_CAP_PROP_TIS_TIMEOUT:
-       debug("[TPM_CAP_PROP_TIS_TIMEOUT]");
--      /* TODO: TPM_CAP_PROP_TIS_TIMEOUT */
--      return TPM_FAIL;
-+      /* TODO: TPM_CAP_PROP_TIS_TIMEOUT: Measure these values and determine 
correct ones */
-+      UINT32 len = *respSize = 16;
-+      BYTE *ptr = *resp = tpm_malloc(*respSize);
-+      if (ptr == NULL || 
-+          tpm_marshal_UINT32(&ptr, &len, 200000) ||
-+          tpm_marshal_UINT32(&ptr, &len, 200000) ||
-+          tpm_marshal_UINT32(&ptr, &len, 200000) ||
-+          tpm_marshal_UINT32(&ptr, &len, 200000)) {
-+        tpm_free(*resp);
-+        return TPM_FAIL;
-+      }
-+      return TPM_SUCCESS;
- 
-     case TPM_CAP_PROP_STARTUP_EFFECT:
-       debug("[TPM_CAP_PROP_STARTUP_EFFECT]");
-@@ -190,7 +200,11 @@ static TPM_RESULT cap_property(UINT32 su
- 
-     case TPM_CAP_PROP_DURATION:
-       debug("[TPM_CAP_PROP_DURATION]");
--      /* TODO: TPM_CAP_PROP_DURATION */
-+      /* TODO: TPM_CAP_PROP_DURATION: Measure these values and return 
accurate ones */
-+      BYTE dur[]= 
{0x0,0x0,0x0,0xc,0x0,0x7,0xa1,0x20,0x0,0x1e,0x84,0x80,0x11,0xe1,0xa3,0x0}; 
-+      *respSize = 16;
-+      *resp = tpm_malloc(*respSize);
-+      memcpy(*resp,dur,16); 
-       return TPM_FAIL;
- 
-     case TPM_CAP_PROP_ACTIVE_COUNTER:
-diff -uprN tpm_emulator/tpm/tpm_cmd_handler.c vtpm/tpm/tpm_cmd_handler.c
---- tpm_emulator/tpm/tpm_cmd_handler.c 2008-02-27 16:35:41.000000000 -0500
-+++ vtpm/tpm/tpm_cmd_handler.c 2008-02-28 14:43:28.000000000 -0500
-@@ -94,12 +94,18 @@ void tpm_compute_out_param_digest(TPM_CO
-   sha1_ctx_t sha1;
-   UINT32 res = CPU_TO_BE32(rsp->result);
-   UINT32 ord = CPU_TO_BE32(ordinal);
-+  UINT32 offset = 0;
- 
-   /* compute SHA1 hash */
-   sha1_init(&sha1);
-   sha1_update(&sha1, (BYTE*)&res, 4);
-   sha1_update(&sha1, (BYTE*)&ord, 4);
--  sha1_update(&sha1, rsp->param, rsp->paramSize);
-+  if (ordinal == TPM_ORD_LoadKey2) {
-+      offset = 4;
-+  }
-+  if (rsp->paramSize - offset > 0) {
-+      sha1_update(&sha1, rsp->param + offset, rsp->paramSize - offset);
-+  }
-   sha1_final(&sha1, rsp->auth1->digest);
-   if (rsp->auth2 != NULL) memcpy(rsp->auth2->digest, 
-     rsp->auth1->digest, sizeof(rsp->auth1->digest));
-diff -uprN tpm_emulator/tpm/tpm_data.c vtpm/tpm/tpm_data.c
---- tpm_emulator/tpm/tpm_data.c        2008-02-27 16:35:41.000000000 -0500
-+++ vtpm/tpm/tpm_data.c        2008-02-27 16:35:40.000000000 -0500
-@@ -1,6 +1,7 @@
- /* Software-Based Trusted Platform Module (TPM) Emulator for Linux
-  * Copyright (C) 2004 Mario Strasser <mast@xxxxxxx>,
-  *                    Swiss Federal Institute of Technology (ETH) Zurich
-+ * Copyright (C) 2005 INTEL Corp
-  *
-  * This module is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License as published
-@@ -15,10 +16,15 @@
-  * $Id: tpm_data.c 98 2006-05-07 14:16:29Z hstamer $
-  */
- 
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+
- #include "tpm_emulator.h"
- #include "tpm_structures.h"
- #include "tpm_marshalling.h"
--#include "linux_module.h"
-+#include "vtpm_manager.h"
- 
- TPM_DATA tpmData;
- 
-@@ -158,45 +164,232 @@ void tpm_release_data(void)
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <unistd.h>
- 
--#define TPM_STORAGE_FILE "/var/tpm/tpm_emulator-1.2." STR(VERSION_MAJOR) "." 
STR(VERSION_MINOR) 
-+ static int vtpm_tx_fh=-1, vtpm_rx_fh=-1;
-+
-+#ifdef VTPM_MUTLI_VM
-+ #define DEV_FE "/dev/tpm"
-+#else
-+ #define VTPM_RX_FIFO_D  "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo"
-+ #define VTPM_TX_FIFO  "/var/vtpm/fifos/vtpm_cmd_from_all.fifo"
-+
-+ extern int dmi_id;
-+ static char *vtpm_rx_name=NULL; 
-+#endif
- 
- static int write_to_file(uint8_t *data, size_t data_length)
- {
--  int res;
--  int fp;
--  fp = open(TPM_STORAGE_FILE, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | 
S_IWUSR);
--  res = write(fp, data, data_length);
--  close(fp);
--  return (res == data_length) ? 0 : -1;
-+  int res, out_data_size, in_header_size;
-+  BYTE *ptr, *out_data, *in_header;
-+  UINT32 result, len, in_rsp_size;
-+  UINT16 tag = VTPM_TAG_REQ;
-+      
-+  printf("Saving NVM\n");
-+  if (vtpm_tx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_tx_fh = open(DEV_FE, O_RDWR);
-+#else
-+      vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY);
-+#endif
-+  }
-+
-+  if (vtpm_tx_fh < 0) {
-+              return -1;
-+  }
-+ 
-+  // Send request to VTPM Manager to encrypt data
-+#ifdef VTPM_MUTLI_VM
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT + data_length;
-+#else
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length;
-+#endif
-+  
-+  out_data = ptr = (BYTE *) malloc(len);
-+
-+  if (ptr == NULL
-+#ifndef VTPM_MUTLI_VM
-+      || tpm_marshal_UINT32(&ptr, &len, dmi_id)
-+#endif
-+        || tpm_marshal_UINT16(&ptr, &len, tag)
-+#ifdef VTPM_MUTLI_VM
-+        || tpm_marshal_UINT32(&ptr, &len, out_data_size)
-+#else
-+        || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t))
-+#endif  
-+        || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_SAVENVM)
-+        || tpm_marshal_BYTE_ARRAY(&ptr, &len, data, data_length)) {
-+      free(out_data);
-+      return -1;
-+  }
-+  
-+  printf("\tSending SaveNVM Command.\n");
-+  res = write(vtpm_tx_fh, out_data, out_data_size);
-+  free(out_data);
-+  if (res != out_data_size) return -1;
-+
-+  if (vtpm_rx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_rx_fh = vtpm_tx_fh
-+#else
-+    if (vtpm_rx_name == NULL) {
-+      vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D));
-+      sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id);
-+    }
-+      vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY);
-+#endif
-+  }
-+
-+  if (vtpm_rx_fh < 0) {
-+              return -1;
-+  }
-+  
-+  // Read Header of response so we can get the size & status
-+#ifdef VTPM_MUTLI_VM
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT;
-+#else
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
-+#endif
-+  in_header = ptr = malloc(in_header_size);
-+  
-+  printf("\tReading SaveNVM header.\n");
-+  res = read(vtpm_rx_fh, in_header, in_header_size);
-+
-+  if ( (res != in_header_size)
-+#ifndef VTPM_MUTLI_VM
-+       || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id)
-+#endif
-+         || tpm_unmarshal_UINT16(&ptr, &len, &tag)
-+         || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size)
-+         || tpm_unmarshal_UINT32(&ptr, &len, &result) ) {
-+        free(in_header);
-+        return -1;
-+  }
-+  free(in_header);
-+  
-+  if (result != VTPM_SUCCESS) {
-+      return -1;  
-+  }
-+
-+#ifdef VTPM_MUTLI_VM
-+  close(vtpm_tx_fh); close(vtpm_rx_fh);
-+#endif
-+        
-+  printf("\tFinishing up SaveNVM\n");
-+  return (0);
- }
- 
- static int read_from_file(uint8_t **data, size_t *data_length)
- {
--  int res;
--  int fp, file_status;
--  struct stat file_info;
--  fp = open(TPM_STORAGE_FILE, O_RDONLY, 0);
--  file_status = fstat(fp, &file_info);
--  if (file_status < 0) {
--    close(fp);
--    return -1;
--  } 
-+  int res, out_data_size, in_header_size;
-+  uint8_t *ptr, *out_data, *in_header;
-+  UINT16 tag = VTPM_TAG_REQ;
-+  UINT32 len, in_rsp_size, result;
-+#ifdef VTPM_MUTLI_VM
-+      int vtpm_rx_fh, vtpm_tx_fh;
-+#endif
-+      
-+  printf("Loading NVM.\n");
-+  if (vtpm_tx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_tx_fh = open(DEV_FE, O_RDWR);
-+#else
-+      vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY);
-+#endif
-+  }
- 
--  *data_length = file_info.st_size; 
--  *data = tpm_malloc(*data_length);
--  if (*data == NULL) {
--    close(fp);
-+  if (vtpm_tx_fh < 0) {
-+              return -1;
-+  }
-+ 
-+  // Send request to VTPM Manager to encrypt data
-+#ifdef VTPM_MUTLI_VM
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_CLT;
-+#else
-+  out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
-+#endif
-+  out_data = ptr = (BYTE *) malloc(len);
-+
-+  if (ptr == NULL
-+#ifndef VTPM_MUTLI_VM
-+      || tpm_marshal_UINT32(&ptr, &len, dmi_id)
-+#endif  
-+      || tpm_marshal_UINT16(&ptr, &len, tag)
-+#ifdef VTPM_MUTLI_VM
-+      || tpm_marshal_UINT32(&ptr, &len, out_data_size)
-+#else
-+      || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t))
-+#endif
-+      || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_LOADNVM)) {
-+    free(out_data);
-     return -1;
-   }
--  res = read(fp, *data, *data_length);
--  close(fp);
-+
-+  printf("\tSending LoadNVM command\n");
-+  res = write(vtpm_tx_fh, out_data, out_data_size);
-+  free(out_data);
-+  if (res != out_data_size) return -1;
-+
-+    if (vtpm_rx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+    vtpm_rx_fh = vtpm_tx_fh;
-+#else
-+    if (vtpm_rx_name == NULL) {
-+      vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D));
-+      sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id);
-+    }
-+      vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY);
-+#endif
-+  }
-+
-+  if (vtpm_rx_fh < 0) {
-+              return -1;
-+  }
-+  
-+  // Read Header of response so we can get the size & status
-+#ifdef VTPM_MUTLI_VM
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_CLT;
-+#else
-+  in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
-+#endif
-+  in_header = ptr = malloc(in_header_size);
-+  
-+  printf("\tReading LoadNVM header\n");
-+  res = read(vtpm_rx_fh, in_header, in_header_size);
-+
-+  if ( (res != in_header_size)
-+#ifndef VTPM_MUTLI_VM
-+       || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id)
-+#endif
-+       || tpm_unmarshal_UINT16(&ptr, &len, &tag)
-+       || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size)
-+       || tpm_unmarshal_UINT32(&ptr, &len, &result) ) {
-+      free(in_header);
-+      return -1;
-+  }
-+  free(in_header);
-+  
-+  if (result != VTPM_SUCCESS) {
-+      return -1;  
-+  }
-+
-+  // Read Encrypted data from VTPM Manager
-+  *data_length = in_rsp_size - VTPM_COMMAND_HEADER_SIZE_CLT;
-+  *data = (uint8_t *) malloc(*data_length);
-+
-+  printf("\tReading clear data from LoadNVM.\n");
-+  res = read(vtpm_rx_fh, *data, *data_length);
-+#ifdef VTPM_MUTLI_VM
-+  close(vtpm_rx_fh);close(vtpm_tx_fh);
-+#endif 
-+      
-+  printf("\tReturing from loading NVM\n");
-   if (res != *data_length) {
--    tpm_free(*data);
--    return -1;
-+      free(*data);
-+      return -1;
-+  } else {
-+      return 0;
-   }
--  return 0;
-+
- }
- 
- #else
-diff -uprN tpm_emulator/tpmd.c vtpm/tpmd.c
---- tpm_emulator/tpmd.c        2006-12-08 12:51:29.000000000 -0800
-+++ vtpm/tpmd.c        2007-01-09 14:48:56.000000000 -0800
-@@ -21,12 +21,24 @@
- #include <sys/stat.h>
- #include <fcntl.h>
- #include <sys/time.h>
-+#include <sys/socket.h>
-+#include <sys/un.h>
-+#include <errno.h>
- 
- #include "tpm_emulator.h"
-+#include "vtpm_manager.h"
- 
--#define TPM_RX_FNAME "/var/tpm/tpm_in.fifo"
--#define TPM_TX_FNAME "/var/tpm/tpm_out.fifo"
-+#ifdef VTPM_MULTI_VM
-+ #define DEV_BE "/dev/vtpm"
-+#else
-+ #define PVM_RX_FIFO_D "/var/vtpm/fifos/tpm_cmd_to_%d.fifo"
-+ #define PVM_TX_FIFO "/var/vtpm/fifos/tpm_rsp_from_all.fifo"
- 
-+ #define HVM_RX_FIFO_D "/var/vtpm/socks/%d.socket"
-+#endif
-+
-+ int dmi_id;
-+                                              
- #define BUFFER_SIZE 2048
- 
- static int devurandom=0;
-@@ -38,7 +50,7 @@ void get_random_bytes(void *buf, int nby
-   }
- 
-   if (read(devurandom, buf, nbytes) != nbytes) {
--      printf("Can't get random number.\n");
-+      error("Can't get random number.\n");
-       exit(-1);
-   }
- }
-@@ -52,105 +64,182 @@ uint64_t tpm_get_ticks(void)
- 
- int main(int argc, char **argv)
- {
--  uint8_t in[BUFFER_SIZE], *out;
-+  uint8_t type, in[BUFFER_SIZE], *out, *addressed_out;
-+  char *vtpm_rx_file=NULL;
-   uint32_t out_size;
-   int in_size, written;
--  int i;
--  struct stat file_info;
-+  int i, guest_id=-1;
- 
--  int tpm_tx_fh=-1, tpm_rx_fh=-1;
-+#ifndef VTPM_MULTI_VM
-+  int sockfd = -1;
-+  struct sockaddr_un addr;
-+  struct sockaddr_un client_addr;
-+  unsigned int client_length;
-+
-+#endif
-+ 
-+  int vtpm_tx_fh=-1, vtpm_rx_fh=-1;
-+#ifdef VTPM_MULTI_VM
-   if (argc < 2) {
--    printf("Usage: tpmd clear|save|deactivated\n" );
-+    error("Usage: tpmd clear|save|deactivated\n" );
-+#else
-+  if (argc < 4) {
-+    error("Usage: tpmd clear|save|deactivated pvm|hvm vtpmid\n" );
-+#endif
-         return -1;
-   }
- 
-+#ifndef VTPM_MULTI_VM
-+  /* setup type of vm */
-+  if (!strcmp(argv[2], "pvm")) {
-+    type = VTPM_TYPE_PVM; // Get commands from vTPM Manager through fifo
-+  } else if (!strcmp(argv[2], "hvm")) {
-+    type = VTPM_TYPE_HVM; // Get commands from qemu via socket
-+  } else {
-+    error("invalid vTPM type '%s'.\n", argv[2]);
-+  }
-+
-+  dmi_id = atoi(argv[3]);
-+
-+  if (type == VTPM_TYPE_PVM) {
-+    vtpm_rx_file = malloc(10 + strlen(PVM_RX_FIFO_D));
-+    sprintf(vtpm_rx_file, PVM_RX_FIFO_D, (uint32_t) dmi_id);
-+  } else {
-+    vtpm_rx_file = malloc(10 + strlen(HVM_RX_FIFO_D));
-+    sprintf(vtpm_rx_file, HVM_RX_FIFO_D, (uint32_t) dmi_id);
-+
-+    if ( (sockfd = socket(PF_UNIX,SOCK_STREAM,0)) < 0) {
-+          error("Unable to create socket. errno = %d\n", errno);
-+      exit (-1);
-+    }
-+
-+    memset(&addr, 0, sizeof(addr));
-+    addr.sun_family = AF_UNIX;
-+    strcpy(addr.sun_path,vtpm_rx_file );
-+    unlink(addr.sun_path);
-+  }
-+#endif
-+
-+#ifdef VTPM_MULTI_VM
-+  info("Initializing tpm state: %s\n", argv[1]);
-+#else
-+  info("Initializing tpm state: %s, type: %s, id: %d\n", argv[1], argv[2], 
dmi_id);
-+#endif
-+
-   /* initialize TPM emulator */
-   if (!strcmp(argv[1], "clear")) {
--    printf("Initializing tpm: %s\n", argv[1]);
-     tpm_emulator_init(1);
--  } else if (!strcmp(argv[1], "save")) { 
--    printf("Initializing tpm: %s\n", argv[1]);
-+  } else if (!strcmp(argv[1], "save")) {
-     tpm_emulator_init(2);
-   } else if (!strcmp(argv[1], "deactivated")) {
--    printf("Initializing tpm: %s\n", argv[1]);
-     tpm_emulator_init(3);
-   } else {
--    printf("invalid startup mode '%s'; must be 'clear', "
-+    error("invalid startup mode '%s'; must be 'clear', "
-       "'save' (default) or 'deactivated", argv[1]);
-     return -1;
-   }
--
--  if ( stat(TPM_RX_FNAME, &file_info) == -1) {
--    if ( mkfifo(TPM_RX_FNAME, S_IWUSR | S_IRUSR ) ) {
--      printf("Failed to create fifo %s.\n", TPM_RX_FNAME);
--      return -1;
--    }
--  }
--
--  if ( stat(TPM_TX_FNAME, &file_info) == -1) {
--    if ( mkfifo(TPM_TX_FNAME, S_IWUSR | S_IRUSR ) ) {
--      printf("Failed to create fifo %s.\n", TPM_TX_FNAME);
--      return -1;
--    }
--  }
--
-+  
-   while (1) {
- abort_command:
--    if (tpm_rx_fh < 0) {
--      tpm_rx_fh = open(TPM_RX_FNAME, O_RDONLY);
-+    if (vtpm_rx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+      vtpm_rx_fh = open(DEV_BE, O_RDWR);
-+#else
-+      if (type == VTPM_TYPE_PVM) {
-+        vtpm_rx_fh = open(vtpm_rx_file, O_RDONLY);
-+      } else {
-+        if (bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
-+          error("Unable to bind(). errno = %d\n", errno);
-+          exit (-1);
-+        }
-+
-+        if (listen(sockfd, 10) <0) {
-+          error("Unable to listen(). errno = %d\n", errno);
-+          exit (-1);
-+        }
-+
-+        memset(&client_addr, 0, sizeof(client_addr));
-+        client_length = sizeof(client_addr);
-+
-+        vtpm_rx_fh = vtpm_tx_fh = accept(sockfd, (struct sockaddr 
*)&client_addr, &client_length);
-+      }
-+#endif
-     }
-     
--    if (tpm_rx_fh < 0) {
--      printf("ERROR: failed to open devices to listen to guest.\n");
-+    if (vtpm_rx_fh < 0) {
-+      error("Failed to open devices to listen to guest.\n");
-       return -1;
-     }
-     
--    if (tpm_tx_fh < 0) {
--      tpm_tx_fh = open(TPM_TX_FNAME, O_WRONLY);
--    }
--
--    if (tpm_tx_fh < 0) {
--      printf("ERROR: failed to open devices to respond to guest.\n");
--      return -1;
--    }
--
--    in_size = read(tpm_rx_fh, in, BUFFER_SIZE);
-+    in_size = read(vtpm_rx_fh, in, BUFFER_SIZE);
-     if (in_size < 6) { // Magic size of minium TPM command
--      printf("Recv[%d] to small: 0x", in_size);
-+      info("Recv incomplete command of %d bytes.", in_size);
-       if (in_size <= 0) {
--          close(tpm_rx_fh);
--          tpm_rx_fh = -1;
-+          close(vtpm_rx_fh);
-+          vtpm_rx_fh = -1;
-           goto abort_command;
-       }
-     } else { 
--      printf("Recv[%d]: 0x", in_size);
-+      debug_nostop("Recv[%d]: 0x", in_size);
-       for (i=0; i< in_size; i++) 
--        printf("%x ", in[i]);
--      printf("\n");
-+        debug_more("%x ", in[i]);
-+      debug_more("\n");
-     }
- 
--    
--    if (tpm_handle_command(in, in_size, &out, &out_size) != 0) { 
--        printf("ERROR: Handler Failed.\n");
-+    if (guest_id == -1) {
-+        guest_id = *((uint32_t *) in);
-+    } else {
-+        if (guest_id != *((uint32_t *) in) ) {
-+            error("WARNING: More than one guest attached\n");
-+        }
-+    }
-+
-+    if (vtpm_tx_fh < 0) {
-+#ifdef VTPM_MUTLI_VM
-+      vtpm_tx_fh = open(DEV_BE, O_RDWR);
-+      vtpm_rx_fh = vtpm_tx_fh;
-+#else
-+      if (type == VTPM_TYPE_PVM) {
-+        vtpm_tx_fh = open(PVM_TX_FIFO, O_WRONLY);
-+      } // No need to open the other direction for HVM
-+#endif
-+    }
-+
-+    if (vtpm_tx_fh < 0) {
-+      error("Failed to open devices to respond to guest.\n");
-+      return -1;
-+    }
-+
-+    // Handle the command, but skip the domain id header    
-+    if (tpm_handle_command(in + sizeof(uint32_t), in_size - sizeof(uint32_t), 
&out, &out_size) != 0) { 
-+      error("Handler Failed.\n");
-     }
- 
--    written = write(tpm_tx_fh, out, out_size);
-+    addressed_out = (uint8_t *) tpm_malloc(sizeof(uint32_t) + out_size);
-+    *(uint32_t *) addressed_out = *(uint32_t *) in;
-+    memcpy(addressed_out + sizeof(uint32_t), out, out_size);
-+
-+    written = write(vtpm_tx_fh, addressed_out, out_size + sizeof(uint32_t));
- 
--    if (written != out_size ) {
--      printf("ERROR: Part of response not written %d/%d.\nAttempt: ", 
written, out_size);
-+    if (written != out_size + sizeof(uint32_t)) {
-+      error("Part of response not written %d/%d.\n", written, out_size);
-     } else {
--      printf("Sent[%Zu]: ", out_size);
-+      debug_nostop("Sent[%Zu]: ", out_size + sizeof(uint32_t));
-+      for (i=0; i< out_size+ sizeof(uint32_t); i++)
-+        debug_more("%x ", addressed_out[i]);
-+      debug_more("\n");
-     }
--    for (i=0; i< out_size; i++)
--      printf("%x ", out[i]);
--    printf("\n");
-     tpm_free(out);
-+    tpm_free(addressed_out);
- 
-   } // loop
- 
-   tpm_emulator_shutdown();
- 
--  close(tpm_tx_fh);
--  close(tpm_rx_fh);
-+  close(vtpm_tx_fh);
-+#ifndef VTPM_MUTLI_VM
-+  close(vtpm_rx_fh);
-+  free (vtpm_rx_file);
-+#endif
- 
- }
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/COPYING
--- a/tools/vtpm_manager/COPYING        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,32 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/Makefile
--- a/tools/vtpm_manager/Makefile       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-XEN_ROOT = $(CURDIR)/../..
-
-# Base definitions and rules
-include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-SUBDIRS                = crypto tcs util manager migration
-OPENSSL_HEADER = /usr/include/openssl/crypto.h
-
-.PHONY: all clean install
-all clean install: %: subdirs-%
-
-.PHONY: mrproper
-mrproper:
-       @set -e; for subdir in $(SUBDIRS); do \
-               $(MAKE) -C $$subdir $@; \
-       done
-
-
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/README
--- a/tools/vtpm_manager/README Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above
-//     copyright notice, this list of conditions and the following
-//     disclaimer in the documentation and/or other materials provided
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-
-Directory Structure
-===================
-tools/vtpm_manager/crypto    -> crypto files
-tools/vtpm_manager/TCS       -> TCS implementation
-tools/vtpm_manager/util      -> Utility Library. Include disk-io and buffers.
-tools/vtpm_manager/manager   -> VTPM Manager
-
-Compile Flags
-===================
-LOGGING_MODULES              -> How extensive logging happens
-                                see util/log.h for more info
-
-VTPM_MULTI_VM                -> Defined: VTPMs run in their own VMs
-                                Not Defined (default): VTPMs are processes
-
-# Debugging flags that may disappear without notice in the future
-
-DUMMY_BACKEND                -> vtpm_manager listens on /tmp/in.fifo and 
-                                /tmp/out.fifo rather than backend
-
-MANUAL_DM_LAUNCH             -> Must manually launch & kill VTPMs
-
-WELL_KNOWN_OWNER_AUTH        -> Rather than randomly generating the password 
for the owner,
-                                use a well known value. This is useful for 
debugging and for
-                                poor bios which do not support clearing TPM if 
OwnerAuth is
-                                lost. However this has no protection from 
malicious app
-                                issuing a TPM_OwnerClear to wipe the TPM 
-
-Requirements
-============
-- xen-unstable 
-- vtpm frontend/backend driver patch
-- OpenSSL Library
-
-Single-VM Flow
-============================
-- Launch the VTPM manager (vtpm_managerd) which which begins listening to the 
BE with one thread
-  and listens to a named fifo that is shared by the vtpms to commuincate with 
the manager.
