[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] vtpmmgr: Allow specifying srk_handle for TPM2
commit 3f1b5080d64d2b66a686133e9f24998a3609d1a3 Author: Jason Andryuk <jandryuk@xxxxxxxxx> AuthorDate: Thu May 6 09:59:14 2021 -0400 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Mon May 10 14:48:13 2021 +0100 vtpmmgr: Allow specifying srk_handle for TPM2 Bypass taking ownership of the TPM2 if an srk_handle is specified. This srk_handle must be usable with Null auth for the time being. Signed-off-by: Jason Andryuk <jandryuk@xxxxxxxxx> Reviewed-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx> Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> --- docs/man/xen-vtpmmgr.7.pod | 7 +++++++ stubdom/vtpmmgr/init.c | 11 ++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod index 875dcce508..3286954568 100644 --- a/docs/man/xen-vtpmmgr.7.pod +++ b/docs/man/xen-vtpmmgr.7.pod @@ -92,6 +92,13 @@ Valid arguments: =over 4 +=item srk_handle=<HANDLE> + +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and +this allow specifying the parent handle for vtpmmgr to create its own +key under. Using this option bypasses vtpmmgr trying to take ownership +of the TPM. + =item owner_auth=<AUTHSPEC> =item srk_auth=<AUTHSPEC> diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 2d314d98e8..decf8e8b4d 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts) goto err_invalid; } } + else if(!strncmp(argv[i], "srk_handle=", 11)) { + if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) { + goto err_invalid; + } + } else if(!strncmp(argv[i], "tpmdriver=", 10)) { if(!strcmp(argv[i] + 10, "tpm_tis")) { opts->tpmdriver = TPMDRV_TPM_TIS; @@ -572,7 +577,11 @@ TPM_RESULT vtpmmgr2_create(void) { TPM_RESULT status = TPM_SUCCESS; - TPMTRYRETURN(tpm2_take_ownership()); + if ( vtpm_globals.srk_handle == 0 ) { + TPMTRYRETURN(tpm2_take_ownership()); + } else { + tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area); + } /* create SK */ TPM2_Create_Params_out out; -- generated by git-patchbot for /home/xen/git/xen.git#staging
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |