Bypass taking ownership of the TPM2 if an srk_handle is specified.
This srk_handle must be usable with Null auth for the time being.
Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
---
docs/man/xen-vtpmmgr.7.pod | 7 +++++++
stubdom/vtpmmgr/init.c | 11 ++++++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod
index 875dcce508..3286954568 100644
--- a/docs/man/xen-vtpmmgr.7.pod
+++ b/docs/man/xen-vtpmmgr.7.pod
@@ -92,6 +92,13 @@ Valid arguments:
=over 4
+=item srk_handle=<HANDLE>
+
+Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and
+this allow specifying the parent handle for vtpmmgr to create its own
+key under. Using this option bypasses vtpmmgr trying to take ownership
+of the TPM.
+
=item owner_auth=<AUTHSPEC>
=item srk_auth=<AUTHSPEC>
diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index 1506735051..c01d03e9f4 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts)
goto err_invalid;
}
}
+ else if(!strncmp(argv[i], "srk_handle:", 11)) {
+ if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) {
+ goto err_invalid;
+ }
+ }
else if(!strncmp(argv[i], "tpmdriver=", 10)) {
if(!strcmp(argv[i] + 10, "tpm_tis")) {
opts->tpmdriver = TPMDRV_TPM_TIS;
@@ -586,7 +591,11 @@ TPM_RESULT vtpmmgr2_create(void)
{
TPM_RESULT status = TPM_SUCCESS;
- TPMTRYRETURN(tpm2_take_ownership());
+ if ( vtpm_globals.srk_handle == 0 ) {
+ TPMTRYRETURN(tpm2_take_ownership());
+ } else {
+ tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area);
+ }
/* create SK */
TPM2_Create_Params_out out;
--
2.30.2
Jason Andryuk, le mar. 04 mai 2021 08:48:37 -0400, a ecrit:
> Bypass taking ownership of the TPM2 if an srk_handle is specified.
>
> This srk_handle must be usable with Null auth for the time being.
>
> Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
> ---
> docs/man/xen-vtpmmgr.7.pod | 7 +++++++
> stubdom/vtpmmgr/init.c | 11 ++++++++++-
> 2 files changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod
> index 875dcce508..3286954568 100644
> --- a/docs/man/xen-vtpmmgr.7.pod
> +++ b/docs/man/xen-vtpmmgr.7.pod
> @@ -92,6 +92,13 @@ Valid arguments:
>
> =over 4
>
> +=item srk_handle=<HANDLE>
Is this actually srk_handle= or srk_handle: ?
The code tests for the latter. The problem seems to "exist" also for
owner_auth: and srk_auth: but both = and : work actually because strncmp
is told not to check for = and :
We'd better clean this up to avoid confusions.
Samuel
> +
> +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and
> +this allow specifying the parent handle for vtpmmgr to create its own
> +key under. Using this option bypasses vtpmmgr trying to take ownership
> +of the TPM.