-- VTPM Manager listens to TPM BE.
-- When xend launches a tpm frontend equipped VM it contacts the manager over 
the vtpm backend. 
-- When the manager receives the open message from the BE, it launches a vtpm
-- Xend allows the VM to continue booting. 
-- When a TPM request is issued to the front end, the front end transmits the 
TPM request to the backend.
-- The manager receives the TPM requests and uses a named fifo to forward the 
request to the vtpm.
-- The fifo listener begins listening for the reply from vtpm for the request.
-- Vtpm processes request and replies to manager over shared named fifo.
-- If needed, the vtpm may send a request to the vtpm_manager at any time to 
save it's secrets to disk.
-- Manager receives response from vtpm and passes it back to backend for 
forwarding to guest.
-
-NOTES:
-* SaveService SHOULD seal it's table before saving it to disk. However,
-  the current Xen infrastructure does not provide a mechanism for this to be
-  unsealed later. Specifically, the auth and wrapped key must be available ONLY
-  to the service, or it's not even worth encrypting
-
-  In the future the vtpm manager will be protected by an early boot mechanism
-  that will allow for better protection of it's data.
-
-TODO:
-- Timeout on crashed vtpms
-- create lock for shared fifo for talking to vtpms.
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/Rules.mk
--- a/tools/vtpm_manager/Rules.mk       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,59 +0,0 @@
-# Base definitions and rules (XEN_ROOT must be defined in including Makefile)
-include $(XEN_ROOT)/tools/Rules.mk
-
-#
-# Tool definitions
-#
-
-# General compiler flags
-CFLAGS = -Werror -g3
-
-# Generic project files
-HDRS   = $(wildcard *.h)
-SRCS   = $(wildcard *.c)
-OBJS   = $(patsubst %.c,%.o,$(SRCS))
-
-# Generic (non-header) dependencies
-$(SRCS): Makefile $(XEN_ROOT)/tools/Rules.mk 
$(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-$(OBJS): $(SRCS)
-
--include $(FILES)
-
-# Make sure these are just rules
-.PHONY : all build install clean
-
-#
-# Project-specific definitions
-#
-
-# Need UNIX98 spec for pthread rwlocks
-CFLAGS += -D_GNU_SOURCE
-
-# Logging Level. See utils/tools.h for usage
-CFLAGS += 
-DLOGGING_MODULES="(BITMASK(VTPM_LOG_TCS)|BITMASK(VTPM_LOG_VTSP)|BITMASK(VTPM_LOG_VTPM))"
-
-# Silent Mode
-#CFLAGS += -DLOGGING_MODULES=0x0
-#CFLAGS += -DLOGGING_MODULES=0xff
-
-# Use frontend/backend pairs between manager & DMs?
-#CFLAGS += -DVTPM_MULTI_VM
-
-# vtpm_manager listens on fifo's rather than backend
-#CFLAGS += -DDUMMY_BACKEND
-
-# TCS talks to fifo's rather than /dev/tpm. TPM Emulator assumed on fifos
-#CFLAGS += -DDUMMY_TPM
-
-# Do not have manager launch DMs.
-#CFLAGS += -DMANUAL_DM_LAUNCH
-
-# Fixed OwnerAuth
-#CFLAGS += -DWELL_KNOWN_OWNER_AUTH
-
-# Include
-CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/crypto
-CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/util
-CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/tcs
-CFLAGS += -I$(XEN_ROOT)/tools/vtpm_manager/manager
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/Makefile
--- a/tools/vtpm_manager/crypto/Makefile        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-XEN_ROOT = $(CURDIR)/../../..
-include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-BIN            = libtcpaCrypto.a
-
-.PHONY: all
-all: build
-
-.PHONY: build
-build: $(BIN)
-
-.PHONY: install
-install: build
-
-.PHONY: clean
-clean:
-       rm -f *.a *.so *.o *.rpm $(DEP_FILES)
-
-.PHONY: mrproper
-mrproper: clean
-       rm -f *~
-
-$(BIN): $(OBJS)
-       $(AR) rcs $(BIN) $(OBJS)
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/crypto.c
--- a/tools/vtpm_manager/crypto/crypto.c        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,88 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// crypto.c
-// 
-//  This file will handle all the TPM Crypto functionality
-// 
-// ==================================================================
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include "crypto.h"
-#include "log.h"
-
-/**
- * Initialize cryptography library
- * @rand: random seed
- * @size: size of @rand
- */
-void Crypto_Init(const BYTE* rand, int size) {
-       ERR_load_crypto_strings();
-  CRYPTO_malloc_init();
-  OpenSSL_add_all_algorithms();
-  SYM_CIPHER = EVP_aes_128_cbc();
-  RAND_poll();
-  if (rand == NULL)
-    return;
-
-  RAND_add(rand, size, size);
-}
-
-/**
- * Shutdown cryptography library
- */
-void Crypto_Exit() {
-  ERR_free_strings();
-  ERR_remove_state(0);
-  EVP_cleanup();
-}
-
-
-/**
- * Get random data
- * @data: (OUT) Random data
- * @size: Size of @data
- */
-void Crypto_GetRandom(void* data, int size) {
-  int result;
-  
-  result = RAND_pseudo_bytes((BYTE*) data, size);
-  
-  if (result <= 0) 
-    vtpmlogerror (VTPM_LOG_CRYPTO, "RAND_pseudo_bytes failed: %s\n",
-            ERR_error_string (ERR_get_error(), NULL));
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/crypto.h
--- a/tools/vtpm_manager/crypto/crypto.h        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,175 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// crypto.h
-// 
-//  This file defines the TPM Crypto API
-//
-// ==================================================================
-
-#ifndef __CRYPTO_H__
-#define __CRYPTO_H__
-
-#include <stddef.h>
-#include <stdint.h>
-#include <stdbool.h>
-
-#include "tcg.h"
-#include "sym_crypto.h"
-
-#define CRYPTO_MAX_SIG_SIZE (2048 / 8)
-#define CRYPTO_MAX_RSA_KEY_SIZE (4096 / 8) //in bytes
-
-#define OAEP_P "TCPA"
-#define OAEP_P_SIZE 4
-
-// Algorithms supported by crypto. Stored in CRYPTO_INFO.algorithmID
-#define CRYPTO_ALGORITH_RSA 0x01
-
-// Supported Encryption Schemes CRYPTO_INFO.encScheme
-#define CRYPTO_ES_NONE 0x0001
-#define CRYPTO_ES_RSAESPKCSv15 0x0002
-#define CRYPTO_ES_RSAESOAEP_SHA1_MGF1 0x0003
-
-// Supported Signature schemes CRYPTO_INFO.sigScheme
-#define CRYPTO_SS_NONE 0x0001
-#define CRYPTO_SS_RSASSAPKCS1v15_SHA1 0x0002
-#define CRYPTO_SS_RSASSAPKCS1v15_DER 0x0003
-
-typedef struct CRYPTO_INFO {
-  void *keyInfo;
-  UINT32 algorithmID;
-  UINT32 encScheme;
-  UINT32 sigScheme;
-} CRYPTO_INFO;
-
-
-void Crypto_Init(const BYTE* rand, int size);
-
-void Crypto_Exit();
-
-void Crypto_GetRandom(void* data, int size);
-
-void Crypto_HMAC(   const BYTE* text, 
-                    int text_len, 
-                    const BYTE* key, 
-                    int key_len,
-                    BYTE* digest);
-
-TPM_RESULT Crypto_HMAC_buf (const buffer_t * text,
-                            const buffer_t * key,
-                            BYTE * o_digest); /* presumably of 20 bytes */
-    
-void Crypto_SHA1Full(   const BYTE* text, 
-                        UINT32 size,
-                        BYTE* hash); //Complete 3part SHA1
-
-// o_hash needs to be large enough to hold the digest, ie 20 bytes
-TPM_RESULT Crypto_SHA1Full_buf (const buffer_t * buf,
-                                BYTE * o_hash);
-    
-void Crypto_SHA1Start(UINT32* maxNumBytes);
-void Crypto_SHA1Update(int numBytes, const BYTE* hashData);
-void Crypto_SHA1Complete(   int hashDataSize, 
-                            const BYTE* hashData, 
-                            BYTE* hashValue);
-
-void Crypto_RSACreateKey(   /*in*/ UINT32 keySize,
-                            /*in*/ UINT32 pubExpSize, 
-                            /*in*/ BYTE *pubExp,
-                            /*out*/ UINT32 *privExpSize, 
-                            /*out*/ BYTE *privExp,
-                            /*out*/ UINT32 *modulusSize,
-                            /*out*/ BYTE *modulus,
-                            /*out*/ CRYPTO_INFO *keys);
-                            
-void Crypto_RSABuildCryptoInfo( /*[IN]*/ UINT32 pubExpSize, 
-                                /*[IN]*/ BYTE *pubExp,
-                                /*[IN]*/ UINT32 privExpSize, 
-                                /*[IN]*/ BYTE *privExp,
-                                /*[IN]*/ UINT32 modulusSize, 
-                                /*[IN]*/ BYTE *modulus, 
-                                /*[OUT]*/ CRYPTO_INFO* cryptoInfo);
-                                
-void Crypto_RSABuildCryptoInfoPublic(   /*[IN]*/ UINT32 pubExpSize, 
-                                        /*[IN]*/ BYTE *pubExp,
-                                        /*[IN]*/ UINT32 modulusSize, 
-                                        /*[IN]*/ BYTE *modulus, 
-                                        CRYPTO_INFO* cryptoInfo);
-
-//
-// symmetric pack and unpack operations
-//
-TPM_RESULT Crypto_RSAPackCryptoInfo (const CRYPTO_INFO* cryptoInfo,
-                                     BYTE ** io_buf, UINT32 * io_buflen);
-
-TPM_RESULT Crypto_RSAUnpackCryptoInfo (CRYPTO_INFO * ci,
-                                       BYTE * in, UINT32 len,
-                                       UINT32 * o_lenread);
-
-                             
-// return 0 on success, -1 on error
-int Crypto_RSAEnc(  CRYPTO_INFO *keys,
-                    UINT32 inDataSize,
-                    BYTE *inData,
-                    /*out*/ UINT32 *outDataSize,
-                    /*out*/ BYTE *outData);
-
-// return 0 on success, -1 on error
-int Crypto_RSADec(  CRYPTO_INFO *keys,
-                    UINT32 inDataSize,
-                    BYTE *inData,
-                    /*out*/ UINT32 *outDataSize,
-                    /*out*/ BYTE *outData);
-
-// return 0 on success, -1 on error
-int Crypto_RSASign( CRYPTO_INFO *keys,
-                    UINT32 inDataSize,
-                    BYTE *inData,
-                    /*out*/ UINT32 *sigSize,
-                    /*out*/ BYTE *sig);
-
-bool Crypto_RSAVerify(  CRYPTO_INFO *keys,
-                        UINT32 inDataSize,
-                        BYTE *inData,
-                        UINT32 sigSize,
-                        BYTE *sig);
-
-//private:
-int RSA_verify_DER(int dtype, unsigned char *m, unsigned int m_len,
-                   unsigned char *sigbuf, unsigned int siglen, CRYPTO_INFO 
*key);
-
-int RSA_sign_DER(int type, unsigned char *m, unsigned int m_len,
-              unsigned char *sigret, unsigned int *siglen, CRYPTO_INFO *key);
-
-#endif // __CRYPTO_H__
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/hash.c
--- a/tools/vtpm_manager/crypto/hash.c  Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,153 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// hash.c
-// 
-//  This file will handle all the TPM Hash functionality
-//
-// ==================================================================
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#include "tcg.h"         // for TPM_SUCCESS
-#include "crypto.h"
-
-static SHA_CTX g_shaContext;
-
-void Crypto_HMAC(   const BYTE* text, 
-                    int text_len, 
-                    const BYTE* key, 
-                    int key_len, 
-                    BYTE* digest) {
-  if (text == NULL || key == NULL || text_len == 0 || key_len == 0) 
-    return;
-  
-  HMAC(EVP_sha1(), key, key_len, text, text_len, digest, NULL);
-}
-
-TPM_RESULT Crypto_HMAC_buf (const buffer_t * text,
-                           const buffer_t * key,
-                           BYTE * o_digest) { /* presumably of 20 bytes */
-  
-  Crypto_HMAC (text->bytes, text->size, 
-              key->bytes, key->size,
-              o_digest);
-  
-  return TPM_SUCCESS;
-}
-
-
-/*
- * SHA1
- * (OUT) Create a SHA1 hash of text. Calls all three SHA1 steps internally
- */
-void Crypto_SHA1Full( const BYTE* text, 
-      uint32_t size, 
-      BYTE* hash) {
-
-  if (text == NULL || size == 0) 
-    return;
-  
-  // Run SHA1Start + SHAUpdate (if necessary) + SHAComplete
-  uint32_t maxBytes; // Not used for anything
-  Crypto_SHA1Start(&maxBytes);
-  
-  while (size > 64){
-    Crypto_SHA1Update(64, text); 
-    size -= 64;
-    text += 64;
-  }
-  
-  Crypto_SHA1Complete(size, text, hash);
-}
-
-// same thing using buffer_t
-TPM_RESULT Crypto_SHA1Full_buf (const buffer_t * buf,
-                                 BYTE * o_digest) {
-
-  if (buf->bytes == NULL || buf->size == 0) 
-    return TPM_BAD_PARAMETER;
-  
-  Crypto_SHA1Full (buf->bytes, buf->size, o_digest);
-  
-  return TPM_SUCCESS;
-}
-
-
-/*
- * Initialize SHA1
- * (OUT) Maximum number of bytes that can be sent to SHA1Update. 
- *   Must be a multiple of 64 bytes.
- */
-void Crypto_SHA1Start(uint32_t* maxNumBytes) {
-  int max = SHA_CBLOCK;
-  // Initialize the crypto library
-  SHA1_Init(&g_shaContext);
-  *maxNumBytes = max;
-}
-
-/*
- * Process SHA1
- * @numBytes: (IN) The number of bytes in hashData. 
- *       Must be a multiple of 64 bytes.
- * @hashData: (IN) Bytes to be hashed.
- */
-void Crypto_SHA1Update(int numBytes, const BYTE* hashData) {
-
-  if (hashData == NULL || numBytes == 0 || numBytes%64 != 0) 
-    return;
-  
-  SHA1_Update(&g_shaContext, hashData, numBytes); 
-}
-
-/*
- * Complete the SHA1 process
- * @hashDataSize: (IN) Number of bytes in hashData.
- *       Must be a multiple of 64 bytes.
- * @hashData: (IN) Final bytes to be hashed.
- * @hashValue: (OUT) The output of the SHA-1 hash.
- */
-void Crypto_SHA1Complete(int hashDataSize, 
-                        const BYTE* hashData, 
-                        BYTE* hashValue) {
-  SHA1_Update(&g_shaContext, hashData, hashDataSize);
-  SHA1_Final(hashValue, &g_shaContext);
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/rsa.c
--- a/tools/vtpm_manager/crypto/rsa.c   Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,434 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// rsa.c
-// 
-//  This file will handle all the TPM RSA crypto functionality
-// 
-// ==================================================================
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-
-#include <openssl/err.h>
-#include <stdio.h>
-
-#include "tcg.h"
-#include "buffer.h"
-#include "crypto.h"
-#include "log.h"
-
-void Crypto_RSACreateKey(   /*in*/ UINT32 keySize,
-                            /*in*/ UINT32 pubExpSize, 
-                            /*in*/ BYTE *pubExp,
-                            /*out*/ UINT32 *privExpSize, 
-                            /*out*/ BYTE *privExp,
-                            /*out*/ UINT32 *modulusSize,        
-                            /*out*/ BYTE *modulus,
-                            /*out*/ CRYPTO_INFO *keys) {
-  unsigned long e_value;
-  
-  if (pubExpSize == 0) // Default e = 2^16+1
-    e_value = (0x01 << 16) + 1;
-  else {
-    // This is not supported, but the following line MIGHT work
-    // under then assumption that the format is BigNum compatable
-    // Though it's not in the spec, so who knows what it is.
-    // Forcing the default.
-    //BN_bin2bn(pubExp, pubExpSize, NULL);
-    e_value = (0x01 << 16) + 1;
-  }
-
-  RSA *rsa = RSA_generate_key(keySize, e_value, NULL, NULL);
-  
-  if (keys) {
-    keys->keyInfo = rsa;
-    keys->algorithmID = CRYPTO_ALGORITH_RSA;
-  }
-  
-  if (modulus)   *modulusSize   = BN_bn2bin(rsa->n, modulus);
-  if (privExp)   *privExpSize   = BN_bn2bin(rsa->d, privExp);
-}
-
-// Create a CRYPTO_INFO struct from the BYTE * key parts. 
-// If pubExp info is NULL, use TCG default.
-// If there is a remainder while calculating the privExp, return FALSE.
-
-void Crypto_RSABuildCryptoInfo( /*[IN]*/ UINT32 pubExpSize, 
-                                /*[IN]*/ BYTE *pubExp,
-                                /*[IN]*/ UINT32 privExpSize, 
-                                /*[IN]*/ BYTE *privExp,
-                                /*[IN]*/ UINT32 modulusSize, 
-                                /*[IN]*/ BYTE *modulus, 
-                                CRYPTO_INFO* cryptoInfo) {
-  cryptoInfo->keyInfo = RSA_new();
-  RSA *rsa = (RSA *) cryptoInfo->keyInfo;
-  
-  rsa->e = BN_new();
-  
-  if (pubExpSize == 0) { // Default e = 2^16+1
-    BN_set_bit(rsa->e, 16);
-    BN_set_bit(rsa->e, 0);
-  } else {
-    // This is not supported, but the following line MIGHT work
-    // under then assumption that the format is BigNum compatable
-    // Though it's not in the spec, so who knows what it is.
-    // Forcing the default.
-    //BN_bin2bn(pubExp, pubExpSize, NULL);
-    BN_set_bit(rsa->e, 16);
-    BN_set_bit(rsa->e, 0);
-  }
-  
-  rsa->n = BN_bin2bn(modulus, modulusSize, NULL);
-  rsa->d = BN_bin2bn(privExp, privExpSize, NULL);
-}
-
-// Create a CRYPTO_INFO struct from the BYTE * key parts. 
-// If pubExp info is NULL, use TCG default.
-// If there is a remainder while calculating the privExp, return FALSE.
-
-void Crypto_RSABuildCryptoInfoPublic(   /*[IN]*/ UINT32 pubExpSize, 
-                                        /*[IN]*/ BYTE *pubExp,
-                                        /*[IN]*/ UINT32 modulusSize, 
-                                        /*[IN]*/ BYTE *modulus, 
-                                        CRYPTO_INFO* cryptoInfo) {
-  cryptoInfo->keyInfo = RSA_new();
-  RSA *rsa = (RSA *) cryptoInfo->keyInfo;
-  
-  rsa->e = BN_new();
-  
-  if (pubExpSize == 0) { // Default e = 2^16+1
-    BN_set_bit(rsa->e, 16);
-    BN_set_bit(rsa->e, 0);
-  } else {
-    // This is not supported, but the following line MIGHT work
-    // under then assumption that the format is BigNum compatable
-    // Though it's not in the spec, so who knows what it is.
-    // Forcing the default.
-    //BN_bin2bn(pubExp, pubExpSize, NULL);
-    BN_set_bit(rsa->e, 16);
-    BN_set_bit(rsa->e, 0);
-  }
-  
-  rsa->n = BN_bin2bn(modulus, modulusSize, NULL);
-  
-}
-
-int Crypto_RSAEnc(  CRYPTO_INFO *key,
-                   UINT32 inDataSize,
-                   BYTE *inData,
-                   /*out*/ UINT32 *outDataSize,
-                   /*out*/ BYTE *outData) {
-  RSA *rsa = (RSA *) key->keyInfo;
-  UINT32 paddedDataSize = RSA_size (rsa);
-  BYTE *paddedData = (BYTE *)malloc(sizeof(BYTE) * paddedDataSize);
-  int rc;
-    
-  if (paddedData == NULL) 
-    return -1;
-
-  *outDataSize = 0;
-  
-  switch (key->encScheme) {
-  case CRYPTO_ES_RSAESPKCSv15:
-    if (RSA_padding_add_PKCS1_type_2(paddedData, paddedDataSize, inData, 
inDataSize) <= 0) {
-      rc = -1; 
-      goto abort_egress;
-    }
-    break;
-  case CRYPTO_ES_RSAESOAEP_SHA1_MGF1:
-    if 
(RSA_padding_add_PKCS1_OAEP(paddedData,paddedDataSize,inData,inDataSize, (BYTE 
*) OAEP_P,OAEP_P_SIZE) <= 0 ) {
-      rc = -1; 
-      goto abort_egress;
-    }
-    break;
-  default:
-    rc = -1; 
-    goto abort_egress;
-  }
-  
-  rc = RSA_public_encrypt(paddedDataSize, paddedData, outData, rsa, 
RSA_NO_PADDING);
-  if (rc == -1)
-    goto abort_egress; 
-   
-  *outDataSize = rc;
-  
-  if (rc > 0) rc = 0;
-  
-  goto egress;
-  
- abort_egress:
- egress:
-  
-  if (paddedData) 
-    free (paddedData);
-  return rc;
-  
-}
-
-int Crypto_RSADec(  CRYPTO_INFO *key,
-                    UINT32 inDataSize,
-                    BYTE *inData,
-                    /*out*/ UINT32 *outDataSize,
-                    /*out*/ BYTE *outData) {
-  
-  RSA *rsa = (RSA *) key->keyInfo;
-  UINT32 paddedDataSize = RSA_size (rsa);
-  BYTE *paddedData = (BYTE *)malloc(sizeof(BYTE) * paddedDataSize);
-  int rc;
-  
-  if (paddedData == NULL)
-    goto abort_egress;
-  
-  rc = RSA_private_decrypt(inDataSize, inData, paddedData, rsa, 
RSA_NO_PADDING);
-  if (rc == -1) {
-    vtpmlogerror(VTPM_LOG_CRYPTO, "RSA_private_decrypt: %s\n", 
ERR_error_string(ERR_get_error(), NULL));
-    goto abort_egress;
-  }
-  
-  paddedDataSize = rc;
-  
-  switch (key->encScheme) {
-  case CRYPTO_ES_RSAESPKCSv15:
-    rc = RSA_padding_check_PKCS1_type_2 (outData, paddedDataSize,
-                                        paddedData + 1, paddedDataSize - 1,
-                                        RSA_size(rsa));
-    if (rc == -1) {
-      vtpmlogerror(VTPM_LOG_CRYPTO, "RSA_padding_check_PKCS1_type_2: %s\n", 
-             ERR_error_string(ERR_get_error(), NULL));
-      goto abort_egress;
-    }
-    *outDataSize = rc;
-    break;
-  case CRYPTO_ES_RSAESOAEP_SHA1_MGF1:
-    rc = RSA_padding_check_PKCS1_OAEP(outData, paddedDataSize,
-                                     paddedData + 1, paddedDataSize - 1,
-                                     RSA_size(rsa),
-                                     (BYTE *) OAEP_P, OAEP_P_SIZE);
-    if (rc == -1) {
-      vtpmlogerror(VTPM_LOG_CRYPTO, "RSA_padding_check_PKCS1_OAEP: %s\n",
-             ERR_error_string(ERR_get_error(), NULL));
-      goto abort_egress;
-    }
-    *outDataSize = rc;
-    break;
-  default:
-    *outDataSize = 0;
-  }
-  
-  free(paddedData); paddedData = NULL;
-  goto egress;
-  
- abort_egress:
-  
-  if (paddedData) 
-    free (paddedData);
-  return -1;
-  
- egress:
-  return 0;
-}
-
-// Signs either a SHA1 digest of a message or a DER encoding of a message
-// Textual messages MUST be encoded or Hashed before sending into this function
-// It will NOT SHA the message.
-int Crypto_RSASign( CRYPTO_INFO *key,
-                    UINT32 inDataSize,
-                    BYTE *inData,
-                    /*out*/ UINT32 *sigSize,
-                    /*out*/ BYTE *sig) {
-  int status;
-  unsigned int intSigSize;
-  
-  switch(key->sigScheme) {
-  case CRYPTO_SS_RSASSAPKCS1v15_SHA1: 
-    status = RSA_sign(NID_sha1, inData, inDataSize, sig, &intSigSize, (RSA *) 
key->keyInfo);
-    break;
-  case CRYPTO_SS_RSASSAPKCS1v15_DER:
-    //        status = Crypto_RSA_sign_DER(NID_md5_sha1, inData, inDataSize, 
sig, &intSigSize, key);
-    vtpmlogerror(VTPM_LOG_CRYPTO, "Crypto: Unimplemented sign type (%d)\n", 
key->sigScheme);
-    status = 0;
-    break;
-  default:
-    status = 0;
-  }
-  
-  if (status == 0) {
-    *sigSize = 0;
-    vtpmlogerror(VTPM_LOG_CRYPTO, "%s\n", ERR_error_string(ERR_get_error(), 
NULL));
-    return -1;
-  }
-  
-  *sigSize = (UINT32) intSigSize;
-  return 0;
-}
-
-bool Crypto_RSAVerify(  CRYPTO_INFO *key,
-                        UINT32 inDataSize,
-                        BYTE *inData,
-                        UINT32 sigSize,
-                        BYTE *sig) {
-  int status;
-  
-  switch(key->sigScheme){
-  case CRYPTO_SS_RSASSAPKCS1v15_SHA1: 
-    status = RSA_verify(NID_sha1, inData, inDataSize, sig, sigSize, (RSA *) 
key->keyInfo);
-    break;
-  case CRYPTO_SS_RSASSAPKCS1v15_DER:
-    //status = Crypto_RSA_verify_DER(NID_md5_sha1, inData, inDataSize, sig, 
sigSize, key);
-    vtpmlogerror(VTPM_LOG_CRYPTO, "Crypto: Unimplemented sign type (%d)\n", 
key->sigScheme);
-    status = 0;
-    break;
-  default:
-    status = 0;
-  }
-  
-  if (status) 
-    return(1);
-  else {
-    vtpmlogerror(VTPM_LOG_CRYPTO, "RSA verify: %s\n", 
ERR_error_string(ERR_get_error(), NULL));
-    return(0);
-  }
-  
-}
-
-// helper which packs everything into a BIO!