> +
> =item owner_auth=<AUTHSPEC>
>
> =item srk_auth=<AUTHSPEC>
> diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
> index 1506735051..c01d03e9f4 100644
> --- a/stubdom/vtpmmgr/init.c
> +++ b/stubdom/vtpmmgr/init.c
> @@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts)
> goto err_invalid;
> }
> }
> + else if(!strncmp(argv[i], "srk_handle:", 11)) {
> + if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) {
> + goto err_invalid;
> + }
> + }
> else if(!strncmp(argv[i], "tpmdriver=", 10)) {
> if(!strcmp(argv[i] + 10, "tpm_tis")) {
> opts->tpmdriver = TPMDRV_TPM_TIS;
> @@ -586,7 +591,11 @@ TPM_RESULT vtpmmgr2_create(void)
> {
> TPM_RESULT status = TPM_SUCCESS;
>
> - TPMTRYRETURN(tpm2_take_ownership());
> + if ( vtpm_globals.srk_handle == 0 ) {
> + TPMTRYRETURN(tpm2_take_ownership());
> + } else {
> + tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area);
> + }
>
> /* create SK */
> TPM2_Create_Params_out out;
> --
> 2.30.2
>
On Tue, May 4, 2021 at 9:13 AM Samuel Thibault <samuel.thibault@ens-lyon.org> wrote: > > Jason Andryuk, le mar. 04 mai 2021 08:48:37 -0400, a ecrit: > > Bypass taking ownership of the TPM2 if an srk_handle is specified. > > > > This srk_handle must be usable with Null auth for the time being. > > > > Signed-off-by: Jason Andryuk <jandryuk@gmail.com> > > --- > > docs/man/xen-vtpmmgr.7.pod | 7 +++++++ > > stubdom/vtpmmgr/init.c | 11 ++++++++++- > > 2 files changed, 17 insertions(+), 1 deletion(-) > > > > diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod > > index 875dcce508..3286954568 100644 > > --- a/docs/man/xen-vtpmmgr.7.pod > > +++ b/docs/man/xen-vtpmmgr.7.pod > > @@ -92,6 +92,13 @@ Valid arguments: > > > > =over 4 > > > > +=item srk_handle=<HANDLE> > > Is this actually srk_handle= or srk_handle: ? Whoops. It's srk_handle: . I just copy and pasted here. > The code tests for the latter. The problem seems to "exist" also for > owner_auth: and srk_auth: but both = and : work actually because strncmp > is told not to check for = and : owner_auth & srk_auth don't check :, but then they don't skip : or = when passing the string to parse_auth_string. So they can't work properly? srk_handle: does check for that entire string. > We'd better clean this up to avoid confusions. Right, so what do we want? I'm leaning toward standardizing on = since the tpm.*= options look to parse properly. Given : doesn't seem like it could work, we don't need to attempt to maintain backwards compatibility. Thanks for the review. -Jason
Jason Andryuk, le mar. 04 mai 2021 13:04:47 -0400, a ecrit: > owner_auth & srk_auth don't check :, but then they don't skip : or = > when passing the string to parse_auth_string. So they can't work > properly? They happen to "work" just because there is no other parameter prefixed the same. > > We'd better clean this up to avoid confusions. > > Right, so what do we want? I'm leaning toward standardizing on = > since the tpm.*= options look to parse properly. I'd say so too. Also because that's what is apparently documented. Samuel
On Tue, May 4, 2021 at 1:07 PM Samuel Thibault <samuel.thibault@ens-lyon.org> wrote: > > Jason Andryuk, le mar. 04 mai 2021 13:04:47 -0400, a ecrit: > > owner_auth & srk_auth don't check :, but then they don't skip : or = > > when passing the string to parse_auth_string. So they can't work > > properly? > > They happen to "work" just because there is no other parameter prefixed > the same. parse_auth_string fails on the ":". Just tested "owner_auth:well-known" ERROR[VTPM]: Invalid auth string :well-known ERROR[VTPM]: Invalid Option owner_auth:well-known ERROR[VTPM]: Command line parsing failed! exiting.. > > > We'd better clean this up to avoid confusions. > > > > Right, so what do we want? I'm leaning toward standardizing on = > > since the tpm.*= options look to parse properly. > > I'd say so too. Also because that's what is apparently documented. Ok, thanks. Regards, Jason
Jason Andryuk, le mar. 04 mai 2021 13:27:36 -0400, a ecrit: > On Tue, May 4, 2021 at 1:07 PM Samuel Thibault > <samuel.thibault@ens-lyon.org> wrote: > > > > Jason Andryuk, le mar. 04 mai 2021 13:04:47 -0400, a ecrit: > > > owner_auth & srk_auth don't check :, but then they don't skip : or = > > > when passing the string to parse_auth_string. So they can't work > > > properly? > > > > They happen to "work" just because there is no other parameter prefixed > > the same. > > parse_auth_string fails on the ":". > > Just tested "owner_auth:well-known" owner_auth happens to have the proper size, but srk_auth doesn't. Samuel
© 2016 - 2026 Red Hat, Inc.