-
-// packs the parameters first, then the private key, then the public key
-// if *io_buf is NULL, allocate it here as needed. otherwise its size is in
-// *io_buflen
-TPM_RESULT Crypto_RSAPackCryptoInfo (const CRYPTO_INFO* cryptoInfo,
-                                      BYTE ** io_buf, UINT32 * io_buflen) {
-  TPM_RESULT status = TPM_SUCCESS;
-  BYTE * buf;
-  long len, outlen = *io_buflen;
-  
-  const long PARAMSLEN = 3*sizeof(UINT32);
-  
-  RSA *rsa = (RSA *) cryptoInfo->keyInfo;
-  
-  BIO *mem = BIO_new(BIO_s_mem());
-  
-  
-  // write the openssl keys to the BIO
-  if ( i2d_RSAPrivateKey_bio (mem, rsa) == 0 ) {
-    ERR_print_errors_fp (stderr);
-    ERRORDIE (TPM_SIZE);
-  }
-  if ( i2d_RSAPublicKey_bio (mem, rsa) == 0 ) {
-    ERR_print_errors_fp (stderr);
-    ERRORDIE (TPM_SIZE);
-  }
-  
-  // get the buffer out
-  len = BIO_get_mem_data (mem, &buf);
-  
-  // see if we need to allocate a return buffer
-  if (*io_buf == NULL) {
-    *io_buf = (BYTE*) malloc (PARAMSLEN + len);
-    if (*io_buf == NULL) 
-      ERRORDIE (TPM_SIZE);
-  } else {                      // *io_buf is already allocated
-    if (outlen < len + PARAMSLEN) 
-      ERRORDIE (TPM_SIZE); // but not large enough!  
-  }
-  
-  // copy over the parameters (three UINT32's starting at algorithmID)
-  memcpy (*io_buf, &cryptoInfo->algorithmID, PARAMSLEN);
-  
-  // copy over the DER keys
-  memcpy (*io_buf + PARAMSLEN, buf, len);
-  
-  *io_buflen = len + PARAMSLEN;
-  
-  goto egress;
-  
-  
- abort_egress:
- egress:
-  
-  BIO_free (mem);
-  
-  return status;
-}
-
-
-
-// sets up ci, and returns the number of bytes read in o_lenread
-TPM_RESULT Crypto_RSAUnpackCryptoInfo (CRYPTO_INFO * ci,
-                                        BYTE * in, UINT32 len,
-                                        UINT32 * o_lenread) {
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  long l;
-  BIO *mem;
-  RSA *rsa;
-  
-  // first load up the params
-  l = 3 * sizeof(UINT32);
-  memcpy (&ci->algorithmID, in, l);
-  len -= l;
-  in += l;
-  
-  // and now the openssl keys, private first
-  mem = BIO_new_mem_buf (in, len);
-  
-  if ( (rsa = d2i_RSAPrivateKey_bio (mem, NULL)) == NULL ) {
-    ERR_print_errors_fp (stderr);
-    ERRORDIE (TPM_BAD_PARAMETER);
-  }
-  // now use the same RSA object and fill in the private key
-  if ( d2i_RSAPublicKey_bio (mem, &rsa) == NULL ) {
-    ERR_print_errors_fp (stderr);
-    ERRORDIE (TPM_BAD_PARAMETER);
-  }
-  
-  ci->keyInfo = rsa;          // needs to be freed somehow later
-  
-  // FIXME: havent figured out yet how to tell how many bytes were read in the
-  // above oprations! so o_lenread is not set
-  
-  goto egress;
-  
- abort_egress:
- egress:
-  
-  BIO_free (mem);
- 
-  return status;  
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/sym_crypto.c
--- a/tools/vtpm_manager/crypto/sym_crypto.c    Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,237 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// sym_crypto.c
-// 
-//     Symmetric crypto portion of crypto 
-// 
-// ==================================================================
-
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-
-#include "tcg.h"
-#include "sym_crypto.h"
-
-typedef enum crypt_op_type_t {
-  CRYPT_ENCRYPT,
-  CRYPT_DECRYPT
-} crypt_op_type_t;
-
-TPM_RESULT ossl_symcrypto_op (symkey_t* key,
-                              const buffer_t* in,
-                              const buffer_t* iv,
-                              buffer_t * out,
-                              crypt_op_type_t optype);
-
-
-// this is initialized in Crypto_Init()
-const EVP_CIPHER * SYM_CIPHER = NULL;
-
-const BYTE ZERO_IV[EVP_MAX_IV_LENGTH] = {0};
-
-
-TPM_RESULT Crypto_symcrypto_initkey (symkey_t * key, const buffer_t* keybits) {
-  TPM_RESULT status = TPM_SUCCESS;
-  
-  EVP_CIPHER_CTX_init (&key->context);
-  
-  key->cipher = SYM_CIPHER;
-  
-  TPMTRYRETURN( buffer_init_copy (&key->key, keybits));
-    
-  goto egress;
-  
- abort_egress:
-  EVP_CIPHER_CTX_cleanup (&key->context);
-  
- egress:
-  
-  return status;
-}
-
-
-
-TPM_RESULT Crypto_symcrypto_genkey (symkey_t * key) {
-  int res;
-  TPM_RESULT status = TPM_SUCCESS;
-  
-  // hmm, EVP_CIPHER_CTX_init does not return a value
-  EVP_CIPHER_CTX_init (&key->context);
-  
-  key->cipher = SYM_CIPHER;
-  
-  TPMTRYRETURN( buffer_init (&key->key, EVP_CIPHER_key_length(key->cipher), 
NULL)) ;
-  
-  // and generate the key material
-  res = RAND_pseudo_bytes (key->key.bytes, key->key.size);
-  if (res < 0) 
-    ERRORDIE (TPM_SHORTRANDOM);
-  
-  
-  goto egress;
-  
- abort_egress:
-  EVP_CIPHER_CTX_cleanup (&key->context);
-  buffer_free (&key->key);
-  
- egress:
-  return status;  
-}
-
-
-TPM_RESULT Crypto_symcrypto_encrypt (symkey_t* key,
-                              const buffer_t* clear,
-                              buffer_t* o_cipher) {
-  TPM_RESULT status = TPM_SUCCESS;
-  
-  buffer_t iv, cipher_alias;
-  
-  buffer_init_const (&iv, EVP_MAX_IV_LENGTH, ZERO_IV);
-  
-  buffer_init (o_cipher,
-              clear->size +
-              EVP_CIPHER_iv_length(key->cipher) +
-              EVP_CIPHER_block_size (key->cipher),
-                                0);
-  
-  // copy the IV into the front
-  buffer_copy (o_cipher, &iv);
-  
-  // make an alias into which we'll put the ciphertext
-  buffer_init_alias (&cipher_alias, o_cipher, 
EVP_CIPHER_iv_length(key->cipher), 0);
-  
-  TPMTRYRETURN( ossl_symcrypto_op (key, clear, &iv, &cipher_alias, 
CRYPT_ENCRYPT) );
-
-  // set the output size correctly
-  o_cipher->size += cipher_alias.size;
-  
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  return status;
-  
-}
-
-
-
-TPM_RESULT Crypto_symcrypto_decrypt (symkey_t* key,
-                              const buffer_t* cipher,
-                              buffer_t* o_clear) {
-  TPM_RESULT status = TPM_SUCCESS;
-  
-  buffer_t iv, cipher_alias;
-  
-  // alias for the IV
-  buffer_init_alias (&iv, cipher, 0, EVP_CIPHER_iv_length(key->cipher));
-  
-  // make an alias to where the ciphertext is, after the IV
-  buffer_init_alias (&cipher_alias, cipher, EVP_CIPHER_iv_length(key->cipher), 
0);
-  
-  // prepare the output buffer
-  TPMTRYRETURN( buffer_init (o_clear,
-                       cipher->size
-                       - EVP_CIPHER_iv_length(key->cipher)
-                       + EVP_CIPHER_block_size(key->cipher), 
-                       0) );
-  
-  // and decrypt
-  TPMTRYRETURN ( ossl_symcrypto_op (key, &cipher_alias, &iv, o_clear, 
CRYPT_DECRYPT) );
-  
-  goto egress;
-  
- abort_egress:
-  buffer_free (o_clear);
-  
- egress:
-  
-  return status;
-}
-
-
-
-TPM_RESULT Crypto_symcrypto_freekey (symkey_t * key) {
-  buffer_memset (&key->key, 0);
-  buffer_free (&key->key);
-  
-  EVP_CIPHER_CTX_cleanup (&key->context);
-  
-  return TPM_SUCCESS;
-}
-
-
-TPM_RESULT ossl_symcrypto_op (symkey_t* key,
-                              const buffer_t* in,
-                              const buffer_t* iv,
-                              buffer_t * out,
-                              crypt_op_type_t optype) {
-  TPM_RESULT status = TPM_SUCCESS;
-  
-  int inlen, outlen;
-  tpm_size_t running;
-  
-  if ( ! EVP_CipherInit_ex (&key->context,
-                           key->cipher, NULL, key->key.bytes, iv->bytes,
-                           optype == CRYPT_ENCRYPT ? 1 : 0) ) 
-    ERRORDIE (TPM_FAIL);
-  
-  
-  
-  inlen = in->size;
-  
-  outlen  = 0;
-  running = 0;
-  
-  
-  if ( ! EVP_CipherUpdate (&key->context, out->bytes, &outlen, in->bytes, 
inlen) )
-    ERRORDIE (TPM_FAIL);
-
-  running += outlen;
-  
-  if ( ! EVP_CipherFinal_ex (&key->context, out->bytes + running, &outlen) )
-    ERRORDIE (TPM_FAIL);
-  
-  running += outlen;
-  
-  out->size = running;
-  
-  goto egress;
-  
- abort_egress:
- egress:
-  
-  return status;
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/crypto/sym_crypto.h
--- a/tools/vtpm_manager/crypto/sym_crypto.h    Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// sym_crypto.h
-// 
-//     Symmetric Crypto 
-// 
-// ==================================================================
-
-#ifndef _SYM_CRYPTO_H
-#define _SYM_CRYPTO_H
-
-#include <openssl/evp.h>
-#include "buffer.h"
-
-typedef struct symkey_t {
-  buffer_t key;
-  
-  EVP_CIPHER_CTX context;
-  const EVP_CIPHER * cipher;
-} symkey_t;
-
-extern const EVP_CIPHER * SYM_CIPHER;
-
-TPM_RESULT Crypto_symcrypto_genkey (symkey_t * key);
-
-TPM_RESULT Crypto_symcrypto_initkey (symkey_t * key, const buffer_t* keybits);
-
-
-// these functions will allocate their output buffers
-TPM_RESULT Crypto_symcrypto_encrypt (symkey_t* key,
-                              const buffer_t* clear,
-                              buffer_t* o_cipher);
-
-TPM_RESULT Crypto_symcrypto_decrypt (symkey_t* key,
-                              const buffer_t* cipher,
-                              buffer_t* o_clear);
-
-// only free the internal parts, not the 'key' ptr
-TPM_RESULT Crypto_symcrypto_freekey (symkey_t * key);
-
-#endif /* _SYM_CRYPTO_H */
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/Makefile
--- a/tools/vtpm_manager/manager/Makefile       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,38 +0,0 @@
-XEN_ROOT = $(CURDIR)/../../..
-include $(XEN_ROOT)/tools/vtpm_manager/Rules.mk
-
-BIN            = vtpm_managerd
-
-.PHONY: all
-all: build
-
-.PHONY: build
-build: $(BIN)
-
-.PHONY: install
-install: build
-       if [ ! -d "$(DESTDIR)/var/vtpm/fifos" ]; \
-               then mkdir -p $(DESTDIR)/var/vtpm/fifos; \
-       fi
-       if [ ! -d "$(DESTDIR)/var/vtpm/socks" ]; \
-               then mkdir -p $(DESTDIR)/var/vtpm/socks; \
-       fi
-       $(INSTALL_PROG) $(BIN) $(DESTDIR)$(BINDIR)
-
-.PHONY: clean
-clean:
-       rm -f $(BIN)
-       rm -f *.a *.so *.o *.rpm $(DEP_FILES)
-
-.PHONY: mrproper
-mrproper: clean
-       rm -f *~
-
-$(BIN): $(OBJS)
-       $(CC) $(LDFLAGS) $^ $(LIBS) -o $@
-
-# libraries
-LIBS += ../tcs/libTCS.a ../util/libTCGUtils.a ../crypto/libtcpaCrypto.a
-LIBS += -lcrypto $(PTHREAD_LIBS) -lm
-CFLAGS += $(PTHREAD_CFLAGS)
-LDFLAGS += $(PTHREAD_LDFLAGS)
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/dmictl.c
--- a/tools/vtpm_manager/manager/dmictl.c       Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,266 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-//   dmictl.c
-// 
-//     Functions for creating and destroying DMIs
-//
-// ==================================================================
-
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "vtpmpriv.h"
-#include "bsg.h"
-#include "buffer.h"
-#include "log.h"
-#include "hashtable.h"
-#include "hashtable_itr.h"
-#include "vtpm_ipc.h"
-
-#define TPM_EMULATOR_PATH "/usr/bin/vtpmd"
-
-// if dmi_res is non-null, then return a pointer to new object.
-// Also, this does not fill in the measurements. They should be filled by
-// design dependent code or saveNVM
-TPM_RESULT init_dmi(UINT32 dmi_id, BYTE dmi_type, VTPM_DMI_RESOURCE **dmi_res) 
{
-
-  TPM_RESULT status=TPM_SUCCESS;
-  VTPM_DMI_RESOURCE *new_dmi=NULL;
-  UINT32 *dmi_id_key=NULL;
-
-  if ((new_dmi = (VTPM_DMI_RESOURCE *) malloc (sizeof(VTPM_DMI_RESOURCE))) == 
NULL) {
-      status = TPM_RESOURCES;
-      goto abort_egress;
-  }
-  memset(new_dmi, 0, sizeof(VTPM_DMI_RESOURCE));
-  new_dmi->dmi_id = dmi_id;
-  new_dmi->dmi_type = dmi_type;
-  new_dmi->connected = FALSE;
-  new_dmi->TCSContext = 0;
-
-  new_dmi->NVMLocation = (char *) malloc(11 + strlen(DMI_NVM_FILE));
-  sprintf(new_dmi->NVMLocation, DMI_NVM_FILE, (uint32_t) new_dmi->dmi_id);
-
-  if ((dmi_id_key = (UINT32 *) malloc (sizeof(UINT32))) == NULL) {
-    status = TPM_RESOURCES;
-    goto abort_egress;
-  }
-  *dmi_id_key = new_dmi->dmi_id;
-
-  // install into map
-  if (!hashtable_insert(vtpm_globals->dmi_map, dmi_id_key, new_dmi)){
-    vtpmlogerror(VTPM_LOG_VTPM, "Failed to insert instance into table. 
Aborting.\n", dmi_id);
-    status = TPM_FAIL;
-    goto abort_egress;
-  }
-
-  if (dmi_res)
-    *dmi_res = new_dmi;
-
-  goto egress;
-
- abort_egress:
-  if (new_dmi) {
-    free(new_dmi->NVMLocation);
-    free(new_dmi);
-  }
-  free(dmi_id_key);
-
- egress:
-  return status;
-}
-
-TPM_RESULT close_dmi(VTPM_DMI_RESOURCE *dmi_res) {
-  if (dmi_res == NULL) 
-    return TPM_SUCCESS;
-
-  if (dmi_res->dmi_id == VTPM_CTL_DM) 
-    return(TPM_BAD_PARAMETER);
-
-  TCS_CloseContext(dmi_res->TCSContext);
-  dmi_res->connected = FALSE;
-
-  vtpm_globals->connected_dmis--;
-
-  return (VTPM_Close_DMI_Extra(dmi_res) );
-}
-       
-TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf) {
-  
-  VTPM_DMI_RESOURCE *new_dmi=NULL;
-  TPM_RESULT status=TPM_FAIL;
-  BYTE dmi_type, vm_type, startup_mode;
-  UINT32 dmi_id; 
-
-  if (param_buf == NULL) { // Assume creation of Dom 0 control
-    dmi_type = VTPM_TYPE_NON_MIGRATABLE;
-    dmi_id = VTPM_CTL_DM;
-  } else if (buffer_len(param_buf) != sizeof(BYTE) * 3  + sizeof(UINT32)) {
-    vtpmloginfo(VTPM_LOG_VTPM, "New DMI command wrong length: %d.\n", 
buffer_len(param_buf));
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  } else {
-    vtpm_globals->connected_dmis++; // Put this here so we don't count Dom0
-    BSG_UnpackList( param_buf->bytes, 4,
-                   BSG_TYPE_BYTE, &dmi_type,
-                   BSG_TYPE_BYTE, &startup_mode,
-                   BSG_TYPE_BYTE, &vm_type,
-                   BSG_TYPE_UINT32,  &dmi_id);
-  }
-
-  if ((dmi_type != VTPM_TYPE_NON_MIGRATABLE) && (dmi_type != 
VTPM_TYPE_MIGRATABLE)) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Creation of VTPM with illegal type.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  new_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, 
&dmi_id);
-  if (new_dmi == NULL) { 
-    vtpmloginfo(VTPM_LOG_VTPM, "Creating new DMI instance %d attached.\n", 
dmi_id );
-    // Brand New DMI. Initialize the persistent pieces
-    TPMTRYRETURN(init_dmi(dmi_id, dmi_type, &new_dmi) );  
-  } else 
-    vtpmloginfo(VTPM_LOG_VTPM, "Re-attaching DMI instance %d.\n", dmi_id);
-
-  if (new_dmi->connected) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Attempt to re-attach, currently attached 
instance %d. Ignoring\n", dmi_id);
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-  
-  if (new_dmi->dmi_type == VTPM_TYPE_MIGRATED) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Attempt to re-attach previously migrated 
instance %d without recovering first. Ignoring\n", dmi_id);
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  // Initialize the Non-persistent pieces
-  TPMTRYRETURN( TCS_OpenContext(&new_dmi->TCSContext) );
-  
-  new_dmi->connected = TRUE;  
-
-  // Design specific new DMI code. 
-  // Includes: create IPCs, Measuring DMI, and maybe launching DMI
-  TPMTRYRETURN(VTPM_New_DMI_Extra(new_dmi, vm_type, startup_mode) );
-  goto egress;
-  
- abort_egress:
-  vtpmlogerror(VTPM_LOG_VTPM, "Failed to create DMI id=%d due to status=%s. 
Cleaning.\n", dmi_id, tpm_get_error_name(status));
-  close_dmi(new_dmi );
-       
- egress:
-  return status;
-}
-
-TPM_RESULT VTPM_Handle_Close_DMI( const buffer_t *param_buf) {
-  
-  TPM_RESULT status=TPM_FAIL;
-  VTPM_DMI_RESOURCE *dmi_res=NULL;
-  UINT32 dmi_id;
-  
-  if ((param_buf == NULL) || (buffer_len(param_buf) != sizeof(UINT32)) ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Closing DMI has bad size.");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-  
-  BSG_UnpackList( param_buf->bytes, 1,
-                 BSG_TYPE_UINT32, &dmi_id);
-  
-  vtpmloginfo(VTPM_LOG_VTPM, "Closing DMI %d.\n", dmi_id);
-  
-  dmi_res = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, 
&dmi_id);
-  if (dmi_res == NULL ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Trying to close nonexistent DMI.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-       
-  if (!dmi_res->connected) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Closing non-connected DMI.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-  
-  // Close Dmi
-       TPMTRYRETURN(close_dmi( dmi_res ));
-  
-  status=TPM_SUCCESS;    
-  goto egress;
-  
- abort_egress:
- egress:
-  
-  return status;
-}
-
-TPM_RESULT VTPM_Handle_Delete_DMI( const buffer_t *param_buf) {
-  
-  TPM_RESULT status=TPM_FAIL;
-  VTPM_DMI_RESOURCE *dmi_res=NULL;
-  UINT32 dmi_id;
-    
-  if ((param_buf == NULL) || (buffer_len(param_buf) != sizeof(UINT32)) ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Closing DMI has bad size.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-  
-  BSG_UnpackList( param_buf->bytes, 1,
-                 BSG_TYPE_UINT32, &dmi_id);
-  
-  vtpmloginfo(VTPM_LOG_VTPM, "Deleting DMI %d.\n", dmi_id);    
-  
-  dmi_res = (VTPM_DMI_RESOURCE *) hashtable_remove(vtpm_globals->dmi_map, 
&dmi_id);
-  if (dmi_res == NULL) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Closing non-existent DMI.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-  
-  //vtpm scripts delete file dmi_res->NVMLocation for us
-  
-  // Close DMI first
-  TPMTRYRETURN(close_dmi( dmi_res ));
-  free ( dmi_res );
-       
-  status=TPM_SUCCESS;    
-  goto egress;
-  
- abort_egress:
- egress:
-  
-  return status;
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/migration.c
--- a/tools/vtpm_manager/manager/migration.c    Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,307 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-//   dmictl.c
-// 
-//     Functions for creating and destroying DMIs
-//
-// ==================================================================
-
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "vtpmpriv.h"
-#include "bsg.h"
-#include "buffer.h"
-#include "log.h"
-#include "hashtable.h"
-
-TPM_RESULT VTPM_Handle_Migrate_In( const buffer_t *param_buf,
-                                   buffer_t *result_buf) {
-
-  TPM_RESULT status=TPM_FAIL;
-  VTPM_DMI_RESOURCE *mig_dmi=NULL;
-  UINT32 dmi_id;
-  buffer_t dmi_state_abuf = NULL_BUF, enc_dmi_abuf = NULL_BUF, clear_dmi_blob 
= NULL_BUF;
-
-  if (param_buf == NULL) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Migration Out Failed due to bad 
parameter.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  struct pack_buf_t enc_dmi_state_pack;
-
-  BSG_UnpackList(param_buf->bytes, 2, 
-                 BSG_TYPE_UINT32, &dmi_id,
-                 BSG_TPM_SIZE32_DATA, &enc_dmi_state_pack) ;
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Migrating VTPM in dmi %d.\n", dmi_id);
-
-  mig_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, 
&dmi_id);
-  if (mig_dmi) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Incoming VTPM claims unavailable id: %d.\n", 
dmi_id);
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }    
-
-  /** UnBind Blob **/
-  TPMTRYRETURN( buffer_init_alias_convert( &enc_dmi_abuf, 
-                                           enc_dmi_state_pack.size, 
-                                           enc_dmi_state_pack.data) );
-
-  TPMTRYRETURN( envelope_decrypt( &enc_dmi_abuf,
-                                   vtpm_globals->manager_tcs_handle,
-                                   vtpm_globals->storageKeyHandle,
-                                   (const 
TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth,
-                                   &clear_dmi_blob) );
-
-  // Create new dmi
-  TPMTRYRETURN( init_dmi(dmi_id, VTPM_TYPE_MIGRATABLE, &mig_dmi ) ); 
-
-  /** Open Blob **/
-  struct pack_buf_t dmi_state_pack;
-
-  BSG_UnpackList(clear_dmi_blob.bytes, 2, 
-                 BSG_TPM_DIGEST, &mig_dmi->DMI_measurement,
-                 BSG_TPM_SIZE32_DATA, &dmi_state_pack);
-
-  TPMTRYRETURN( buffer_init_alias_convert(&dmi_state_abuf, 
-                                          dmi_state_pack.size, 
-                                          dmi_state_pack.data) ); 
-
-  TPMTRYRETURN( VTPM_Handle_Save_NVM(mig_dmi, &dmi_state_abuf, NULL ) );
-
-  status=TPM_SUCCESS;
-  goto egress;
-
- abort_egress:
-    vtpmlogerror(VTPM_LOG_VTPM, "VTPM Migration IN of instance %d failed 
because of %s.\n", dmi_id, tpm_get_error_name(status) );
-
- egress:
-  buffer_free(&clear_dmi_blob);
-  buffer_free(&dmi_state_abuf);
- 
-  return status;
-}
-
-TPM_RESULT VTPM_Handle_Migrate_Out( const buffer_t *param_buf,
-                                    buffer_t *result_buf) {
-
-  TPM_RESULT status=TPM_FAIL;
-  VTPM_DMI_RESOURCE *mig_dmi;
-  UINT32 dmi_id;
-  VTPM_MIGKEY_LIST *last_mig, *mig_key;
-  buffer_t dmi_state=NULL_BUF, clear_dmi_blob=NULL_BUF;
-
-  if (param_buf == NULL) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Migration Out Failed due to bad 
parameter.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  struct pack_buf_t name_pack;
-
-  BSG_UnpackList( param_buf->bytes, 2,
-                  BSG_TYPE_UINT32, &dmi_id,
-                  BSG_TPM_SIZE32_DATA, &name_pack);
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Migrating out dmi %d.\n", dmi_id);
-
-  mig_dmi = (VTPM_DMI_RESOURCE *) hashtable_search(vtpm_globals->dmi_map, 
&dmi_id);
-  if (mig_dmi == NULL) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Non-existent VTPM instance (%d) in 
migration.\n", dmi_id );
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  if (mig_dmi->dmi_type != VTPM_TYPE_MIGRATABLE) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Bad VTPM type (%d) in migration of instance 
(%d).\n", mig_dmi->dmi_type, dmi_id );
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  /** Find migration key for dest **/
-  last_mig = NULL;
-  mig_key = vtpm_globals->mig_keys;
-  while (mig_key != NULL) {
-    if (mig_key->name_size == name_pack.size)
-      if (memcmp(mig_key->name, name_pack.data, name_pack.size) == 0) {
-        break;
-      }
-    
-    last_mig = mig_key;
-    mig_key = mig_key->next;
-  }
-     
-  if (!mig_key) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Unknown Migration target host.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-
-  /** Mark vtpm as migrated **/
-  mig_dmi->dmi_type = VTPM_TYPE_MIGRATED;
-
-  /** Build Blob **/
-  TPMTRYRETURN( VTPM_Handle_Load_NVM(mig_dmi, NULL, &dmi_state) );
-
-  TPMTRYRETURN( buffer_init(&clear_dmi_blob, sizeof(TPM_DIGEST) + 
sizeof(UINT32) + buffer_len(&dmi_state), NULL ) ); 
-
-  struct pack_constbuf_t dmi_state_pack;
-
-  dmi_state_pack.size = buffer_len(&dmi_state);
-  dmi_state_pack.data = dmi_state.bytes;
-
-  BSG_PackList(clear_dmi_blob.bytes, 2, 
-               BSG_TPM_DIGEST, &mig_dmi->DMI_measurement,
-               BSG_TPM_SIZE32_DATA, &dmi_state_pack);
-
-  /** Bind Blob **/
-  TPMTRYRETURN( envelope_encrypt( &clear_dmi_blob,
-                                  &mig_key->key,
-                                  result_buf) );
-
-  if (last_mig)
-    last_mig->next = mig_key->next;
-  else 
-    vtpm_globals->mig_keys = mig_key->next;
-  
-  free(mig_key->name);
-  free(mig_key);
-
-  status=TPM_SUCCESS;
-  goto egress;
-
- abort_egress:
-    vtpmlogerror(VTPM_LOG_VTPM, "VTPM Migration OUT of instance %d failed 
because of %s. Migratoin recovery may be needed.\n", dmi_id, 
tpm_get_error_name(status) );
-
-    //TODO: Create and implement a policy for what happens to mig_key on 
failed migrations.
-
- egress:
-
-  buffer_free(&clear_dmi_blob);
-  buffer_free(&dmi_state);
-
-  return status;
-}
-
-
-TPM_RESULT VTPM_Handle_Get_Migration_key( const buffer_t *param_buf,
-                                          buffer_t *result_buf) {
-
-  TPM_RESULT status=TPM_FAIL;
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Getting Migration Public Key.\n");
-
-  struct pack_buf_t pubkey_exp_pack, pubkey_mod_pack;
-  TPM_KEY mig_key;
-
-  // Unpack/return key structure
-  BSG_Unpack(BSG_TPM_KEY, vtpm_globals->storageKeyWrap.bytes , &mig_key);
-  TPM_RSA_KEY_PARMS rsaKeyParms;
-
-  BSG_Unpack(BSG_TPM_RSA_KEY_PARMS,
-               mig_key.algorithmParms.parms,
-               &rsaKeyParms);
-
-  pubkey_exp_pack.size = rsaKeyParms.exponentSize;
-  pubkey_exp_pack.data = rsaKeyParms.exponent;
-  pubkey_mod_pack.size = mig_key.pubKey.keyLength;
-  pubkey_mod_pack.data = mig_key.pubKey.key;
-
-  TPMTRYRETURN( buffer_init( result_buf, 2*sizeof(UINT32) + 
-                                         pubkey_exp_pack.size + 
-                                         pubkey_mod_pack.size, NULL ) );
-
-  BSG_PackList( result_buf->bytes, 2,
-                  BSG_TPM_SIZE32_DATA, &pubkey_exp_pack,
-                  BSG_TPM_SIZE32_DATA, &pubkey_mod_pack);
-
-
-  status=TPM_SUCCESS;
-  goto egress;
-
- abort_egress:
-    vtpmlogerror(VTPM_LOG_VTPM, "VTPM Get Migration Key failed because of 
%s.\n", tpm_get_error_name(status) );
- egress:
-
-  return status;
-}
-
-TPM_RESULT VTPM_Handle_Load_Migration_key( const buffer_t *param_buf,
-                                           buffer_t *result_buf) {
-
-  TPM_RESULT status=TPM_FAIL;
-  VTPM_MIGKEY_LIST *mig_key;
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Loading Migration Public Key.\n");
-
-  //FIXME: Review all uses of unpacking pack_buf_t and ensure free.
-  //FIXME: Review all declarations/initializations of buffer_t that could have 
a goto that skips them and then tries to free them
-
-  struct pack_buf_t name_pack, pubkey_exp_pack, pubkey_mod_pack;
-
-  //FIXME: scan list and verify name is not already in the list
-
-  BSG_UnpackList( param_buf->bytes, 3,
-                  BSG_TPM_SIZE32_DATA, &name_pack,
-                  BSG_TPM_SIZE32_DATA, &pubkey_exp_pack,
-                  BSG_TPM_SIZE32_DATA, &pubkey_mod_pack);
-
-  //TODO: Maintain a persistent list for pub_keys.
-  //TODO: Verify pub_key is trusted
-
-  mig_key = (VTPM_MIGKEY_LIST *) malloc(sizeof(VTPM_MIGKEY_LIST));
-  memset(mig_key, 0, sizeof(VTPM_MIGKEY_LIST) );
-  mig_key->name_size = name_pack.size;
-  mig_key->name = name_pack.data;
-
-  mig_key->key.encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
-  Crypto_RSABuildCryptoInfoPublic( pubkey_exp_pack.size,
-                                   pubkey_exp_pack.data,
-                                   pubkey_mod_pack.size,
-                                   pubkey_mod_pack.data,
-                                   &mig_key->key);
-
-
-  mig_key->next = vtpm_globals->mig_keys;
-  vtpm_globals->mig_keys = mig_key;
-
-  // free(name_pack.data); Do not free. data is now part of mig_key.
-  free(pubkey_exp_pack.data);
-  free(pubkey_mod_pack.data);
-
-  return TPM_SUCCESS;
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/securestorage.c
--- a/tools/vtpm_manager/manager/securestorage.c        Tue Nov 13 10:46:59 
2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,512 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// securestorage.c
-// 
-//  Functions regarding securely storing DMI secrets.
-//
-// ==================================================================
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "tcg.h"
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "vtsp.h"
-#include "bsg.h"
-#include "crypto.h"
-#include "hashtable.h"
-#include "hashtable_itr.h"
-#include "buffer.h"
-#include "log.h"
-
-TPM_RESULT envelope_encrypt(const buffer_t     *inbuf,
-                            CRYPTO_INFO        *asymkey,
-                            buffer_t           *sealed_data) {
-  TPM_RESULT status = TPM_SUCCESS;
-  symkey_t    symkey;
-  buffer_t    data_cipher = NULL_BUF,
-              symkey_cipher = NULL_BUF;
-  
-  UINT32 i;
-  struct pack_constbuf_t symkey_cipher32, data_cipher32;
-  
-  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping Input[%d]: 0x", 
buffer_len(inbuf));
-  for (i=0; i< buffer_len(inbuf); i++)
-    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", inbuf->bytes[i]);
-  vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-  
-  // Generate a sym key and encrypt state with it
-  TPMTRY(TPM_ENCRYPT_ERROR, Crypto_symcrypto_genkey (&symkey) );
-  TPMTRY(TPM_ENCRYPT_ERROR, Crypto_symcrypto_encrypt (&symkey, inbuf, 
&data_cipher) );
-  
-  // Encrypt symmetric key
-  TPMTRYRETURN( VTSP_Bind(    asymkey, 
-                             &symkey.key, 
-                             &symkey_cipher) );
-  
-  // Create output blob: symkey_size + symkey_cipher + state_cipher_size + 
state_cipher
-  
-  symkey_cipher32.size = buffer_len(&symkey_cipher);
-  symkey_cipher32.data = symkey_cipher.bytes;
-  
-  data_cipher32.size = buffer_len(&data_cipher);
-  data_cipher32.data = data_cipher.bytes;
-  
-  TPMTRYRETURN( buffer_init(sealed_data, 2 * sizeof(UINT32) + 
symkey_cipher32.size + data_cipher32.size, NULL));
-  
-  BSG_PackList(sealed_data->bytes, 2,
-              BSG_TPM_SIZE32_DATA, &symkey_cipher32,
-              BSG_TPM_SIZE32_DATA, &data_cipher32);
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Saved %d bytes of E(symkey) + %d bytes of 
E(data)\n", buffer_len(&symkey_cipher), buffer_len(&data_cipher));
-
-  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping Output[%d]: 0x", 
buffer_len(sealed_data));
-  for (i=0; i< buffer_len(sealed_data); i++)
-    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", sealed_data->bytes[i]);
-  vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-
-  goto egress;
-
- abort_egress:
-  vtpmlogerror(VTPM_LOG_VTPM, "Failed to envelope encrypt\n.");
-  
- egress:
-  
-  buffer_free ( &data_cipher);
-  buffer_free ( &symkey_cipher);
-  Crypto_symcrypto_freekey (&symkey);
-  
-  return status;
-}
-
-TPM_RESULT envelope_decrypt(const buffer_t     *cipher,
-                            TCS_CONTEXT_HANDLE TCSContext,
-                           TPM_HANDLE         keyHandle,
-                           const TPM_AUTHDATA *key_usage_auth,
-                            buffer_t           *unsealed_data) {
-
-  TPM_RESULT status = TPM_SUCCESS;
-  symkey_t    symkey;
-  buffer_t    data_cipher = NULL_BUF, 
-              symkey_clear = NULL_BUF, 
-              symkey_cipher = NULL_BUF;
-  struct pack_buf_t symkey_cipher32, data_cipher32;
-  int i;
-
-  memset(&symkey, 0, sizeof(symkey_t));
-
-  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypt Input[%d]: 0x", 
buffer_len(cipher) );
-  for (i=0; i< buffer_len(cipher); i++)
-    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cipher->bytes[i]);
-  vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-  
-  BSG_UnpackList(cipher->bytes, 2,
-                BSG_TPM_SIZE32_DATA, &symkey_cipher32,
-                BSG_TPM_SIZE32_DATA, &data_cipher32);
-  
-  TPMTRYRETURN( buffer_init_alias_convert (&symkey_cipher, 
-                                          symkey_cipher32.size, 
-                                          symkey_cipher32.data) );
-  
-  TPMTRYRETURN( buffer_init_alias_convert (&data_cipher, 
-                                          data_cipher32.size, 
-                                          data_cipher32.data) );
-
-  // Decrypt Symmetric Key
-  TPMTRYRETURN( VTSP_Unbind(  TCSContext,
-                             keyHandle,
-                             &symkey_cipher,
-                             key_usage_auth,
-                             &symkey_clear,
-                             &(vtpm_globals->keyAuth) ) );
-  
-  // create symmetric key using saved bits
-  Crypto_symcrypto_initkey (&symkey, &symkey_clear);
-  
-  // Decrypt State
-  TPMTRY(TPM_DECRYPT_ERROR, Crypto_symcrypto_decrypt (&symkey, &data_cipher, 
unsealed_data) );
-
-  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypte Output[%d]: 0x", 
buffer_len(unsealed_data));
-  for (i=0; i< buffer_len(unsealed_data); i++)
-    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", unsealed_data->bytes[i]);
-  vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-  
-  goto egress;
-  
- abort_egress:
-  vtpmlogerror(VTPM_LOG_VTPM, "Failed to envelope decrypt data\n.");
-  
- egress:
-  buffer_free ( &data_cipher);
-  buffer_free ( &symkey_clear);
-  buffer_free ( &symkey_cipher);
-  Crypto_symcrypto_freekey (&symkey);
-  
-  return status;
-}
-
-TPM_RESULT VTPM_Handle_Save_NVM(VTPM_DMI_RESOURCE *myDMI, 
-                               const buffer_t *inbuf, 
-                               buffer_t *outbuf) {
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  int fh;
-  long bytes_written;
-  buffer_t sealed_NVM = NULL_BUF;
-  
-  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Saving %d bytes of NVM.\n", 
buffer_len(inbuf));
-
-  TPMTRYRETURN( envelope_encrypt(inbuf,
-                                 &vtpm_globals->storageKey,
-                                 &sealed_NVM) );
-                                 
-  // Write sealed blob off disk from NVMLocation
-  // TODO: How to properly return from these. Do we care if we return failure
-  //       after writing the file? We can't get the old one back.
-  // TODO: Backup old file and try and recover that way.
-  fh = open(myDMI->NVMLocation, O_WRONLY | O_CREAT | O_TRUNC, S_IREAD | 
S_IWRITE);
-  if ( (bytes_written = write(fh, sealed_NVM.bytes, buffer_len(&sealed_NVM) ) 
!= (long) buffer_len(&sealed_NVM))) {
-    vtpmlogerror(VTPM_LOG_VTPM, "We just overwrote a DMI_NVM and failed to 
finish. %ld/%ld bytes.\n", bytes_written, (long)buffer_len(&sealed_NVM));
-    status = TPM_IOERROR;
-    goto abort_egress;
-  }
-  close(fh);
-  
-  Crypto_SHA1Full (sealed_NVM.bytes, buffer_len(&sealed_NVM), (BYTE *) 
&myDMI->NVM_measurement);   
-  
-  goto egress;
-  
- abort_egress:
-  vtpmlogerror(VTPM_LOG_VTPM, "Failed to save NVM\n.");
-  
- egress:
-  buffer_free(&sealed_NVM);
-  return status;
-}
-
-
-/* Expected Params: inbuf = null, outbuf = sealed blob size, sealed blob.*/
-TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI_RESOURCE *myDMI, 
-                               const buffer_t    *inbuf, 
-                               buffer_t          *outbuf) {
-  
-  TPM_RESULT status = TPM_SUCCESS;
-
-  buffer_t sealed_NVM = NULL_BUF;
-  long fh_size;
-  int fh, stat_ret, i;
-  struct stat file_stat;
-  TPM_DIGEST sealedNVMHash;
-   
-  if (myDMI->NVMLocation == NULL) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Unable to load NVM because the file name 
NULL.\n");
-    status = TPM_AUTHFAIL;
-    goto abort_egress;
-  }
-  
-  //Read sealed blob off disk from NVMLocation
-  fh = open(myDMI->NVMLocation, O_RDONLY);
-  stat_ret = fstat(fh, &file_stat);
-  if (stat_ret == 0) 
-    fh_size = file_stat.st_size;
-  else {
-    status = TPM_IOERROR;
-    goto abort_egress;
-  }
-  
-  TPMTRYRETURN( buffer_init( &sealed_NVM, fh_size, NULL) );
-  if (read(fh, sealed_NVM.bytes, buffer_len(&sealed_NVM)) != fh_size) {
-    status = TPM_IOERROR;
-    goto abort_egress;
-  }
-  close(fh);
-  
-  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Load_NVMing[%d],\n", 
buffer_len(&sealed_NVM));
-  
-  Crypto_SHA1Full(sealed_NVM.bytes, buffer_len(&sealed_NVM), (BYTE *) 
&sealedNVMHash);    
-  
-  // Verify measurement of sealed blob.
-  if (memcmp(&sealedNVMHash, &myDMI->NVM_measurement, sizeof(TPM_DIGEST)) ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "VTPM LoadNVM NVM measurement check 
failed.\n");
-    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Correct hash: ");
-    for (i=0; i< sizeof(TPM_DIGEST); i++)
-      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", 
((BYTE*)&myDMI->NVM_measurement)[i]);
-    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-
-    vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Measured hash: ");
-    for (i=0; i< sizeof(TPM_DIGEST); i++)
-      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", ((BYTE*)&sealedNVMHash)[i]);
-    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-    
-    status = TPM_AUTHFAIL;
-    goto abort_egress;
-  }
-  
-  TPMTRYRETURN( envelope_decrypt(&sealed_NVM,
-                                 myDMI->TCSContext,
-                                vtpm_globals->storageKeyHandle,
-                                (const 
TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth,
-                                 outbuf) );  
-  goto egress;
-  
- abort_egress:
-  vtpmlogerror(VTPM_LOG_VTPM, "Failed to load NVM\n.");
-  
- egress:
-  buffer_free( &sealed_NVM );
-  
-  return status;
-}
-
-
-TPM_RESULT VTPM_SaveManagerData(void) {
-  TPM_RESULT status=TPM_SUCCESS;
-  int fh, dmis=-1;
-
-  BYTE *flat_boot_key=NULL, *flat_dmis=NULL, *flat_enc=NULL;
-  buffer_t clear_flat_global=NULL_BUF, enc_flat_global=NULL_BUF;
-  UINT32 storageKeySize = buffer_len(&vtpm_globals->storageKeyWrap);
-  UINT32 bootKeySize = buffer_len(&vtpm_globals->bootKeyWrap);
-  struct pack_buf_t storage_key_pack = {storageKeySize, 
vtpm_globals->storageKeyWrap.bytes};
-  struct pack_buf_t boot_key_pack = {bootKeySize, 
vtpm_globals->bootKeyWrap.bytes};
-  BYTE vtpm_manager_gen = VTPM_MANAGER_GEN;
-
-  struct hashtable_itr *dmi_itr;
-  VTPM_DMI_RESOURCE *dmi_res;
-
-  UINT32 boot_key_size = 0, flat_dmis_size = 0;
-
-  // Initially fill these with buffer sizes for each data type. Later fill
-  // in actual size, once flattened.
-  boot_key_size =  sizeof(UINT32) +       // bootkeysize
-                   bootKeySize;           // boot key
-
-  TPMTRYRETURN(buffer_init(&clear_flat_global,sizeof(BYTE) + // manager version
-                                              3*sizeof(TPM_DIGEST) + // Auths
-                                              sizeof(UINT32) +// storagekeysize
-                                              storageKeySize, NULL) ); // 
storage key
-
-
-  flat_boot_key = (BYTE *) malloc( boot_key_size );
-  flat_enc = (BYTE *) malloc( sizeof(UINT32) );
-
-  boot_key_size = BSG_PackList(flat_boot_key, 1,
-                               BSG_TPM_SIZE32_DATA, &boot_key_pack);
-
-  BSG_PackList(clear_flat_global.bytes, 4,
-                BSG_TYPE_BYTE,    &vtpm_manager_gen,
-                BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth,
-                BSG_TPM_SECRET,   &vtpm_globals->storage_key_usage_auth,
-                BSG_TPM_SIZE32_DATA, &storage_key_pack);
-
-  TPMTRYRETURN(envelope_encrypt(&clear_flat_global,
-                                &vtpm_globals->bootKey,
-                                &enc_flat_global) );
-
-  BSG_PackConst(buffer_len(&enc_flat_global), 4, flat_enc);
-
-  // Per DMI values to be saved (if any exit)
-  if (hashtable_count(vtpm_globals->dmi_map) > 1) {
-
-    flat_dmis = (BYTE *) malloc( 
-                     (hashtable_count(vtpm_globals->dmi_map) - 1) * // num 
DMIS (-1 for Dom0)
-                     (sizeof(UINT32) +sizeof(BYTE) + 2*sizeof(TPM_DIGEST)) ); 
// Per DMI info
-
-    dmi_itr = hashtable_iterator(vtpm_globals->dmi_map);
-    do {
-      dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr);
-      dmis++;
-
-      // No need to save dmi0.
-      if (dmi_res->dmi_id == 0)
-        continue;
-
-
-      flat_dmis_size += BSG_PackList( flat_dmis + flat_dmis_size, 4,
-                                        BSG_TYPE_UINT32, &dmi_res->dmi_id,
-                                        BSG_TYPE_BYTE, &dmi_res->dmi_type,
-                                        BSG_TPM_DIGEST, 
&dmi_res->NVM_measurement,
-                                        BSG_TPM_DIGEST, 
&dmi_res->DMI_measurement);
-
-    } while (hashtable_iterator_advance(dmi_itr));
-  }
-
-  fh = open(STATE_FILE, O_WRONLY | O_CREAT, S_IREAD | S_IWRITE);
-  if (fh == -1) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Unable to open %s file for write.\n", 
STATE_FILE);
-    status = TPM_IOERROR;
-    goto abort_egress;
-  }
-
-  if ( ( write(fh, flat_boot_key, boot_key_size) != boot_key_size ) ||
-       ( write(fh, flat_enc, sizeof(UINT32)) != sizeof(UINT32) ) ||
-       ( write(fh, enc_flat_global.bytes, buffer_len(&enc_flat_global)) != 
buffer_len(&enc_flat_global) ) ||
-       ( write(fh, flat_dmis, flat_dmis_size) != flat_dmis_size ) ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Failed to completely write service data.\n");
-    status = TPM_IOERROR;
-    goto abort_egress;
- }
-
-  goto egress;
-
- abort_egress:
- egress:
-
-  free(flat_boot_key);
-  free(flat_enc);
-  buffer_free(&enc_flat_global);
-  free(flat_dmis);
-  close(fh);
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Saved VTPM Manager state (status = %d, dmis = 
%d)\n", (int) status, dmis);
-  return status;
-}
-
-TPM_RESULT VTPM_LoadManagerData(void) {
-
-  TPM_RESULT status=TPM_SUCCESS;
-  int fh, stat_ret, dmis=0;
-  long fh_size = 0, step_size;
-  BYTE *flat_table=NULL;
-  buffer_t  unsealed_data, enc_table_abuf;
-  struct pack_buf_t storage_key_pack, boot_key_pack;
-  UINT32 *dmi_id_key, enc_size;
-  BYTE vtpm_manager_gen;
-
-  VTPM_DMI_RESOURCE *dmi_res;
-  UINT32 dmi_id;
-  BYTE dmi_type;
-  struct stat file_stat;
-
-  TPM_HANDLE boot_key_handle;
-  TPM_AUTHDATA boot_usage_auth;
-  memset(&boot_usage_auth, 0, sizeof(TPM_AUTHDATA));
-
-  fh = open(STATE_FILE, O_RDONLY );
-  stat_ret = fstat(fh, &file_stat);
-  if (stat_ret == 0)
-    fh_size = file_stat.st_size;
-  else {
-    status = TPM_IOERROR;
-    goto abort_egress;
-  }
-
-  flat_table = (BYTE *) malloc(fh_size);
-
-  if ((long) read(fh, flat_table, fh_size) != fh_size ) {
-    status = TPM_IOERROR;
-    goto abort_egress;
-  }
-
-  // Read Boot Key
-  step_size = BSG_UnpackList( flat_table, 2,
-                              BSG_TPM_SIZE32_DATA, &boot_key_pack,
-                              BSG_TYPE_UINT32, &enc_size);
-
-  TPMTRYRETURN(buffer_init(&vtpm_globals->bootKeyWrap, 0, 0) );
-  TPMTRYRETURN(buffer_init_alias_convert(&enc_table_abuf, enc_size, flat_table 
+ step_size) );
-  TPMTRYRETURN(buffer_append_raw(&vtpm_globals->bootKeyWrap, 
boot_key_pack.size, boot_key_pack.data) );
-
-  //Load Boot Key
-  TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
-                              TPM_SRK_KEYHANDLE,
-                              &vtpm_globals->bootKeyWrap,
-                              &SRK_AUTH,
-                              &boot_key_handle,
-                              &vtpm_globals->keyAuth,
-                              &vtpm_globals->bootKey,
-                              FALSE) );
-
-  TPMTRYRETURN( envelope_decrypt(&enc_table_abuf,
-                                 vtpm_globals->manager_tcs_handle,
-                                 boot_key_handle,
-                                 (const TPM_AUTHDATA*) &boot_usage_auth,
-                                 &unsealed_data) );
-  step_size += enc_size;
-
-  if (*unsealed_data.bytes != VTPM_MANAGER_GEN) {
-      // Once there is more than one gen, this will include some compatability 
stuff
-      vtpmlogerror(VTPM_LOG_VTPM, "Warning: Manager Data file is gen %d, which 
this manager is gen %d.\n", vtpm_manager_gen, VTPM_MANAGER_GEN);
-  }
-
-  // Global Values needing to be saved
-  BSG_UnpackList( unsealed_data.bytes, 4,
-                  BSG_TYPE_BYTE,    &vtpm_manager_gen, 
-                  BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth,
-                  BSG_TPM_SECRET,   &vtpm_globals->storage_key_usage_auth,
-                  BSG_TPM_SIZE32_DATA, &storage_key_pack);
-
-  TPMTRYRETURN(buffer_init(&vtpm_globals->storageKeyWrap, 0, 0) );
-  TPMTRYRETURN(buffer_append_raw(&vtpm_globals->storageKeyWrap, 
storage_key_pack.size, storage_key_pack.data) );
-
-  // Per DMI values to be saved
-  while ( step_size < fh_size ){
-    if (fh_size - step_size < (long) (sizeof(UINT32) + sizeof(BYTE) + 
2*sizeof(TPM_DIGEST))) {
-      vtpmlogerror(VTPM_LOG_VTPM, "Encountered %ld extra bytes at end of 
manager state.\n", fh_size-step_size);
-      step_size = fh_size;
-    } else {
-      step_size += BSG_UnpackList(flat_table + step_size, 2,
-                                 BSG_TYPE_UINT32, &dmi_id,
-                                 BSG_TYPE_BYTE, &dmi_type);
-
-      //TODO: Try and gracefully recover from problems.
-      TPMTRYRETURN(init_dmi(dmi_id, dmi_type, &dmi_res) );
-      dmis++;
-
-      step_size += BSG_UnpackList(flat_table + step_size, 2,
-                                 BSG_TPM_DIGEST, &dmi_res->NVM_measurement,
-                                 BSG_TPM_DIGEST, &dmi_res->DMI_measurement);
-    }
-
-  }
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Loaded saved state (dmis = %d).\n", dmis);
-  goto egress;
-
- abort_egress:
-  vtpmlogerror(VTPM_LOG_VTPM, "Failed to load service data with error = %s\n", 
tpm_get_error_name(status));
- egress:
-
-  free(flat_table);
-  close(fh);
-
-  // TODO: Could be nice and evict BootKey. (Need to add EvictKey to VTSP.
-
-  return status;
-}
-
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/tpmpassthrough.c
--- a/tools/vtpm_manager/manager/tpmpassthrough.c       Tue Nov 13 10:46:59 
2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// tpmpassthrough.c
-// 
-//  Functions regarding passing DMI requests to HWTPM
-//
-// ==================================================================
-
-#include "tcg.h"
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "vtsp.h"
-#include "log.h"
-
-TPM_RESULT VTPM_Handle_TPM_Command( VTPM_DMI_RESOURCE *dmi,
-                                   buffer_t *inbuf,  
-                                   buffer_t *outbuf) {
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE *ord;               
-  
-  ord = (TPM_COMMAND_CODE *) (inbuf->bytes + sizeof(TPM_TAG) + sizeof(UINT32));
-  
-  switch (*ord) {
-    
-    // Forbidden for DMI use
-  case TPM_ORD_TakeOwnership:
-  case TPM_ORD_ChangeAuthOwner:
-  case TPM_ORD_DirWriteAuth:
-  case TPM_ORD_DirRead:
-  case TPM_ORD_AuthorizeMigrationKey:
-  case TPM_ORD_CreateMaintenanceArchive:
-  case TPM_ORD_LoadMaintenanceArchive:
-  case TPM_ORD_KillMaintenanceFeature:
-  case TPM_ORD_LoadManuMaintPub:
-  case TPM_ORD_ReadManuMaintPub:
-  case TPM_ORD_SelfTestFull:
-  case TPM_ORD_SelfTestStartup:
-  case TPM_ORD_CertifySelfTest:
-  case TPM_ORD_ContinueSelfTest:
-  case TPM_ORD_GetTestResult:
-  case TPM_ORD_Reset:
-  case TPM_ORD_OwnerClear:
-  case TPM_ORD_DisableOwnerClear:
-  case TPM_ORD_ForceClear:
-  case TPM_ORD_DisableForceClear:
-  case TPM_ORD_GetCapabilityOwner:
-  case TPM_ORD_OwnerSetDisable:
-  case TPM_ORD_PhysicalEnable:
-  case TPM_ORD_PhysicalDisable:
-  case TPM_ORD_SetOwnerInstall:
-  case TPM_ORD_PhysicalSetDeactivated:
-  case TPM_ORD_SetTempDeactivated:
-  case TPM_ORD_CreateEndorsementKeyPair:
-  case TPM_ORD_GetAuditEvent:
-  case TPM_ORD_GetAuditEventSigned:
-  case TPM_ORD_GetOrdinalAuditStatus:
-  case TPM_ORD_SetOrdinalAuditStatus:
-  case TPM_ORD_SetRedirection:
-  case TPM_ORD_FieldUpgrade:
-  case TSC_ORD_PhysicalPresence:
-    status = TPM_DISABLED_CMD;
-    goto abort_egress;
-    break;
-    
-  } // End ORD Switch
-  
-  // Call TCS with command
-  
-  TPMTRY(TPM_IOERROR, VTSP_RawTransmit( dmi->TCSContext,inbuf, outbuf) );
-  
-  goto egress;
-  
- abort_egress:
-  vtpmloginfo(VTPM_LOG_VTPM, "TPM Command Failed in tpmpassthrough.\n");
- egress:
-  
-  return status;
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpm_ipc.c
--- a/tools/vtpm_manager/manager/vtpm_ipc.c     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,141 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpm_ipc.c Implements ipc routines using file io. This file can
-// be replaced with other ipc types.
-//
-// ===================================================================
-
-#include <sys/stat.h>
-#include "vtpm_ipc.h"
-#include "vtpmpriv.h"
-#include "log.h"
-
-int vtpm_ipc_init(vtpm_ipc_handle_t *ipc_h, char* name, int flags, BOOL 
create) {
-  ipc_h->name = name;
-  ipc_h->flags = flags;
-  ipc_h->fh = VTPM_IPC_CLOSED;
-
-  if (create)
-    return(vtpm_ipc_create(ipc_h));
-  else
-    return 0;
-}
-
-// Create the file that needs opening. Used only for FIFOs
-// FYI: This may cause problems in other file IO schemes. We'll see.
-int vtpm_ipc_create(vtpm_ipc_handle_t *ipc_h) {
-  int fh;
-  struct stat file_info;
-
-  if ((!ipc_h) || (!ipc_h->name))
-    return -1;
-
-  if ( stat(ipc_h->name, &file_info) == -1) {
-    if ( mkfifo(ipc_h->name, S_IWUSR | S_IRUSR ) ) {
-      vtpmlogerror(VTPM_LOG_VTPM, "Failed to create fifo %s.\n", ipc_h->name);
-      return -1;
-    }
-  }
-
-  ipc_h->fh = VTPM_IPC_CLOSED;
-
-  return 0;
-}
-
-
-// Read size bytes. If FH isn't open, open it.
-int vtpm_ipc_read(vtpm_ipc_handle_t *ipc_h, vtpm_ipc_handle_t *alt_ipc_h, BYTE 
*bytes, UINT32 size){
-  vtpm_ipc_handle_t *my_ipc_h;
-  int result;
-  
-  if (ipc_h) {
-    my_ipc_h = ipc_h;
-  } else {
-    my_ipc_h = alt_ipc_h;
-  }
-  
-  if (my_ipc_h->fh == VTPM_IPC_CLOSED) {   
-    my_ipc_h->fh = open(my_ipc_h->name, my_ipc_h->flags);
-  }
-
-  if ( my_ipc_h->fh == VTPM_IPC_CLOSED ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "VTPM ERROR: Can't open %s for reading.\n", 
my_ipc_h->name);
-    return -1;
-  }
-
-  result = read(my_ipc_h->fh, bytes, size);
-  if (result < 0) {
-    my_ipc_h->fh = VTPM_IPC_CLOSED;
-  }
-
-  return (result);
-}
-
-// Write size bytes. If FH isn't open, open it.
-int vtpm_ipc_write(vtpm_ipc_handle_t *ipc_h, vtpm_ipc_handle_t *alt_ipc_h, 
BYTE *bytes, UINT32 size) {
-  vtpm_ipc_handle_t *my_ipc_h;
-  int result;
-
-  if (ipc_h) {
-    my_ipc_h = ipc_h;
-  } else {
-    my_ipc_h = alt_ipc_h;
-  }
-
-  if (my_ipc_h->fh == VTPM_IPC_CLOSED) {
-    my_ipc_h->fh = open(my_ipc_h->name, my_ipc_h->flags);
-  }
-
-  if ( my_ipc_h->fh == VTPM_IPC_CLOSED ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "VTPM ERROR: Can't open %s for writing.\n", 
my_ipc_h->name);
-    return -1;
-  }
-
-  result = write(my_ipc_h->fh, bytes, size);
-  if (result < 0) {
-    my_ipc_h->fh = VTPM_IPC_CLOSED;
-  }
-
-  return (result);
-}
-
-// Mark file as closed and try and close it. Errors not reported.
-void vtpm_ipc_close(vtpm_ipc_handle_t *ipc_h) {
-
-  if (ipc_h) {
-    close(ipc_h->fh);
-    ipc_h->fh = VTPM_IPC_CLOSED;
-  }
-
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpm_ipc.h
--- a/tools/vtpm_manager/manager/vtpm_ipc.h     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above
-//     copyright notice, this list of conditions and the following
-//     disclaimer in the documentation and/or other materials provided
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpm_ipc.h Header for interprocess communication between VTPM manager
-// and Guests or VTPMs
-//
-// ===================================================================
-
-#ifndef __VTPM_IO_H__
-#define __VTPM_IO_H__
-
-#include "tcg.h"
-
-#define VTPM_IPC_CLOSED -1
-
-// Represents an (somewhat) abstracted io handle.
-typedef struct vtpm_ipc_handle_t {
-  int fh;              // IO handle.
-  int flags;           // Flags for opening. This may need to become
-                       // a void *, but for now files use an int.
-  char *name;          // Names for debugging as well as filenames
-                       // for file-based io.
-} vtpm_ipc_handle_t;
-
-
-int vtpm_ipc_init(vtpm_ipc_handle_t *ioh, char* name, int flags, BOOL create);
-
-// Create the file that needs opening. Used only for FIFOs
-// FYI: This may cause problems in other file IO schemes. We'll see.
-int vtpm_ipc_create(vtpm_ipc_handle_t *ioh);
-
-// Read size bytes. If FH isn't open, open it.
-int vtpm_ipc_read(vtpm_ipc_handle_t *ioh, vtpm_ipc_handle_t *alt_ioh, BYTE 
*bytes, UINT32 size);
-
-// Write size bytes. If FH isn't open, open it.
-int vtpm_ipc_write(vtpm_ipc_handle_t *ioh, vtpm_ipc_handle_t *alt_ioh, BYTE 
*bytes, UINT32 size);
-
-// Mark file as closed and try and close it. Errors not reported.
-void vtpm_ipc_close(vtpm_ipc_handle_t *ioh);
-
-#endif
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpm_lock.c
--- a/tools/vtpm_manager/manager/vtpm_lock.c    Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above
-//     copyright notice, this list of conditions and the following
-//     disclaimer in the documentation and/or other materials provided
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpm_lock.c Provided controlled sync around access to vtpm structures
-//
-// ===================================================================
-
-#include <pthread.h>
-#include "vtpm_lock.h"
-
-static pthread_rwlock_t vtpm_lock;
-
-void vtpm_lock_init() {
-
-  pthread_rwlock_init( &vtpm_lock, NULL);
-}
-
-void vtpm_lock_destroy(){
-  pthread_rwlock_destroy(&vtpm_lock);
-}
-
-void vtpm_lock_rdlock(){
-  pthread_rwlock_rdlock(&vtpm_lock);
-}
-
-void vtpm_lock_wrlock(){
-  pthread_rwlock_wrlock(&vtpm_lock);
-}
-
-void vtpm_lock_unlock(){
-  pthread_rwlock_unlock(&vtpm_lock);
-}
-
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpm_lock.h
--- a/tools/vtpm_manager/manager/vtpm_lock.h    Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-// ===================================================================
-//
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above
-//     copyright notice, this list of conditions and the following
-//     disclaimer in the documentation and/or other materials provided
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-//
-// vtpm_lock.h Provided controlled sync around access to vtpm structures
-//
-// ===================================================================
-
-#ifndef __VTPM_LOCK_H__
-#define __VTPM_LOCK_H__
-
-void vtpm_lock_init();
-void vtpm_lock_destroy();
-
-void vtpm_lock_rdlock();
-void vtpm_lock_wrlock();
-void vtpm_lock_unlock();
-
-#endif
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpm_manager.c
--- a/tools/vtpm_manager/manager/vtpm_manager.c Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,285 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// vtpm_manager.c
-// 
-//  This file will house the main logic of the VTPM Manager
-//
-// ==================================================================
-
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "vtsp.h"
-#include "bsg.h"
-#include "hashtable.h"
-#include "hashtable_itr.h"
-
-#include "log.h"
-#include "buffer.h"
-
-VTPM_GLOBALS *vtpm_globals=NULL;
-
-// --------------------------- Well Known Auths --------------------------
-const TPM_AUTHDATA SRK_AUTH = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
0xff, 0xff,
-                                  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
0xff, 0xff, 0xff};
-
-#ifdef WELL_KNOWN_OWNER_AUTH
-static BYTE FIXED_OWNER_AUTH[20] =  {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
0xff, 0xff, 0xff,
-                                  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 
0xff, 0xff, 0xff};
-#endif
-
-
-// -------------------------- Hash table functions --------------------
-
-static unsigned int hashfunc32(void *ky) {
-  return (* (UINT32 *) ky);
-}
-
-static int equals32(void *k1, void *k2) {
-  return (*(UINT32 *) k1 == *(UINT32 *) k2);
-}
-
-// --------------------------- Functions ------------------------------
-
-TPM_RESULT VTPM_Create_Manager(){
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  
-  // Generate Auth for Owner
-#ifdef WELL_KNOWN_OWNER_AUTH 
-  memcpy(vtpm_globals->owner_usage_auth, FIXED_OWNER_AUTH, 
sizeof(TPM_AUTHDATA));
-#else    
-  Crypto_GetRandom(vtpm_globals->owner_usage_auth, sizeof(TPM_AUTHDATA) );
-#endif
-
-  // Take Owership of TPM
-  CRYPTO_INFO ek_cryptoInfo;
-  
-  status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, &ek_cryptoInfo);
-  
-  // If we can read PubEK then there is no owner and we should take it.
-  // We use the abilty to read the pubEK to flag that the TPM is owned.
-  // FIXME: Change to just trying to take ownership and react to the status
-  if (status == TPM_SUCCESS) { 
-    TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
-                                   (const 
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, 
-                                   &SRK_AUTH,
-                                   &ek_cryptoInfo,
-                                   &vtpm_globals->keyAuth)); 
-  
-    TPMTRYRETURN(VTSP_DisablePubekRead(vtpm_globals->manager_tcs_handle,
-                                       (const 
TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth,  
-                                       &vtpm_globals->keyAuth));     
-  } else {
-    vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an owner. 
Creating Keys off existing SRK.\n");
-  }
-  
-  // Generate storage key's auth
-  Crypto_GetRandom(  &vtpm_globals->storage_key_usage_auth, 
-                    sizeof(TPM_AUTHDATA) );
-  
-  TCS_AUTH osap;
-  TPM_AUTHDATA sharedsecret;
-  
-  TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle,
-                         TPM_ET_KEYHANDLE,
-                         TPM_SRK_KEYHANDLE, 
-                         &SRK_AUTH,
-                         &sharedsecret, 
-                         &osap) ); 
-
-  osap.fContinueAuthSession = FALSE;
- 
- 
-  TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle,
-                                   TPM_KEY_BIND,
-                                   (const 
TPM_AUTHDATA*)&vtpm_globals->storage_key_usage_auth,
-                                   TPM_SRK_KEYHANDLE, 
-                                   (const TPM_AUTHDATA*)&sharedsecret,
-                                   &vtpm_globals->storageKeyWrap,
-                                   &osap) );
-  
-  // Generate boot key's auth
-  TPM_AUTHDATA bootKeyWrapAuth;
-  memset(&bootKeyWrapAuth, 0, sizeof(bootKeyWrapAuth));
-  
-  TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle,
-                         TPM_ET_KEYHANDLE,
-                         TPM_SRK_KEYHANDLE, 
-                         &SRK_AUTH,
-                         &sharedsecret, 
-                         &osap) ); 
-
-  osap.fContinueAuthSession = FALSE;
- 
-  // FIXME: This key protects the global secrets on disk. It should use TPM
-  //        PCR bindings to limit its use to legit configurations.
-  //        Current binds are open, implying a Trusted VM contains this code.
-  //        If this VM is not Trusted, use measurement and PCR bindings.
-  TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle,
-                                   TPM_KEY_BIND,
-                                   (const TPM_AUTHDATA*)&bootKeyWrapAuth,
-                                   TPM_SRK_KEYHANDLE, 
-                                   (const TPM_AUTHDATA*)&sharedsecret,
-                                   &vtpm_globals->bootKeyWrap,
-                                   &osap) );
-
-  // Populate CRYPTO_INFO vtpm_globals->bootKey. This does not load it into 
the TPM
-  TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
-                              TPM_SRK_KEYHANDLE,
-                              &vtpm_globals->bootKeyWrap,
-                              NULL,
-                              NULL,
-                              NULL,
-                              &vtpm_globals->bootKey,
-                              TRUE ) );
-
-  TPMTRYRETURN( VTSP_SaveState(vtpm_globals->manager_tcs_handle) );
-  goto egress;
-  
- abort_egress:
-  exit(1);
-  
- egress:
-  vtpmloginfo(VTPM_LOG_VTPM, "Finished initialized new VTPM manager (Status = 
%d).\n", status);
-  return status;
-  
-}
-
-///////////////////////////////////////////////////////////////////////////////
-TPM_RESULT VTPM_Init_Manager() {
-  TPM_RESULT status = TPM_FAIL, serviceStatus;   
-  BYTE *randomsead;
-  UINT32 randomsize=256;
-
-  if ((vtpm_globals = (VTPM_GLOBALS *) malloc(sizeof(VTPM_GLOBALS))) == NULL){
-    status = TPM_FAIL;
-    goto abort_egress;
-  }
-  memset(vtpm_globals, 0, sizeof(VTPM_GLOBALS));
-
-  vtpm_globals->connected_dmis = 0;
-
-  if ((vtpm_globals->dmi_map = create_hashtable(10, hashfunc32, equals32)) == 
NULL){
-    status = TPM_FAIL;
-    goto abort_egress;
-  }
-  
-  // Create new TCS Object
-  vtpm_globals->manager_tcs_handle = 0;
- 
-  TPMTRYRETURN(TCS_create());
-  
-  // Create TCS Context for service
-  TPMTRYRETURN( TCS_OpenContext(&vtpm_globals->manager_tcs_handle ) );
-
-  TPMTRYRETURN( TCSP_GetRandom(vtpm_globals->manager_tcs_handle, 
-                              &randomsize, 
-                              &randomsead));
-  
-  Crypto_Init(randomsead, randomsize);
-  TPMTRYRETURN( TCS_FreeMemory (vtpm_globals->manager_tcs_handle, 
randomsead)); 
-       
-  // Create OIAP session for service's authorized commands
-  TPMTRYRETURN( VTSP_OIAP( vtpm_globals->manager_tcs_handle, 
-                          &vtpm_globals->keyAuth) );
-  vtpm_globals->keyAuth.fContinueAuthSession = TRUE;
-
-  vtpm_globals->mig_keys = NULL;
-
-  // If fails, create new Manager.
-  serviceStatus = VTPM_LoadManagerData();
-  if (serviceStatus == TPM_IOERROR) {
-    vtpmloginfo(VTPM_LOG_VTPM, "Failed to read manager file. Assuming first 
time initialization.\n");
-    TPMTRYRETURN( VTPM_Create_Manager() );    
-    TPMTRYRETURN( VTPM_SaveManagerData() );
-  } else if (serviceStatus != TPM_SUCCESS) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Failed to read existing manager file");
-    exit(1);
-  }
-
-  //Load Storage Key 
-  TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
-                             TPM_SRK_KEYHANDLE,
-                             &vtpm_globals->storageKeyWrap,
-                             &SRK_AUTH,
-                             &vtpm_globals->storageKeyHandle,
-                             &vtpm_globals->keyAuth,
-                             &vtpm_globals->storageKey,
-                              FALSE ) );
-
-  // Create entry for Dom0 for control messages
-  TPMTRYRETURN( VTPM_Handle_New_DMI(NULL) );
-  
-  goto egress;
-  
- abort_egress:
- egress:
-  
-  return(status);
-}
-
-///////////////////////////////////////////////////////////////////////////////
 
-void VTPM_Stop_Manager() {
-  VTPM_DMI_RESOURCE *dmi_res;
-  struct hashtable_itr *dmi_itr;
-  
-  // Close all the TCS contexts. TCS should evict keys based on this
-  if (hashtable_count(vtpm_globals->dmi_map) > 0) {
-    dmi_itr = hashtable_iterator(vtpm_globals->dmi_map);
-    do {
-      dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr);
-      if (dmi_res->connected) 
-       close_dmi( dmi_res ); // Not really interested in return code
-      
-    } while (hashtable_iterator_advance(dmi_itr));
-               free (dmi_itr);
-  }
-  
-  if ( VTPM_SaveManagerData() != TPM_SUCCESS ) 
-    vtpmlogerror(VTPM_LOG_VTPM, "Unable to save manager data.\n");
-
-  TCS_CloseContext(vtpm_globals->manager_tcs_handle);
-  TCS_destroy();
-  
-  hashtable_destroy(vtpm_globals->dmi_map, 1);
-  free(vtpm_globals);
-  
-  Crypto_Exit();
-       
-  vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n");
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpm_manager.h
--- a/tools/vtpm_manager/manager/vtpm_manager.h Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,150 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// vtpm_manager.h
-// 
-//  Public Interface header for VTPM Manager
-//
-// ==================================================================
-
-#ifndef __VTPM_MANAGER_H__
-#define __VTPM_MANAGER_H__
-
-#define VTPM_TAG_REQ 0x01c1
-#define VTPM_TAG_RSP 0x01c4
-#define COMMAND_BUFFER_SIZE 4096
-
-// Header sizes. Note Header MAY include the DMI
-#define VTPM_COMMAND_HEADER_SIZE_CLT ( 2 + 4 + 4)
-//                    sizeof(TPM_TAG + UINT32 + TPM_COMMAND_CODE)
-#define VTPM_COMMAND_HEADER_SIZE_SRV ( 4 + VTPM_COMMAND_HEADER_SIZE_CLT )
-//                    sizeof( UINT32 + VTPM_COMMAND_HEADER_SIZE_CLT)
-
-//************************ Command Codes ****************************
-#define VTPM_ORD_BASE       0x0000
-#define VTPM_PRIV_MASK      0x01000000 // Priviledged VTPM Command
-#define VTPM_PRIV_BASE      (VTPM_ORD_BASE | VTPM_PRIV_MASK)
-
-// Non-priviledged VTPM Commands (From DMI's)
-#define VTPM_ORD_SAVENVM      (VTPM_ORD_BASE + 1) // DMI Saves Secrets
-#define VTPM_ORD_LOADNVM      (VTPM_ORD_BASE + 2) // DMI Loads Secrets
-#define VTPM_ORD_TPMCOMMAND   (VTPM_ORD_BASE + 3) // DMI issues HW TPM Command
-#define VTPM_ORD_GET_MIG_KEY  (VTPM_ORD_BASE + 4) // Get manager's migration 
key
-#define VTPM_ORD_LOAD_MIG_KEY (VTPM_ORD_BASE + 5) // load dest migration key 
-
-// Priviledged VTPM Commands (From management console)
-#define VTPM_ORD_OPEN         (VTPM_PRIV_BASE + 1) // Creates/reopens DMI
-#define VTPM_ORD_CLOSE        (VTPM_PRIV_BASE + 2) // Closes a DMI
-#define VTPM_ORD_DELETE       (VTPM_PRIV_BASE + 3) // Permemently Deletes DMI
-#define VTPM_ORD_MIGRATE_IN   (VTPM_PRIV_BASE + 4) // Load migrated VTPM
-#define VTPM_ORD_MIGRATE_OUT  (VTPM_PRIV_BASE + 5) // migrate VTPM to dest 
-
-//************************ Return Codes ****************************
-#define VTPM_TYPE_PVM 1 // Paravirtualized Domain
-#define VTPM_TYPE_HVM 2 // HVM Domain
-
-//************************ Return Codes ****************************
-#define VTPM_SUCCESS               0
-#define VTPM_FAIL                  1
-#define VTPM_UNSUPPORTED           2
-#define VTPM_FORBIDDEN             3
-#define VTPM_RESTORE_CONTEXT_FAILED    4
-#define VTPM_INVALID_REQUEST       5
-
-//*********************** Parameter Values *************************
-#define VTPM_TYPE_NON_MIGRATABLE  0x00
-#define VTPM_TYPE_MIGRATABLE      0x01
-#define VTPM_TYPE_MIGRATED        0xFF // VTPM has been migrated.
-                                       // VTPM can be recovered or deleted only
-
-/******************* Command Parameter API *************************
-
-VTPM Command Format
-  dmi: 4 bytes                  // Source of message. 
-                                // WARNING: This is prepended by the channel. 
-                                // Thus it is received by VTPM Manager, 
-                                // but not sent by DMI
-  tpm tag: 2 bytes
-  command size: 4 bytes         // Size of command including header but not DMI
-  ord: 4 bytes                  // Command ordinal above
-  parameters: size - 10 bytes   // Command Parameter
-
-VTPM Response Format
-  tpm tag: 2 bytes
-  response_size: 4 bytes
-  status: 4 bytes         
-  parameters: size - 10 bytes
-
-
-VTPM_Open:
-  Input Parameters:
-    mig_type: 1 byte 
-    startup_mode: 1 byte // Cold Boot = 1, resume = 2, deactive = 3
-    domain type: 1 byte
-    instance_id: 4 bytes
-  Output Parameters:
-    None
-    
-VTPM_Close
-  Input Parameters:
-    instance_id: 4 bytes
-  Output Parameters:
-    None
-
-VTPM_Delete
-  Input Parameters:
-    instance_id: 4 bytes
-  Output Parameters:
-    None
-
-VTPM_SaveNVM
-  Input Parameters:
-    data: n bytes (Header indicates size of data)
-  Output Parameters:
-    None
-
-VTPM_LoadNVM
-  Input Parameters:
-    None
-  Output Parameters:
-    data: n bytes (Header indicates size of data)
-
-VTPM_TPMCommand
-  Input Parameters:
-    TPM Command Byte Stream: n bytes 
-  Output Parameters:
-    TPM Reponse Byte Stream: n bytes 
-
-*********************************************************************/
-
-#endif //_VTPM_MANAGER_H_
diff -r 2a4c1d3a080e -r 170d45f7a2eb 
tools/vtpm_manager/manager/vtpm_manager_handler.c
--- a/tools/vtpm_manager/manager/vtpm_manager_handler.c Tue Nov 13 10:46:59 
2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,488 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// vtpm_manager_handler.c
-// 
-//  This file will house the main logic of the VTPM Manager
-//
-// ==================================================================
-
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "vtsp.h"
-#include "bsg.h"
-#include "hashtable.h"
-#include "hashtable_itr.h"
-#include "log.h"
-#include "buffer.h"
-
-#define vtpmhandlerloginfo(module,fmt,args...) vtpmloginfo (module, "[%s]: " 
fmt, thread_name, ##args );
-#define vtpmhandlerloginfomore(module,fmt,args...) vtpmloginfomore (module, 
fmt, ##args );
-#define vtpmhandlerlogerror(module,fmt,args...) vtpmlogerror (module, "[%s]: " 
fmt, thread_name, ##args );
-
-// ---------------------- Prototypes -------------------
-TPM_RESULT vtpm_manager_handle_vtpm_cmd(VTPM_DMI_RESOURCE *dmi_res,
-                                       TPM_COMMAND_CODE ord,
-                                       buffer_t *command_buf,
-                                       buffer_t *result_buf,
-                                        BOOL is_priv,
-                                        char *thread_name);
-
-TPM_RESULT vtpm_manager_handle_tpm_cmd(vtpm_ipc_handle_t *tx_ipc_h,
-                                       vtpm_ipc_handle_t *rx_ipc_h,
-                                       VTPM_DMI_RESOURCE *dmi_res,
-                                       BYTE *cmd_header,
-                                       buffer_t *param_buf,
-                                       buffer_t *result_buf,
-                                       char *thread_name);
-
-TPM_RESULT VTPM_Manager_Handler( vtpm_ipc_handle_t *tx_ipc_h, 
-                                 vtpm_ipc_handle_t *rx_ipc_h,
-                                 BOOL fw_tpm,   // Forward TPM cmds?
-                                 vtpm_ipc_handle_t *fw_tx_ipc_h, 
-                                 vtpm_ipc_handle_t *fw_rx_ipc_h,
-                                 BOOL is_priv,
-                                 char *thread_name) {
-  TPM_RESULT      status =  TPM_FAIL; // Should never return
-  UINT32          dmi, in_param_size, cmd_size, out_param_size, 
out_message_size, reply_size;
-  BYTE            *cmd_header=NULL, *in_param=NULL, *out_message=NULL, *reply;
-  buffer_t        *command_buf=NULL, *result_buf=NULL;
-  TPM_TAG         tag;
-  TPM_COMMAND_CODE ord;
-  VTPM_DMI_RESOURCE *dmi_res;
-  int  size_read, size_write, i;
-  BOOL add_header=TRUE; // This indicates to prepend a header on result_buf 
before sending
-  
-  cmd_header = (BYTE *) malloc(VTPM_COMMAND_HEADER_SIZE_SRV);
-  command_buf = (buffer_t *) malloc(sizeof(buffer_t));
-  result_buf = (buffer_t *) malloc(sizeof(buffer_t));
- 
-  // ------------------------ Main Loop --------------------------------
-  while(1) {
-    
-    vtpmhandlerloginfo(VTPM_LOG_VTPM, "%s waiting for messages.\n", 
thread_name);
-
-    // --------------------- Read Cmd from Sender ----------------
-    
-    // Read command header 
-    size_read = vtpm_ipc_read(rx_ipc_h, NULL, cmd_header, 
VTPM_COMMAND_HEADER_SIZE_SRV);
-    if (size_read > 0) {
-      vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "RECV[%d]: 0x", size_read);
-      for (i=0; i<size_read; i++) 
-       vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]);
-    } else {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s can't read from ipc. Errono = %d. 
Aborting... \n", thread_name, errno);
-      goto abort_command;
-    }
-
-    if (size_read < (int) VTPM_COMMAND_HEADER_SIZE_SRV) {
-      vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "\n");
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command shorter than normal header 
(%d bytes). Aborting...\n", size_read);
-      goto abort_command;
-    }
-    
-    // Unpack header
-    BSG_UnpackList(cmd_header, 4,
-                  BSG_TYPE_UINT32, &dmi,
-                  BSG_TPM_TAG, &tag,
-                  BSG_TYPE_UINT32, &in_param_size,
-                  BSG_TPM_COMMAND_CODE, &ord );
-    
-    // Using the header info, read the parameters of the command
-    // Note that in_param_size is in the client's context
-    cmd_size = in_param_size - VTPM_COMMAND_HEADER_SIZE_CLT;
-    if (cmd_size > 0) {
-      in_param = (BYTE *) malloc(cmd_size);
-      size_read = vtpm_ipc_read( rx_ipc_h, NULL, in_param, cmd_size);
-      if (size_read > 0) {
-       for (i=0; i<size_read; i++) 
-         vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param[i]);
-       
-      } else {
-        vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s had error reading cmd from ipc. 
Aborting... \n", thread_name);
-       goto abort_command;
-      }
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-      
-      if (size_read < (int) cmd_size) {
-       vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-       vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command read(%d) is shorter than 
header indicates(%d). Aborting...\n", size_read, cmd_size);
-       goto abort_command;
-      }
-    } else {
-      in_param = NULL;
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-    }
-
-    // Init the buffers used to handle the command and the response
-    if ( (buffer_init_convert(command_buf, cmd_size, in_param) != TPM_SUCCESS) 
|| 
-        (buffer_init(result_buf, 0, 0) != TPM_SUCCESS) ) {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Failed to setup buffers. 
Aborting...\n");
-      goto abort_command;
-    }
-    
-    // -------------- Dispatch Commands to Handlers -----------
-    if ((tag == VTPM_TAG_REQ) && (ord & VTPM_PRIV_MASK)) {
-      vtpm_lock_wrlock();
-    } else {
-      vtpm_lock_rdlock();
-    }
-
-    if ( !(dmi_res = (VTPM_DMI_RESOURCE *) 
hashtable_search(vtpm_globals->dmi_map, &dmi)) ||
-         (!dmi_res->connected) ) {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Attempted access to non-existent or 
disconnected DMI %d. Aborting...\n", dmi);
-      status = TPM_BAD_PARAMETER;
-      // We have no one to reply to, they don't exist.
-      goto abort_command;
-    }
-
-    if (tag == VTPM_TAG_REQ) { 
-    
-      status = vtpm_manager_handle_vtpm_cmd(dmi_res, ord, command_buf, 
result_buf, is_priv, thread_name);
-
-    } else { // This is not a VTPM Command at all.
-      if (fw_tpm) { 
-        status = vtpm_manager_handle_tpm_cmd(fw_tx_ipc_h, fw_rx_ipc_h, 
dmi_res, cmd_header, command_buf, result_buf, thread_name);
-
-        // This means calling the DMI failed, not that the cmd failed in the 
DMI
-        // Since the return will be interpretted by a TPM app, all errors are 
IO_ERRORs to the app
-        if (status != TPM_SUCCESS) { 
-          status = TPM_IOERROR;
-         goto abort_with_error;
-        }
-        // Unlike all other commands, forwarded commands yield a result_buf 
that includes the DMI's status. This
-        // should be forwarded to the caller VM
-        add_header = FALSE;
-      } else {
-        // We are not supposed to forward TPM commands at all.
-        int i;
-        vtpmhandlerlogerror(VTPM_LOG_VTPM, "Attempt to use unsupported direct 
access to TPM.\n");
-        vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "Bad Command. dmi:%d, tag:%d, 
size:%d, ord:%d, Params: ", dmi, tag, in_param_size, ord);
-        for (i=0; i<cmd_size; i++)
-          vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param[i]);
-
-        vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-
-        status = TPM_FAIL;
-        goto abort_with_error;
-     }
-
-    } // end else for is VTPM Command
-
-    // ------------------- Respond to Sender ------------------
-
-    // Errors while handling responses jump here to reply with error messages
-    // NOTE: Currently there are no recoverable errors in multi-VM mode. If one
-    //       is added to the code, this ifdef should be removed.
-    //       Also note this is NOT referring to errors in commands, but rather
-    //       this is about I/O errors and such.
-#ifndef VTPM_MULTI_VM
- abort_with_error:
-#endif
-   
-    if (add_header) { 
-      // Prepend VTPM header with destination DM stamped
-      out_param_size = buffer_len(result_buf);
-      out_message_size = VTPM_COMMAND_HEADER_SIZE_CLT + out_param_size;
-      reply_size = VTPM_COMMAND_HEADER_SIZE_SRV + out_param_size;
-      out_message = (BYTE *) malloc (reply_size);
-      reply = out_message;
-    
-      BSG_PackList(out_message, 4,
-                  BSG_TYPE_UINT32, (BYTE *) &dmi,
-                  BSG_TPM_TAG, (BYTE *) &tag,
-                  BSG_TYPE_UINT32, (BYTE *) &out_message_size,
-                  BSG_TPM_RESULT, (BYTE *) &status);
-    
-      if (buffer_len(result_buf) > 0) 
-        memcpy(out_message + VTPM_COMMAND_HEADER_SIZE_SRV, result_buf->bytes, 
out_param_size);
-      //Note: Send message + dmi_id
-    } else {
-      reply = result_buf->bytes;
-      reply_size = buffer_len(result_buf);
-    }  
-    size_write = vtpm_ipc_write(tx_ipc_h, (dmi_res ? dmi_res->tx_vtpm_ipc_h : 
NULL), reply, reply_size );
-    if (size_write > 0) {
-      vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "SENT: 0x");
-      for (i=0; i < reply_size; i++) 
-       vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", reply[i]);
-      
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");            
-    } else {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s had error writing to ipc. 
Aborting... \n", thread_name);
-      goto abort_command;
-    }
-    free(out_message); out_message=NULL;
-    
-    if (size_write < (int)reply_size) {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "%s unable to write full command to 
ipc (%d/%d)\n", thread_name, size_write, reply_size);
-      goto abort_command;
-    }
-    
-    // On certain failures an error message cannot be sent. 
-    // This marks the beginning of cleanup in preperation for the next command.
-  abort_command:
-    //free buffers
-    bzero(cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV);
-    //free(in_param); // This was converted to command_buf. No need to free 
-    buffer_free(result_buf);
-    buffer_free(command_buf);
-
-    // If we have a write lock, save the manager table
-    if ((tag == VTPM_TAG_REQ) && (ord & VTPM_PRIV_MASK) &&
-        (VTPM_SaveManagerData() != TPM_SUCCESS) ) {
-       vtpmhandlerlogerror(VTPM_LOG_VTPM, "ERROR: Unable to save manager 
data.\n");
-    }
-
-    vtpm_lock_unlock();
-    add_header = TRUE; // Reset to the default
-  } // End while(1)
-  
-}
-
-/////////////////////////////////////////////////////////////////////////
-TPM_RESULT vtpm_manager_handle_vtpm_cmd(VTPM_DMI_RESOURCE *dmi_res, 
-                                       TPM_COMMAND_CODE ord,
-                                       buffer_t *command_buf,
-                                       buffer_t *result_buf,
-                                        BOOL is_priv,
-                                        char *thread_name) {
-
-  TPM_RESULT status = TPM_FAIL;
-
-  switch (ord) {                
-  case VTPM_ORD_SAVENVM:
-    status= VTPM_Handle_Save_NVM(dmi_res,
-                                 command_buf, 
-                                 result_buf);
-    break;
-
-  case VTPM_ORD_LOADNVM:
-    status= VTPM_Handle_Load_NVM(dmi_res, 
-                                 command_buf, 
-                                 result_buf);
-    break;
-
-  case VTPM_ORD_TPMCOMMAND:
-    status= VTPM_Handle_TPM_Command(dmi_res, 
-                                    command_buf, 
-                                    result_buf);
-    break;
-
-  case VTPM_ORD_GET_MIG_KEY:
-    status = VTPM_Handle_Get_Migration_key(command_buf, 
-                                           result_buf);
-    break;
-
-  case VTPM_ORD_LOAD_MIG_KEY:
-    status = VTPM_Handle_Load_Migration_key(command_buf, 
-                                           result_buf);
-    break;
-   
-  default:
-    // Privileged handlers can do maintanance
-    if (is_priv) {
-      switch (ord) {
-      case VTPM_ORD_OPEN:
-        status = VTPM_Handle_New_DMI(command_buf);
-        break;
-
-      case VTPM_ORD_CLOSE:
-        status = VTPM_Handle_Close_DMI(command_buf);
-        break;
-
-      case VTPM_ORD_DELETE:
-        status = VTPM_Handle_Delete_DMI(command_buf);
-        break;
-
-      case VTPM_ORD_MIGRATE_IN:
-        status = VTPM_Handle_Migrate_In(command_buf, result_buf);
-        break;
-
-      case VTPM_ORD_MIGRATE_OUT:
-        status = VTPM_Handle_Migrate_Out(command_buf, result_buf);
-        break;
-
-      default:
-        status = TPM_BAD_ORDINAL;
-      } // switch
-    } else { // is priv command
-
-        status = TPM_BAD_ORDINAL;
-    } // inner switch
-  } // outer switch
-
-  return(status);
-}
-      
-/////////////////////////////////////////////////////////////////////
-TPM_RESULT vtpm_manager_handle_tpm_cmd(vtpm_ipc_handle_t *tx_ipc_h,
-                                       vtpm_ipc_handle_t *rx_ipc_h,
-                                      VTPM_DMI_RESOURCE *dmi_res, 
-                                      BYTE *cmd_header,
-                                      buffer_t *param_buf,
-                                      buffer_t *result_buf,
-                                       char *thread_name) {
-
-  TPM_RESULT status = TPM_FAIL;
-  UINT32 dmi_dst;
-  TPM_COMMAND_CODE ord;
-  TPM_TAG tag_out;
-  UINT32 dmi_cmd_size, in_param_size, adj_param_size;
-  BYTE *dmi_cmd, *in_param;
-  int  size_read, size_write, i;
-
-  //// Dom0 can't talk to the BE, so this must be a broken FE/BE or badness
-  if (dmi_res->dmi_id == VTPM_CTL_DM) {
-    vtpmhandlerlogerror(VTPM_LOG_VTPM, "Illegal use of TPM command from 
dom0\n");
-    status = TPM_FAIL;
-    goto abort_with_error;
-  } 
-
-  vtpmhandlerloginfo(VTPM_LOG_VTPM, "Forwarding command to DMI.\n");
-   
-  //Forward TPM CMD stamped with dmi_id to DMI for handling
-  if (buffer_len(param_buf)) {
-    dmi_cmd = (BYTE *) malloc(VTPM_COMMAND_HEADER_SIZE_SRV + 
buffer_len(param_buf));
-    dmi_cmd_size = VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(param_buf);
-    memcpy(dmi_cmd, cmd_header, VTPM_COMMAND_HEADER_SIZE_SRV);
-    memcpy(dmi_cmd + VTPM_COMMAND_HEADER_SIZE_SRV, param_buf->bytes, 
buffer_len(param_buf));
-    size_write = vtpm_ipc_write(tx_ipc_h, dmi_res->tx_tpm_ipc_h, dmi_cmd, 
dmi_cmd_size);
-
-    if (size_write > 0) {
-      vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "SENT (DMI): 0x");
-      for (i=0; i<VTPM_COMMAND_HEADER_SIZE_SRV + buffer_len(param_buf); i++) {
-        vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", dmi_cmd[i]);
-      }
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-    } else {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error writing to DMI. Aborting... 
\n");
-      status = TPM_IOERROR;
-      goto abort_with_error;
-    }
-    free(dmi_cmd);
-  } else {
-    dmi_cmd_size = VTPM_COMMAND_HEADER_SIZE_SRV;
-    size_write = vtpm_ipc_write(tx_ipc_h, dmi_res->tx_tpm_ipc_h, cmd_header, 
VTPM_COMMAND_HEADER_SIZE_SRV );
-    if (size_write > 0) {
-      vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "SENT (DMI): 0x");
-      for (i=0; i<VTPM_COMMAND_HEADER_SIZE_SRV; i++) 
-        vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]);
-
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
-    } else {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error writing to DMI. Aborting... 
\n");
-      status = TPM_IOERROR;
-      goto abort_with_error;
-    }
-  }
-    
-  if (size_write != (int) dmi_cmd_size) 
-    vtpmhandlerlogerror(VTPM_LOG_VTPM, "Could not write entire command to DMI 
(%d/%d)\n", size_write, dmi_cmd_size);
-
-  buffer_free(param_buf);
-  
-  // Read header for response to TPM command from DMI
-  size_read = vtpm_ipc_read( rx_ipc_h, dmi_res->rx_tpm_ipc_h, cmd_header, 
VTPM_COMMAND_HEADER_SIZE_SRV);
-  if (size_read > 0) {
-    vtpmhandlerloginfo(VTPM_LOG_VTPM_DEEP, "RECV (DMI): 0x");
-    for (i=0; i<size_read; i++) 
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cmd_header[i]);
-
-  } else {
-    vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error reading from DMI. Aborting... 
\n");
-    status = TPM_IOERROR;
-    goto abort_with_error;
-  }
-  
-  if (size_read < (int) VTPM_COMMAND_HEADER_SIZE_SRV) {
-    vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command from DMI shorter than normal 
header. Aborting...\n");
-    status = TPM_IOERROR;
-    goto abort_with_error;
-  }
-
-  // Unpack response from DMI for TPM command
-  BSG_UnpackList(cmd_header, 4,
-                 BSG_TYPE_UINT32, &dmi_dst,
-                 BSG_TPM_TAG, &tag_out,
-                 BSG_TYPE_UINT32, &in_param_size,
-                 BSG_TPM_COMMAND_CODE, &status );
-  
-  // If response has parameters, read them.
-  // Note that in_param_size is in the client's context
-  adj_param_size = in_param_size - VTPM_COMMAND_HEADER_SIZE_CLT;
-  if (adj_param_size > 0) {
-    in_param = (BYTE *) malloc(adj_param_size);
-    size_read = vtpm_ipc_read(rx_ipc_h, dmi_res->rx_tpm_ipc_h, in_param, 
adj_param_size);
-    if (size_read > 0) {
-      for (i=0; i<size_read; i++) 
-        vtpmhandlerloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", in_param[i]);
-
-    } else {
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Error reading from BE. Aborting... 
\n");
-      goto abort_with_error;
-    }
-    vtpmhandlerloginfomore(VTPM_LOG_VTPM, "\n");
-   
-    if (size_read < (int)adj_param_size) {
-      vtpmhandlerloginfomore(VTPM_LOG_VTPM, "\n");
-      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Command read(%d) from DMI is shorter 
than header indicates(%d). Aborting...\n", size_read, adj_param_size);
-      status = TPM_IOERROR;
-      goto abort_with_error;
-    }
-  } else {
-    in_param = NULL;
-    vtpmhandlerloginfomore(VTPM_LOG_VTPM, "\n");
-  }
-   
-  if ( (buffer_init(result_buf, VTPM_COMMAND_HEADER_SIZE_SRV, cmd_header) != 
TPM_SUCCESS) || 
-       (buffer_append_raw(result_buf, adj_param_size, in_param) != 
TPM_SUCCESS) ) {
-    vtpmhandlerlogerror(VTPM_LOG_VTPM, "Failed to setup buffers. 
Aborting...\n");
-    status = TPM_FAIL;
-    goto abort_with_error;
-  }
- 
-  vtpmhandlerloginfo(VTPM_LOG_VTPM, "Sending DMI's response to guest.\n");
-
-  status = TPM_SUCCESS;
-
- abort_with_error:
-
-  return status;
-}
-
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpmd.c
--- a/tools/vtpm_manager/manager/vtpmd.c        Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,371 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// vtpmd.c
-// 
-//  Application
-//
-// ===================================================================
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <pthread.h>
-#include "vtpm_manager.h"
-#include "vtpmpriv.h"
-#include "tcg.h"
-#include "log.h"
-#include "vtpm_ipc.h"
-
-#define TPM_EMULATOR_PATH "/usr/bin/vtpmd"
-
-#define VTPM_BE_FNAME          "/dev/vtpm"
-#define VTPM_DUMMY_TX_BE_FNAME "/var/vtpm/fifos/dummy_out.fifo"
-#define VTPM_DUMMY_RX_BE_FNAME "/var/vtpm/fifos/dummy_in.fifo"
-#define VTPM_TX_TPM_FNAME      "/var/vtpm/fifos/tpm_cmd_to_%d.fifo"
-#define VTPM_RX_TPM_FNAME      "/var/vtpm/fifos/tpm_rsp_from_all.fifo"
-#define VTPM_TX_VTPM_FNAME     "/var/vtpm/fifos/vtpm_rsp_to_%d.fifo"
-#define VTPM_RX_VTPM_FNAME     "/var/vtpm/fifos/vtpm_cmd_from_all.fifo"
-#define VTPM_TX_HP_FNAME       "/var/vtpm/fifos/to_console.fifo"
-#define VTPM_RX_HP_FNAME       "/var/vtpm/fifos/from_console.fifo"
-
-#define VTPM_TYPE_PVM_STRING "pvm"
-#define VTPM_TYPE_HVM_STRING "hvm"
-
-struct vtpm_thread_params_s {
-  vtpm_ipc_handle_t *tx_ipc_h;
-  vtpm_ipc_handle_t *rx_ipc_h;
-  BOOL fw_tpm;
-  vtpm_ipc_handle_t *fw_tx_ipc_h;
-  vtpm_ipc_handle_t *fw_rx_ipc_h;
-  BOOL is_priv;
-  char *thread_name;
-};
-
-// This is needed to all extra_close_dmi to close this to prevent a
-// broken pipe when no DMIs are left.
-static vtpm_ipc_handle_t *g_rx_tpm_ipc_h;
-
-void *vtpm_manager_thread(void *arg_void) {
-  TPM_RESULT *status = (TPM_RESULT *) malloc(sizeof(TPM_RESULT) );
-  struct vtpm_thread_params_s *arg = (struct vtpm_thread_params_s *) arg_void;
-
-  *status = VTPM_Manager_Handler(arg->tx_ipc_h, arg->rx_ipc_h,
-                                 arg->fw_tpm, arg->fw_tx_ipc_h, 
arg->fw_rx_ipc_h,
-                                 arg->is_priv, arg->thread_name);
-
-  return (status);
-}
-
-
-void signal_handler(int reason) {
-  if (pthread_equal(pthread_self(), vtpm_globals->master_pid)) {
-    vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager shutting down for signal %d.\n", 
reason);
-  } else {
-    // For old Linux Thread machines, signals are delivered to each thread. 
Deal with them.
-    vtpmloginfo(VTPM_LOG_VTPM, "Child shutting down\n");
-    pthread_exit(NULL);
-  }
-
-  VTPM_Stop_Manager();
-  exit(-1);
-}
-
-struct sigaction ctl_c_handler;
-
-TPM_RESULT VTPM_New_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res, BYTE vm_type, BYTE 
startup_mode) {
-
-  TPM_RESULT status = TPM_SUCCESS;
-  int fh;
-  char dmi_id_str[11]; // UINT32s are up to 10 digits + NULL
-  char *tx_vtpm_name, *tx_tpm_name, *vm_type_string;
-  struct stat file_info;
-
-  if (dmi_res->dmi_id == VTPM_CTL_DM) {
-    dmi_res->tx_tpm_ipc_h = NULL;
-    dmi_res->rx_tpm_ipc_h = NULL;
-    dmi_res->tx_vtpm_ipc_h = NULL;
-    dmi_res->rx_vtpm_ipc_h = NULL;
-  } else {
-    // Create a pair of fifo pipes
-    dmi_res->rx_tpm_ipc_h = NULL;
-    dmi_res->rx_vtpm_ipc_h = NULL;
-
-    if ( ((dmi_res->tx_tpm_ipc_h = (vtpm_ipc_handle_t *) malloc 
(sizeof(vtpm_ipc_handle_t))) == NULL ) ||
-         ((dmi_res->tx_vtpm_ipc_h =(vtpm_ipc_handle_t *) malloc 
(sizeof(vtpm_ipc_handle_t))) == NULL ) ||
-         ((tx_tpm_name = (char *) malloc(11 + strlen(VTPM_TX_TPM_FNAME))) == 
NULL ) ||
-         ((tx_vtpm_name =(char *) malloc(11 + strlen(VTPM_TX_VTPM_FNAME))) == 
NULL) ) {
-      status =TPM_RESOURCES;
-      goto abort_egress;
-    }
-
-    sprintf(tx_tpm_name, VTPM_TX_TPM_FNAME, (uint32_t) dmi_res->dmi_id);
-    sprintf(tx_vtpm_name, VTPM_TX_VTPM_FNAME, (uint32_t) dmi_res->dmi_id);
-
-    if ( (vtpm_ipc_init(dmi_res->tx_tpm_ipc_h, tx_tpm_name, O_WRONLY | 
O_NONBLOCK, TRUE) != 0) ||
-         (vtpm_ipc_init(dmi_res->tx_vtpm_ipc_h, tx_vtpm_name, O_WRONLY, TRUE) 
!= 0) ) { //FIXME: O_NONBLOCK?
-      status = TPM_IOERROR;
-      goto abort_egress;
-    }
-
-    // Measure DMI
-    // FIXME: This will measure DMI. Until then use a fixed DMI_Measurement 
value
-    // Also, this mechanism is specific to 1 VM architecture.
-    /*
-    fh = open(TPM_EMULATOR_PATH, O_RDONLY);
-    stat_ret = fstat(fh, &file_stat);
-    if (stat_ret == 0)
-      dmi_size = file_stat.st_size;
-    else {
-      vtpmlogerror(VTPM_LOG_VTPM, "Could not open vtpmd!!\n");
-      status = TPM_IOERROR;
-      goto abort_egress;
-    }
-    dmi_buffer
-    */
-    memset(&dmi_res->DMI_measurement, 0xcc, sizeof(TPM_DIGEST));
-
-    if (vm_type == VTPM_TYPE_PVM)
-      vm_type_string = (BYTE *)&VTPM_TYPE_PVM_STRING;
-    else
-      vm_type_string = (BYTE *)&VTPM_TYPE_HVM_STRING;
-
-    // Launch DMI
-    sprintf(dmi_id_str, "%d", (int) dmi_res->dmi_id);
-#ifdef MANUAL_DM_LAUNCH
-    vtpmlogerror(VTPM_LOG_VTPM, "Manually start VTPM with dmi=%s now.\n", 
dmi_id_str);
-    dmi_res->dmi_pid = 0;
-#else
-    pid_t pid = fork();
-
-    if (pid == -1) {
-      vtpmlogerror(VTPM_LOG_VTPM, "Could not fork to launch vtpm\n");
-      status = TPM_RESOURCES;
-      goto abort_egress;
-    } else if (pid == 0) {
-      switch (startup_mode) {
-      case TPM_ST_CLEAR:
-        execl (TPM_EMULATOR_PATH, "vtpmd", "clear", vm_type_string, 
dmi_id_str, NULL);
-        break;
-      case TPM_ST_STATE:
-        execl (TPM_EMULATOR_PATH, "vtpmd", "save", vm_type_string, dmi_id_str, 
NULL);
-        break;
-      case TPM_ST_DEACTIVATED:
-        execl (TPM_EMULATOR_PATH, "vtpmd", "deactivated", vm_type_string, 
dmi_id_str, NULL);
-        break;
-      default:
-        status = TPM_BAD_PARAMETER;
-        goto abort_egress;
-      }
-
-      // Returning from these at all is an error.
-      vtpmlogerror(VTPM_LOG_VTPM, "Could not exec to launch vtpm\n");
-    } else {
-      dmi_res->dmi_pid = pid;
-      vtpmloginfo(VTPM_LOG_VTPM, "Launching DMI on PID = %d\n", pid);
-    }
-#endif // MANUAL_DM_LAUNCH
-
-  } // If DMI = VTPM_CTL_DM
-    status = TPM_SUCCESS;
-
-abort_egress:
-  return (status);
-}
-
-TPM_RESULT VTPM_Close_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res) {
-  TPM_RESULT status = TPM_SUCCESS;
-
-  if (vtpm_globals->connected_dmis == 0) {
-    // No more DMI's connected. Close fifo to prevent a broken pipe.
-    // This is hackish. Need to think of another way.
-    vtpm_ipc_close(g_rx_tpm_ipc_h);
-  }
-
-  
-  if (dmi_res->dmi_id != VTPM_CTL_DM) {
-    vtpm_ipc_close(dmi_res->tx_tpm_ipc_h);
-    vtpm_ipc_close(dmi_res->tx_vtpm_ipc_h);
-
-    free(dmi_res->tx_tpm_ipc_h->name);
-    free(dmi_res->tx_vtpm_ipc_h->name);
-
-#ifndef MANUAL_DM_LAUNCH
-    if (dmi_res->dmi_id != VTPM_CTL_DM) {
-      if (dmi_res->dmi_pid != 0) {
-        vtpmloginfo(VTPM_LOG_VTPM, "Killing dmi on pid %d.\n", 
dmi_res->dmi_pid);
-        if (kill(dmi_res->dmi_pid, SIGKILL) !=0) {
-          vtpmloginfo(VTPM_LOG_VTPM, "DMI on pid %d is already dead.\n", 
dmi_res->dmi_pid);
-        } else if (waitpid(dmi_res->dmi_pid, NULL, 0) != dmi_res->dmi_pid) {
-          vtpmlogerror(VTPM_LOG_VTPM, "DMI on pid %d failed to stop.\n", 
dmi_res->dmi_pid);
-          status = TPM_FAIL;
-        }
-      } else {
-        vtpmlogerror(VTPM_LOG_VTPM, "Could not kill dmi because it's pid was 
0.\n");
-        status = TPM_FAIL;
-      }
-    }
-#endif
-
-  } //endif ! dom0
-  return status;
-}
-
-
-int main(int argc, char **argv) {
-  vtpm_ipc_handle_t *tx_be_ipc_h, *rx_be_ipc_h, rx_tpm_ipc_h, rx_vtpm_ipc_h, 
tx_hp_ipc_h, rx_hp_ipc_h; 
-  struct vtpm_thread_params_s be_thread_params, dmi_thread_params, 
hp_thread_params;
-  pthread_t be_thread, dmi_thread, hp_thread;
-
-#ifdef DUMMY_BACKEND
-  vtpm_ipc_handle_t tx_dummy_ipc_h, rx_dummy_ipc_h;
-#else
-  vtpm_ipc_handle_t real_be_ipc_h;
-#endif
-
-  vtpmloginfo(VTPM_LOG_VTPM, "Starting VTPM.\n");
- 
-  // -------------------- Initialize Manager ----------------- 
-  if (VTPM_Init_Manager() != TPM_SUCCESS) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Closing vtpmd due to error during 
startup.\n");
-    return -1;
-  }
-  
-  // -------------------- Setup Ctrl+C Handlers --------------
-  ctl_c_handler.sa_handler = signal_handler;
-  sigemptyset(&ctl_c_handler.sa_mask);
-  ctl_c_handler.sa_flags = 0;    
-  
-  if (sigaction(SIGINT, &ctl_c_handler, NULL) == -1) 
-    vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGINT handler. Ctl+break 
will not stop manager gently.\n");
-  
-  // For easier debuggin with gdb
-  if (sigaction(SIGHUP, &ctl_c_handler, NULL) == -1) 
-    vtpmlogerror(VTPM_LOG_VTPM, "Could not install SIGHUP handler. Ctl+break 
will not stop manager gently.\n");    
-  
-  sigset_t sig_mask;
-  sigemptyset(&sig_mask);
-  sigaddset(&sig_mask, SIGPIPE);
-  sigprocmask(SIG_BLOCK, &sig_mask, NULL);
-  
-  // ------------------- Set up file ipc structures ----------
-#ifdef DUMMY_BACKEND
-  if ( (vtpm_ipc_init(&tx_dummy_ipc_h, VTPM_DUMMY_TX_BE_FNAME, O_RDWR, TRUE) 
!= 0) ||
-       (vtpm_ipc_init(&rx_dummy_ipc_h, VTPM_DUMMY_RX_BE_FNAME, O_RDWR, TRUE) 
!= 0) ) {
-
-    vtpmlogerror(VTPM_LOG_VTPM, "Unable to create Dummy BE FIFOs.\n");
-    exit(-1);
-  }
-
-  tx_be_ipc_h = &tx_dummy_ipc_h;
-  rx_be_ipc_h = &rx_dummy_ipc_h;
-#else
-  vtpm_ipc_init(&real_be_ipc_h, VTPM_BE_FNAME, O_RDWR, FALSE);
-
-  tx_be_ipc_h = &real_be_ipc_h;
-  rx_be_ipc_h = &real_be_ipc_h;
-#endif
-
-  if ( (vtpm_ipc_init(&rx_tpm_ipc_h, VTPM_RX_TPM_FNAME, O_RDONLY, TRUE) != 0) 
||
-       (vtpm_ipc_init(&rx_vtpm_ipc_h, VTPM_RX_VTPM_FNAME, O_RDWR, TRUE) != 0) 
|| //FIXME: O_RDONLY?
-       (vtpm_ipc_init(&tx_hp_ipc_h,  VTPM_TX_HP_FNAME, O_RDWR, TRUE) != 0)    
||
-       (vtpm_ipc_init(&rx_hp_ipc_h,  VTPM_RX_HP_FNAME, O_RDWR, TRUE) != 0) ) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Unable to create initial FIFOs.\n");
-    exit(-1);
-  }
-
-  g_rx_tpm_ipc_h = &rx_tpm_ipc_h;
-
-  // -------------------- Set up thread params ------------- 
-
-  be_thread_params.tx_ipc_h = tx_be_ipc_h;
-  be_thread_params.rx_ipc_h = rx_be_ipc_h;
-  be_thread_params.fw_tpm = TRUE;
-  be_thread_params.fw_tx_ipc_h = NULL;
-  be_thread_params.fw_rx_ipc_h = &rx_tpm_ipc_h;
-  be_thread_params.is_priv = FALSE;
-  be_thread_params.thread_name = "Backend Listener";
-
-  dmi_thread_params.tx_ipc_h = NULL;
-  dmi_thread_params.rx_ipc_h = &rx_vtpm_ipc_h;
-  dmi_thread_params.fw_tpm = FALSE; 
-  dmi_thread_params.fw_tx_ipc_h = NULL;
-  dmi_thread_params.fw_rx_ipc_h = NULL;
-  dmi_thread_params.is_priv = FALSE; 
-  dmi_thread_params.thread_name = "VTPM Listener";
-
-  hp_thread_params.tx_ipc_h = &tx_hp_ipc_h;
-  hp_thread_params.rx_ipc_h = &rx_hp_ipc_h;
-  hp_thread_params.fw_tpm = FALSE;
-  hp_thread_params.fw_tx_ipc_h = NULL;
-  hp_thread_params.fw_rx_ipc_h = NULL;
-  hp_thread_params.is_priv = TRUE;
-  hp_thread_params.thread_name = "Hotplug Listener";
-
-  // --------------------- Launch Threads -----------------
-
-  vtpm_lock_init();
-
-  vtpm_globals->master_pid = pthread_self();
-  
-  if (pthread_create(&be_thread, NULL, vtpm_manager_thread, &be_thread_params) 
!= 0) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch BE Thread.\n");
-    exit(-1);
-  }
-  
-  if (pthread_create(&dmi_thread, NULL, vtpm_manager_thread, 
&dmi_thread_params) != 0) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch DMI Thread.\n");
-    exit(-1);
-  }
-
- 
-  if (pthread_create(&hp_thread, NULL, vtpm_manager_thread, &hp_thread_params) 
!= 0) {
-    vtpmlogerror(VTPM_LOG_VTPM, "Failed to launch HP Thread.\n");
-    exit(-1);
-  }
- 
-  //Join the other threads until exit time.
-  pthread_join(be_thread, NULL);
-  pthread_join(dmi_thread, NULL);
-  pthread_join(hp_thread, NULL);
- 
-  vtpmlogerror(VTPM_LOG_VTPM, "VTPM Manager shut down unexpectedly.\n");
- 
-  VTPM_Stop_Manager();
-  vtpm_lock_destroy();
-  return 0;
-}
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtpmpriv.h
--- a/tools/vtpm_manager/manager/vtpmpriv.h     Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,186 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// vtpmpriv.h
-// 
-//  Structures and functions private to the manager
-//
-// ==================================================================
-
-#ifndef __VTPMPRIV_H__
-#define __VTPMPRIV_H__
-
-#include "vtpm_manager.h"
-#include "tcg.h"
-#include "tcs.h"
-#include "buffer.h"
-#include "crypto.h"
-#include "vtpm_ipc.h"
-
-#define VTPM_MANAGER_GEN   2     // This is incremented when the manager's 
table
-                                 // is changed. It's used for backwards 
compatability
-
-#define STATE_FILE         "/var/vtpm/VTPM"
-#define DMI_NVM_FILE       "/var/vtpm/vtpm_dm_%d.data"
-#define VTPM_CTL_DM        0
-
-// ------------------------ Private Structures -----------------------
-typedef struct VTPM_DMI_RESOURCE_T {
-  // I/O info for Manager to talk to DMI's and controllers
-  vtpm_ipc_handle_t      *tx_vtpm_ipc_h;    // TX VTPM Results to DMI
-  vtpm_ipc_handle_t      *rx_vtpm_ipc_h;    // RX VTPM Commands from DMI
-  vtpm_ipc_handle_t      *tx_tpm_ipc_h;     // TX TPM Commands to DMI
-  vtpm_ipc_handle_t      *rx_tpm_ipc_h;     // RX TPM Results from DMI
- 
-#ifndef VTPM_MULTI_VM 
-  pid_t                 dmi_pid;
-#endif
-
-  // Non-persistent Information
-  bool                  connected;
-  UINT32                dmi_domain_id;
-  TCS_CONTEXT_HANDLE    TCSContext;     // TCS Handle
-  char                  *NVMLocation;   // NULL term string indicating location
-                                        // of NVM.
-  // Persistent Information about DMI
-  UINT32                dmi_id;
-  BYTE                  dmi_type;
-  TPM_DIGEST            NVM_measurement;  // Equal to the SHA1 of the blob
-  TPM_DIGEST            DMI_measurement;  // Correct measurement of the owning 
DMI
-} VTPM_DMI_RESOURCE;
-
-typedef struct tdVTPM_MIGKEY_LIST {
-  UINT32                name_size;
-  BYTE                  *name; // Name of destination (IP addr, domain name, 
etc)
-  CRYPTO_INFO           key;
-  struct tdVTPM_MIGKEY_LIST *next;
-} VTPM_MIGKEY_LIST;
-
-
-typedef struct tdVTPM_GLOBALS {
-  // Non-persistent data
-#ifndef VTPM_MULTI_VM
-  pid_t               master_pid;
-#endif
-
-  int                 connected_dmis;     // To close guest_rx when no dmis 
are connected
-
-  struct hashtable    *dmi_map;               // Table of all DMI's known 
indexed by persistent instance #
-  VTPM_MIGKEY_LIST    *mig_keys;              // Table of migration keys
-                      // Currently keys are loaded at migration time,
-                      // TODO: Make VTPM man store a keys persistently
-                      //       and update script to check if key is needed
-                      //       before fetching it.
-
-  TCS_CONTEXT_HANDLE  manager_tcs_handle;     // TCS Handle used by manager
-  TPM_HANDLE          storageKeyHandle;       // Key used by persistent store
-  CRYPTO_INFO         storageKey;             // For software encryption
-  CRYPTO_INFO         bootKey;                // For saving table
-  TCS_AUTH            keyAuth;                // OIAP session for storageKey 
-    
-  // Persistent Data
-  TPM_AUTHDATA        owner_usage_auth;       // OwnerAuth of real TPM
-  buffer_t            storageKeyWrap;         // Wrapped copy of storageKey
-  TPM_AUTHDATA        srk_usage_auth;
-  TPM_AUTHDATA        storage_key_usage_auth; 
-
-  buffer_t            bootKeyWrap;            // Wrapped copy of boot key 
-
-}VTPM_GLOBALS;
-
-// --------------------------- Global Values --------------------------
-extern VTPM_GLOBALS *vtpm_globals;   // Key info and DMI states
-extern const TPM_AUTHDATA SRK_AUTH;  // SRK Well Known Auth Value
-
-// ********************** VTPM Functions *************************
-TPM_RESULT VTPM_Init_Manager(); // Start VTPM Service
-void VTPM_Stop_Manager();  // Stop VTPM Service
-TPM_RESULT VTPM_Manager_Handler(vtpm_ipc_handle_t *tx_ipc_h,
-                                vtpm_ipc_handle_t *rx_ipc_h,
-                                BOOL fw_tpm,   // Should forward TPM cmds
-                                vtpm_ipc_handle_t *fw_tx_ipc_h,
-                                vtpm_ipc_handle_t *fw_rx_ipc_h,
-                                BOOL is_priv,
-                                char *client_name);
-
-// ********************** Command Handler Prototypes ***********************
-
-TPM_RESULT VTPM_Handle_Load_NVM(       VTPM_DMI_RESOURCE *myDMI, 
-                                        const buffer_t *inbuf, 
-                                        buffer_t *outbuf);
-
-TPM_RESULT VTPM_Handle_Save_NVM(       VTPM_DMI_RESOURCE *myDMI, 
-                                        const buffer_t *inbuf, 
-                                        buffer_t *outbuf);
-
-TPM_RESULT VTPM_Handle_TPM_Command(    VTPM_DMI_RESOURCE *dmi, 
-                                        buffer_t *inbuf, 
-                                        buffer_t *outbuf);
-
-TPM_RESULT VTPM_Handle_New_DMI(const buffer_t *param_buf);
-                                
-TPM_RESULT VTPM_Handle_Close_DMI(const buffer_t *param_buf);
-                                   
-TPM_RESULT VTPM_Handle_Delete_DMI(const buffer_t *param_buf);
-
-TPM_RESULT VTPM_Handle_Migrate_In( const buffer_t *param_buf,
-                                   buffer_t *result_buf);
-
-TPM_RESULT VTPM_Handle_Migrate_Out ( const buffer_t *param_buf,
-                                     buffer_t *result_buf);
-
-TPM_RESULT VTPM_Handle_Get_Migration_key( const buffer_t *param_buf,
-                                          buffer_t *result_buf);
-
-TPM_RESULT VTPM_SaveManagerData(void);
-TPM_RESULT VTPM_LoadManagerData(void);
-
-TPM_RESULT VTPM_New_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res, BYTE vm_type, BYTE 
startup_mode);
-
-TPM_RESULT VTPM_Close_DMI_Extra(VTPM_DMI_RESOURCE *dmi_res);
-
-// Helper functions
-TPM_RESULT close_dmi(VTPM_DMI_RESOURCE *dmi_res);
-TPM_RESULT init_dmi(UINT32 dmi_id, BYTE type,  VTPM_DMI_RESOURCE **dmi_res);
-
-TPM_RESULT envelope_encrypt(const buffer_t     *inbuf,
-                             CRYPTO_INFO        *asymkey,
-                             buffer_t           *sealed_data);
-
-TPM_RESULT envelope_decrypt(const buffer_t     *cipher,
-                            TCS_CONTEXT_HANDLE TCSContext,
-                            TPM_HANDLE         keyHandle,
-                            const TPM_AUTHDATA *key_usage_auth,
-                            buffer_t           *unsealed_data);
-
-#endif // __VTPMPRIV_H__
diff -r 2a4c1d3a080e -r 170d45f7a2eb tools/vtpm_manager/manager/vtsp.c
--- a/tools/vtpm_manager/manager/vtsp.c Tue Nov 13 10:46:59 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1042 +0,0 @@
-// ===================================================================
-// 
-// Copyright (c) 2005, Intel Corp.
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without 
-// modification, are permitted provided that the following conditions 
-// are met:
-//
-//   * Redistributions of source code must retain the above copyright 
-//     notice, this list of conditions and the following disclaimer.
-//   * Redistributions in binary form must reproduce the above 
-//     copyright notice, this list of conditions and the following 
-//     disclaimer in the documentation and/or other materials provided 
-//     with the distribution.
-//   * Neither the name of Intel Corporation nor the names of its 
-//     contributors may be used to endorse or promote products derived
-//     from this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
-// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
-// COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-// OF THE POSSIBILITY OF SUCH DAMAGE.
-// ===================================================================
-// 
-// vtsp.c
-// 
-//  Higher level interface to TCS for use in service.
-//
-// ==================================================================
-
-#include <string.h>
-#include "tcg.h"
-#include "tcs.h"
-#include "bsg.h"
-#include "log.h"
-#include "crypto.h"
-#include "vtsp.h"
-#include "buffer.h"
-
-#define  RSA_KEY_SIZE 0x0800
-
-/***********************************************************************************
- * GenerateAuth: Generate authorization info to be sent back to application
- *
- * Parameters: outParamDigestText  The concatenation of output parameters to 
be SHA1ed
- *    outParamDigestTextSize Size of inParamDigestText
- *    HMACkey     Key to be used for HMACing
- *          For OIAP use key.authUsage or PersistStore.ownerAuth
- *          For OSAP use shared secret
- *    pAuth     Authorization information from the application
- *
- * Return:  TPM_SUCCESS   Authorization data created
- *    TPM_AUTHFAIL   Invalid (NULL) HMACkey presented for OSAP
- 
*************************************************************************************/
-TPM_RESULT GenerateAuth( /*[IN]*/ const BYTE *inParamDigestText,
-                        /*[IN]*/ UINT32 inParamDigestTextSize,
-                        /*[IN]*/ const TPM_SECRET *HMACkey,  
-                        /*[IN,OUT]*/ TCS_AUTH *auth) {
-    
-  if (inParamDigestText == NULL || auth == NULL) 
-    return (TPM_AUTHFAIL);
-  else {
-    
-    //Generate new OddNonce
-    Crypto_GetRandom(auth->NonceOdd.nonce, sizeof(TPM_NONCE));
-    
-    // Create SHA1 inParamDigest
-    TPM_DIGEST inParamDigest;
-    Crypto_SHA1Full(inParamDigestText, inParamDigestTextSize, (BYTE *) 
&inParamDigest);
-    
-    // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
-    BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
-    
-    BSG_PackList(   hmacText, 4, 
-                   BSG_TPM_DIGEST, &inParamDigest,
-                   BSG_TPM_NONCE, &(auth->NonceEven),
-                   BSG_TPM_NONCE, &(auth->NonceOdd), 
-                   BSG_TYPE_BOOL, &(auth->fContinueAuthSession) );
-    
-    Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText), (BYTE *) HMACkey, 
sizeof(TPM_DIGEST), (BYTE *) &(auth->HMAC));
-    
-    return(TPM_SUCCESS);
-    
-  }
-}
-
-/***********************************************************************************
- * VerifyAuth: Verify the authdata for a command requiring authorization
- *
- * Parameters: inParamDigestText  The concatenation of parameters to be SHA1ed
- *    inParamDigestTextSize Size of inParamDigestText
- *    authDataUsage   AuthDataUsage for the Entity being used
- *          Key->authDataUsage or TPM_AUTH_OWNER
- *    HMACkey     Key to be used for HMACing
- *          For OIAP use key.authUsage or PersistStore.ownerAuth
- *          For OSAP use NULL (It will be aquired from the Auth Session)
- *          If unknown (default), assume OIAP
- *    sessionAuth    A TCS_AUTH info for the session
- *    pAuth     Authorization information from the application
- *              hContext        If specified, on failed Auth, VerifyAuth will
- *                                      generate a new OIAP session in place 
of themselves
- *                                      destroyed session.
- *
- * Return:  TPM_SUCCESS   Authorization Verified
- *    TPM_AUTHFAIL   Authorization Failed
- *    TPM_FAIL    Failure during SHA1 routines
- 
*************************************************************************************/
-TPM_RESULT VerifyAuth( /*[IN]*/ const BYTE *outParamDigestText,
-                      /*[IN]*/ UINT32 outParamDigestTextSize,
-                      /*[IN]*/ const TPM_SECRET *HMACkey,  
-                      /*[IN,OUT]*/ TCS_AUTH *auth,
-                      /*[IN]*/  TCS_CONTEXT_HANDLE hContext) {
-  if (outParamDigestText == NULL || auth == NULL) 
-    return (TPM_AUTHFAIL);
-  
-  
-  // Create SHA1 inParamDigest
-  TPM_DIGEST outParamDigest;
-  Crypto_SHA1Full(outParamDigestText, outParamDigestTextSize, (BYTE *) 
&outParamDigest);
-  
-  // Create HMAC text. (Concat inParamsDigest with inAuthSetupParams).
-  TPM_DIGEST hm;
-  BYTE hmacText[sizeof(TPM_DIGEST) + (2 * sizeof(TPM_NONCE)) + sizeof(BOOL)];
-  
-  BSG_PackList(   hmacText, 4, 
-                 BSG_TPM_DIGEST, &outParamDigest,
-                 BSG_TPM_NONCE, &(auth->NonceEven),
-                 BSG_TPM_NONCE, &(auth->NonceOdd), 
-                 BSG_TYPE_BOOL, &(auth->fContinueAuthSession) );
-  
-  Crypto_HMAC((BYTE *) hmacText, sizeof(hmacText),
-             (BYTE *) HMACkey, sizeof(TPM_DIGEST), (BYTE *) &hm);
-    
-  // Compare correct HMAC with provided one.
-  if (memcmp (&hm, &(auth->HMAC), sizeof(TPM_DIGEST)) == 0) { // 0 indicates 
equality
-    if (!auth->fContinueAuthSession) 
-      vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM by 
fContinue=0.\n", auth->AuthHandle);
-    
-    return (TPM_SUCCESS);
-  } else {
-    // If specified, reconnect the OIAP session.
-    // NOTE: This only works for TCS's that never have a 0 context. 
-    if (hContext) {
-      vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by TPM due to 
failure.\n", auth->AuthHandle);
-      VTSP_OIAP( hContext, auth);
-    }
-    return (TPM_AUTHFAIL);
-  }
-}
-
-TPM_RESULT VTSP_OIAP(const TCS_CONTEXT_HANDLE hContext,
-                    TCS_AUTH *auth) {
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "OIAP.\n");
-  TPM_RESULT status = TPM_SUCCESS;                           
-  TPMTRYRETURN( TCSP_OIAP(hContext,
-                         &auth->AuthHandle,
-                         &auth->NonceEven) );
-
-  memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
-  auth->fContinueAuthSession = FALSE;
-
-  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OIAP.\n", 
auth->AuthHandle);
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  return status;
-}
-
-TPM_RESULT VTSP_OSAP(const TCS_CONTEXT_HANDLE hContext,
-                    const TPM_ENTITY_TYPE entityType,
-                    const UINT32 entityValue,
-                    const TPM_AUTHDATA *usageAuth,
-                    TPM_SECRET *sharedSecret, 
-                    TCS_AUTH *auth) {
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "OSAP.\n");
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_NONCE nonceEvenOSAP, nonceOddOSAP;
-  
-  Crypto_GetRandom((BYTE *) &nonceOddOSAP, sizeof(TPM_NONCE) ); 
-  
-  TPMTRYRETURN( TCSP_OSAP(    hContext,
-                             entityType,
-                             entityValue, 
-                             nonceOddOSAP,
-                             &auth->AuthHandle, 
-                             &auth->NonceEven, 
-                             &nonceEvenOSAP) );
-  
-  // Calculating Session Secret
-  BYTE sharedSecretText[TPM_DIGEST_SIZE * 2];
-  
-  BSG_PackList(  sharedSecretText, 2,
-                BSG_TPM_NONCE, &nonceEvenOSAP,
-                BSG_TPM_NONCE, &nonceOddOSAP);
-  
-  Crypto_HMAC(sharedSecretText, sizeof(sharedSecretText), (BYTE *) usageAuth, 
TPM_DIGEST_SIZE, (BYTE *) sharedSecret);       
-
-  memset(&auth->HMAC, 0, sizeof(TPM_DIGEST));
-  auth->fContinueAuthSession = FALSE;
-   
-  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x opened by TPM_OSAP.\n", 
auth->AuthHandle);
-
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  return status;
-}
-
-
-TPM_RESULT VTSP_TerminateHandle(const TCS_CONTEXT_HANDLE hContext,
-                                const TCS_AUTH *auth) {
-
-  vtpmloginfo(VTPM_LOG_VTSP, "Terminate Handle.\n");
-  TPM_RESULT status = TPM_SUCCESS;
-  TPMTRYRETURN( TCSP_TerminateHandle(hContext, auth->AuthHandle) );
-
-  vtpmloginfo(VTPM_LOG_VTSP_DEEP, "Auth Session: 0x%x closed by 
TPM_TerminateHandle.\n", auth->AuthHandle);
-  goto egress;
-
- abort_egress:
-
- egress:
-
-  return status;
-}
-
-
-TPM_RESULT VTSP_ReadPubek(   const TCS_CONTEXT_HANDLE hContext,
-                             CRYPTO_INFO *crypto_info) {
-  
-  TPM_RESULT status;
-  TPM_NONCE antiReplay;
-  TPM_DIGEST   checksum;
-  BYTE *pubEKtext;
-  UINT32 pubEKtextsize;
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "Reading Public EK.\n");
-  
-  // GenerateAuth new nonceOdd    
-  Crypto_GetRandom(&antiReplay, sizeof(TPM_NONCE) );
-  
-  
-  TPMTRYRETURN( TCSP_ReadPubek(  hContext,
-                                antiReplay,
-                                &pubEKtextsize,
-                                &pubEKtext,
-                                &checksum) );
-  
-  
-  // Extract the remaining output parameters
-  TPM_PUBKEY pubEK;
-  
-  BSG_Unpack(BSG_TPM_PUBKEY, pubEKtext, (BYTE *) &pubEK);
-  
-  // Build CryptoInfo for the bindingKey
-  TPM_RSA_KEY_PARMS rsaKeyParms;
-  
-  BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 
-            pubEK.algorithmParms.parms, 
-            &rsaKeyParms);
-  
-  Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 
-                                 rsaKeyParms.exponent, 
-                                 pubEK.pubKey.keyLength, 
-                                 pubEK.pubKey.key, 
-                                 crypto_info);
-    
-  // Destroy rsaKeyParms
-  BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms);
-
-  // Set encryption scheme
-  crypto_info->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
-  //crypto_info->encScheme = pubEK.algorithmParms.encScheme;
-  crypto_info->algorithmID = pubEK.algorithmParms.algorithmID;
-  
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  return status;
-}
-
-TPM_RESULT VTSP_TakeOwnership(   const TCS_CONTEXT_HANDLE hContext,
-                                 const TPM_AUTHDATA *ownerAuth, 
-                                 const TPM_AUTHDATA *srkAuth,
-                                 CRYPTO_INFO *ek_cryptoInfo,
-                                 TCS_AUTH *auth) {
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "Taking Ownership of TPM.\n");
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE command = TPM_ORD_TakeOwnership;
-  TPM_PROTOCOL_ID proto_id = TPM_PID_OWNER;
-  BYTE *new_srk;
-  
-  BYTE *paramText;        // Digest to make Auth.
-  UINT32 paramTextSize;
-  
-  // vars for srkpubkey parameter
-  TPM_KEY srkPub;
-  TPM_KEY_PARMS srkKeyInfo = {TPM_ALG_RSA, TPM_ES_RSAESOAEP_SHA1_MGF1, 
TPM_SS_NONE, 12, 0};
-  BYTE srkRSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00,   0x00, 
0x00, 0x00, 0x02,   0x00, 0x00, 0x00, 0x00};
-  srkKeyInfo.parms = (BYTE *) &srkRSAkeyInfo;
-  
-  struct pack_buf_t srkText;
-  
-  //These values are accurate for an enc(AuthData).
-  struct pack_buf_t encOwnerAuth, encSrkAuth;
-  
-  encOwnerAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256);
-  encSrkAuth.data = (BYTE *)malloc(sizeof(BYTE) * 256);
-  
-  if (encOwnerAuth.data == NULL || encSrkAuth.data == NULL) {
-    vtpmloginfo(VTPM_LOG_VTSP, "Could not malloc encrypted auths.\n");
-    status = TPM_RESOURCES;
-    goto abort_egress;
-  }
-  
-  Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) ownerAuth, 
&encOwnerAuth.size, encOwnerAuth.data);
-  Crypto_RSAEnc(ek_cryptoInfo, sizeof(TPM_SECRET), (BYTE *) srkAuth, 
&encSrkAuth.size, encSrkAuth.data);
-  
-  
-  // Build srk public key struct
-  srkPub.ver = TPM_STRUCT_VER_1_1;
-  srkPub.keyUsage = TPM_KEY_STORAGE;
-  srkPub.keyFlags = 0x00;
-  srkPub.authDataUsage = TPM_AUTH_ALWAYS;
-  memcpy(&srkPub.algorithmParms, &srkKeyInfo, sizeof(TPM_KEY_PARMS));
-  srkPub.PCRInfoSize = 0;
-  srkPub.PCRInfo = 0;
-  srkPub.pubKey.keyLength= 0;
-  srkPub.encDataSize = 0;
-  
-  srkText.data = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-  srkText.size = BSG_Pack(BSG_TPM_KEY, (BYTE *) &srkPub, srkText.data);
-  
-  paramText = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);
-  
-  paramTextSize = BSG_PackList(paramText, 5,
-                              BSG_TPM_COMMAND_CODE,&command,
-                              BSG_TPM_PROTOCOL_ID, &proto_id,
-                              BSG_TPM_SIZE32_DATA, &encOwnerAuth,
-                              BSG_TPM_SIZE32_DATA, &encSrkAuth,
-                              BSG_TPM_KEY, &srkPub);
-  
-  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize, ownerAuth, auth) );
-  
-  new_srk = srkText.data;
-  TPMTRYRETURN( TCSP_TakeOwnership ( hContext,
-                                    proto_id,
-                                    encOwnerAuth.size, 
-                                    encOwnerAuth.data,
-                                    encSrkAuth.size,
-                                    encSrkAuth.data,
-                                    &srkText.size,
-                                    &new_srk, 
-                                    auth ) );
-  
-  
-  paramTextSize = BSG_PackList(paramText, 2, 
-                              BSG_TPM_RESULT, &status,
-                              BSG_TPM_COMMAND_CODE, &command);
-  memcpy(paramText + paramTextSize, new_srk, srkText.size);
-  paramTextSize += srkText.size;
-  
-  
-  TPMTRYRETURN( VerifyAuth(  paramText, paramTextSize,
-                            ownerAuth, auth, 
-                            hContext) );
-  
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  free(srkText.data);
-  free(encSrkAuth.data);
-  free(encOwnerAuth.data);
-  free(paramText);
-  
-  TCS_FreeMemory(hContext, new_srk);
-  
-  return status;
-}
-
-TPM_RESULT VTSP_DisablePubekRead( const TCS_CONTEXT_HANDLE    hContext,
-                                  const TPM_AUTHDATA          *ownerAuth, 
-                                  TCS_AUTH                    *auth) {
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "Disabling Pubek Read.\n");
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE command = TPM_ORD_DisablePubekRead;
-  
-  BYTE *paramText;        // Digest to make Auth.
-  UINT32 paramTextSize;
-    
-  paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-  
-  paramTextSize = BSG_PackList(paramText, 1,
-                              BSG_TPM_COMMAND_CODE, &command);
-  
-  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
-                             ownerAuth, auth) );
-  
-  // Call TCS
-  TPMTRYRETURN( TCSP_DisablePubekRead ( hContext, // in
-                                        auth) );
-  
-  // Verify Auth
-  paramTextSize = BSG_PackList(paramText, 2,
-                              BSG_TPM_RESULT, &status,
-                              BSG_TPM_COMMAND_CODE, &command);
-  
-  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
-                           ownerAuth, auth, 
-                           hContext) );
-  goto egress;
-  
- abort_egress:
- egress:
-  free(paramText);
-  return status;
-}
-
-TPM_RESULT VTSP_CreateWrapKey(  const TCS_CONTEXT_HANDLE hContext,
-                                const TPM_KEY_USAGE      usage,
-                                const TPM_AUTHDATA       *newKeyAuth,
-                                const TCS_KEY_HANDLE     parentHandle, 
-                                const TPM_AUTHDATA       *osapSharedSecret,
-                                buffer_t                 *pubKeyBuf,
-                                TCS_AUTH                 *auth) {
-  
-  int i;
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE command = TPM_ORD_CreateWrapKey;
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "Creating new key of type %d.\n", usage);
-  
-  // vars for Calculate encUsageAuth
-  BYTE *paramText;      
-  UINT32 paramTextSize;
-  
-  // vars for Calculate encUsageAuth
-  BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)];
-  TPM_DIGEST XORKey1;
-  UINT32 XORbufferSize;
-  TPM_SECRET encUsageAuth, encMigrationAuth;
-  
-  // vars for Flatten newKey prototype
-  BYTE *flatKey = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);
-  UINT32 flatKeySize = TCPA_MAX_BUFFER_LENGTH;                                 
   
-  struct pack_buf_t newKeyText;
-  
-  // Fill in newKey
-  TPM_KEY newKey;
-  
-  BYTE RSAkeyInfo[12] = { 0x00, 0x00, (RSA_KEY_SIZE >> 8), 0x00,   0x00, 0x00, 
0x00, 0x02,   0x00, 0x00, 0x00, 0x00};
-  newKey.algorithmParms.algorithmID = TPM_ALG_RSA;
-  newKey.algorithmParms.parms = (BYTE *) &RSAkeyInfo;
-  newKey.algorithmParms.parmSize = 12;
-  
-  switch (usage) {
-  case TPM_KEY_SIGNING:
-    vtpmloginfo(VTPM_LOG_VTSP, "Creating Signing Key...\n");
-    newKey.keyUsage = TPM_KEY_SIGNING;
-    newKey.algorithmParms.encScheme = TPM_ES_NONE;
-    newKey.algorithmParms.sigScheme = TPM_SS_RSASSAPKCS1v15_SHA1;
-    break;
-  case TPM_KEY_STORAGE:
-    vtpmloginfo(VTPM_LOG_VTSP, "Creating Storage Key...\n");
-    newKey.keyUsage = TPM_KEY_STORAGE;
-    newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
-    newKey.algorithmParms.sigScheme = TPM_SS_NONE;
-    break;
-  case TPM_KEY_BIND:
-    vtpmloginfo(VTPM_LOG_VTSP, "Creating Binding Key...\n");
-    newKey.keyUsage = TPM_KEY_BIND;
-    newKey.algorithmParms.encScheme = TPM_ES_RSAESOAEP_SHA1_MGF1;
-    newKey.algorithmParms.sigScheme = TPM_SS_NONE;
-    break;
-  default:
-    vtpmloginfo(VTPM_LOG_VTSP, "Cannot create key. Invalid Key Type.\n");
-    status = TPM_BAD_PARAMETER;
-    goto abort_egress;
-  }
-  
-  
-  newKey.ver = TPM_STRUCT_VER_1_1;
-  
-  newKey.keyFlags = 0;
-  newKey.authDataUsage = TPM_AUTH_ALWAYS;
-  newKey.pubKey.keyLength= 0;
-  newKey.encDataSize = 0;
-  newKey.encData = NULL;
-  
-  // FIXME: Support PCR bindings
-  newKey.PCRInfoSize = 0;
-  newKey.PCRInfo = NULL;
-  
-  // Calculate encUsageAuth                                    
-  XORbufferSize = BSG_PackList(  XORbuffer, 2, 
-                                BSG_TPM_SECRET, osapSharedSecret,
-                                BSG_TPM_NONCE, &auth->NonceEven);
-  Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey1);
-  
-  // FIXME: No support for migratable keys.
-  for (i=0; i < TPM_DIGEST_SIZE; i++) 
-    ((BYTE *) &encUsageAuth)[i] = ((BYTE *) &XORKey1)[i] ^ ((BYTE *) 
newKeyAuth)[i];
-  
-  // Flatten newKey prototype
-  flatKeySize = BSG_Pack(BSG_TPM_KEY, (BYTE *) &newKey, flatKey);
-  newKeyText.data = flatKey;
-  newKeyText.size = flatKeySize;
-  
-  // Generate HMAC
-  paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-  
-  paramTextSize = BSG_PackList(paramText, 3,
-                              BSG_TPM_COMMAND_CODE, &command,
-                              BSG_TPM_AUTHDATA, &encUsageAuth,
-                              BSG_TPM_AUTHDATA, &encMigrationAuth);
-  memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size);
-  paramTextSize += newKeyText.size;
-  
-  
-  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
-                             osapSharedSecret, auth) );
-  
-  // Call TCS
-  TPMTRYRETURN( TCSP_CreateWrapKey(  hContext, 
-                                    parentHandle,
-                                    encUsageAuth,
-                                    encMigrationAuth,
-                                    &newKeyText.size,
-                                    &newKeyText.data,
-                                    auth) );
-  
-  // Verify Auth
-  paramTextSize = BSG_PackList(paramText, 2,
-                              BSG_TPM_RESULT, &status,
-                              BSG_TPM_COMMAND_CODE, &command);
-  memcpy(paramText + paramTextSize, newKeyText.data, newKeyText.size);
-  paramTextSize += newKeyText.size;
-  
-  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
-                           osapSharedSecret, auth, 0) );
-  
-  // Unpack/return key structure
-  TPMTRYRETURN(buffer_init(pubKeyBuf, 0, 0) );
-  TPMTRYRETURN(buffer_append_raw(pubKeyBuf, newKeyText.size, newKeyText.data) 
);
-  
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  free(flatKey);
-  free(paramText);
-  TCS_FreeMemory(hContext, newKeyText.data);
-  
-  return status;
-}
-
-TPM_RESULT VTSP_LoadKey(const TCS_CONTEXT_HANDLE    hContext,
-                        const TCS_KEY_HANDLE        hUnwrappingKey,
-                        const buffer_t              *rgbWrappedKeyBlob,
-                        const TPM_AUTHDATA          *parentAuth,
-                        TPM_HANDLE                  *newKeyHandle,
-                        TCS_AUTH                    *auth,
-                        CRYPTO_INFO                 *cryptoinfo,
-                        const BOOL                  skipTPMLoad) { 
-  
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into TPM" : 
"only into memory"));
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE command = TPM_ORD_LoadKey;
-
-  BYTE *paramText=NULL;        // Digest to make Auth.
-  UINT32 paramTextSize;
-
-  // SkipTPMLoad stops key from being loaded into TPM, but still generates 
CRYPTO_INFO for it
-  if (! skipTPMLoad) { 
-  
-    if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || 
-        (newKeyHandle==NULL) || (auth==NULL)) {
-      status = TPM_BAD_PARAMETER;
-      goto abort_egress;
-    }
-  
-    // Generate Extra TCS Parameters
-    TPM_HANDLE phKeyHMAC;
-  
-    paramText = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);
-  
-    paramTextSize = BSG_PackList(paramText, 1,
-                                BSG_TPM_COMMAND_CODE, &command);
-  
-    memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, 
buffer_len(rgbWrappedKeyBlob));
-    paramTextSize += buffer_len(rgbWrappedKeyBlob);
-  
-    TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
-                             parentAuth, auth) );
-  
-    // Call TCS
-    TPMTRYRETURN( TCSP_LoadKeyByBlob(  hContext,
-                                      hUnwrappingKey,
-                                      buffer_len(rgbWrappedKeyBlob),
-                                      rgbWrappedKeyBlob->bytes,
-                                      auth,
-                                      newKeyHandle,
-                                      &phKeyHMAC) );
-  
-    // Verify Auth
-    paramTextSize = BSG_PackList(paramText, 3,
-                                BSG_TPM_RESULT, &status,
-                                BSG_TPM_COMMAND_CODE, &command,
-                                BSG_TPM_HANDLE, newKeyHandle);
-  
-    TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
-                             parentAuth, auth, 
-                             hContext) );
-  } 
-  
-  // Build cryptoinfo structure for software crypto function. 
-  if (cryptoinfo != NULL) {
-    TPM_KEY newKey;
-    
-    // Unpack/return key structure
-    BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey);
-    TPM_RSA_KEY_PARMS rsaKeyParms;
-    
-    BSG_Unpack(BSG_TPM_RSA_KEY_PARMS, 
-              newKey.algorithmParms.parms, 
-              &rsaKeyParms);
-    
-    Crypto_RSABuildCryptoInfoPublic(rsaKeyParms.exponentSize, 
-                                   rsaKeyParms.exponent, 
-                                   newKey.pubKey.keyLength, 
-                                   newKey.pubKey.key, 
-                                   cryptoinfo);
-    
-    // Destroy rsaKeyParms
-    BSG_Destroy(BSG_TPM_RSA_KEY_PARMS, &rsaKeyParms);
-    
-    // Set encryption scheme
-    cryptoinfo->encScheme = CRYPTO_ES_RSAESOAEP_SHA1_MGF1;
-  }
-  
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  free(paramText);
-  return status;
-}
-
-TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE    hContext,
-                        const TPM_KEY_HANDLE        key_handle,
-                        const buffer_t              *bound_data,
-                        const TPM_AUTHDATA          *usage_auth,
-                        buffer_t                    *clear_data,
-                        TCS_AUTH                    *auth) {
-  
-  vtpmloginfo(VTPM_LOG_VTSP, "Unbinding %d bytes of data.\n", 
buffer_len(bound_data));
-  
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE command = TPM_ORD_UnBind;
-  
-  BYTE *paramText;        // Digest to make Auth.
-  UINT32 paramTextSize;
-  
-  // Generate Extra TCS Parameters
-  struct pack_buf_t clear_data32;
-  BYTE *clear_data_text;
-  UINT32 clear_data_size;
-  
-  struct pack_buf_t bound_data32 = {bound_data->size, bound_data->bytes};
-  
-  paramText = (BYTE *) malloc(sizeof(BYTE) * TCPA_MAX_BUFFER_LENGTH);
-  
-  paramTextSize = BSG_PackList(paramText, 2,
-                              BSG_TPM_COMMAND_CODE, &command,
-                              BSG_TPM_SIZE32_DATA, &bound_data32);
-  
-  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
-                             usage_auth, auth) );
-  
-  // Call TCS
-  TPMTRYRETURN( TCSP_UnBind( hContext,
-                            key_handle,
-                            buffer_len(bound_data),
-                            bound_data->bytes,
-                            auth,
-                            &clear_data_size,
-                            &clear_data_text) );
-  
-  
-  // Verify Auth
-  clear_data32.size = clear_data_size;
-  clear_data32.data = clear_data_text;
-  paramTextSize = BSG_PackList(paramText, 3,
-                              BSG_TPM_RESULT, &status,
-                              BSG_TPM_COMMAND_CODE, &command,
-                              BSG_TPM_SIZE32_DATA, &clear_data32);
-  
-  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
-                           usage_auth, auth, 
-                           hContext) );
-  
-  // Unpack/return key structure
-  TPMTRYRETURN(buffer_init(clear_data, 0, 0));
-  TPMTRYRETURN(buffer_append_raw (clear_data, clear_data_size, 
clear_data_text) );
-  
-  goto egress;
-  
- abort_egress:
-  
- egress:
-  
-  free(paramText);
-  TCS_FreeMemory(hContext, clear_data_text);
-  
-  return status;
-}
-
-TPM_RESULT VTSP_Bind(   CRYPTO_INFO *cryptoInfo, 
-                       const buffer_t *inData, 
-                       buffer_t *outData)               
-{
-  vtpmloginfo(VTPM_LOG_VTSP, "Binding %d bytes of data.\n", 
buffer_len(inData));
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_BOUND_DATA boundData;
-  UINT32 i;
-  
-  // Fill boundData's accessory information
-  boundData.ver = TPM_STRUCT_VER_1_1;
-  boundData.payload = TPM_PT_BIND;
-  boundData.payloadData = inData->bytes;
-  
-  // Pack boundData before encryption
-  BYTE* flatBoundData = (BYTE *)malloc(sizeof(BYTE) * 
-                                      (sizeof(TPM_VERSION) +
-                                       sizeof(TPM_PAYLOAD_TYPE) +
-                                       buffer_len(inData)));
-  if (flatBoundData == NULL) {
-    return TPM_NOSPACE;
-  }
-  UINT32 flatBoundDataSize = 0;
-  flatBoundDataSize = BSG_PackList(  flatBoundData, 2, 
-                                    BSG_TPM_VERSION, &boundData.ver, 
-                                    BSG_TYPE_BYTE, &boundData.payload);
-  
-  memcpy(flatBoundData+flatBoundDataSize, inData->bytes, buffer_len(inData));
-  flatBoundDataSize += buffer_len(inData);
-  
-  BYTE out_tmp[RSA_KEY_SIZE/8]; // RSAEnc does not do blocking, So this is 
what will come out.
-  UINT32 out_tmp_size;
-  
-  // Encrypt flatBoundData
-  TPMTRY(TPM_ENCRYPT_ERROR, Crypto_RSAEnc( cryptoInfo, 
-                                           flatBoundDataSize, 
-                                           flatBoundData, 
-                                           &out_tmp_size, 
-                                           out_tmp) );
-  
-  if (out_tmp_size > RSA_KEY_SIZE/8) {
-    // The result of RSAEnc should be a fixed size based on key size.
-    vtpmlogerror(VTPM_LOG_VTSP, "Enc buffer just overflowed.\n");
-  }
-  
-  buffer_init(outData, 0, NULL);
-  buffer_append_raw(outData, out_tmp_size, out_tmp);
-  
-  vtpmloginfo(VTPM_LOG_TXDATA, "Bind Generated[%d] = 0x", out_tmp_size);
-  for(i = 0 ; i < out_tmp_size ; i++) {
-    vtpmloginfomore(VTPM_LOG_TXDATA, "%2.2x ", out_tmp[i]);
-  }
-  vtpmloginfomore(VTPM_LOG_TXDATA, "\n");
-
-  goto egress;
-  abort_egress: 
-  egress:
- 
-  // Free flatBoundData
-  free(flatBoundData);
-  
-  return TPM_SUCCESS;
-}
-
-TPM_RESULT VTSP_Seal(const TCS_CONTEXT_HANDLE    hContext,
-                     const TPM_KEY_HANDLE        keyHandle,
-                     const TPM_AUTHDATA          *sealDataAuth,
-                     const TPM_PCR_COMPOSITE     *pcrComp,
-                     const buffer_t              *inData,
-                     TPM_STORED_DATA             *sealedData,                  
                 
-                     const TPM_SECRET            *osapSharedSecret,
-                     TCS_AUTH                    *auth) {
-
-  TPM_RESULT status = TPM_SUCCESS;
-  TPM_COMMAND_CODE command = TPM_ORD_Seal;
-
-  BYTE *paramText;        // Digest to make Auth.
-  UINT32 paramTextSize;
-
-  // Generate PCR_Info Struct from Comp
-  TPM_PCR_INFO pcrInfo;
-  UINT32 pcrInfoSize, flatpcrSize;
-  BYTE flatpcr[3 +                          // PCR_Select = 3 1 byte banks
-               sizeof(UINT16) +             //              2 byte UINT16
-               sizeof(UINT32) +             // PCR_Comp   = 4 byte UINT32
-               24 * sizeof(TPM_PCRVALUE) ]; //              up to 24 PCRs
-
-  if (pcrComp != NULL) {
-      //printf("\n\tBinding to PCRs: ");
-      //for(int i = 0 ; i < pcrComp->select.sizeOfSelect ; i++)
-      //printf("%2.2x", pcrComp->select.pcrSelect[i]);
-
-      memcpy(&pcrInfo.pcrSelection, &pcrComp->select, 
sizeof(TPM_PCR_SELECTION));
-
-      flatpcrSize = BSG_Pack(BSG_TPM_PCR_COMPOSITE, (BYTE *) pcrComp, flatpcr);
-      Crypto_SHA1Full((BYTE *) flatpcr, flatpcrSize, (BYTE *) 
&(pcrInfo.digestAtRelease));
-      memset(&(pcrInfo.digestAtCreation), 0, sizeof(TPM_DIGEST));
-      pcrInfoSize = BSG_Pack(BSG_TPM_PCR_INFO, (BYTE *) &pcrInfo, flatpcr);
-  } else {
-      //printf("\n\tBinding to no PCRS.");
-      pcrInfoSize = 0;
-  }
-
-  // Calculate encUsageAuth
-  BYTE XORbuffer[sizeof(TPM_SECRET) + sizeof(TPM_NONCE)];
-  UINT32 XORbufferSize = sizeof(XORbuffer);
-  TPM_DIGEST XORKey;
-  TPM_ENCAUTH encAuth;
-
-  BSG_PackList( XORbuffer, 2,
-                BSG_TPM_SECRET, osapSharedSecret,
-                BSG_TPM_NONCE, &auth->NonceEven );
-
-  Crypto_SHA1Full(XORbuffer, XORbufferSize, (BYTE *) &XORKey);
-

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.