├── .gitignore ├── AUTHORS ├── BUILD ├── ChangeLog ├── Makefile.am ├── NEWS ├── README ├── README.md ├── TODO ├── configure.in ├── debian ├── README.Debian ├── README.source ├── changelog ├── compat ├── control ├── copyright ├── manpage.1.ex ├── manpage.sgml.ex ├── manpage.xml.ex ├── menu.ex ├── postinst ├── postinst.ex ├── postrm.ex ├── preinst.ex ├── prerm.ex ├── rules ├── source │ └── format ├── tpm-luks-docs.docs ├── tpm-luks.cron.d.ex ├── tpm-luks.default.ex ├── tpm-luks.doc-base.EX ├── tpm-luks.install └── watch.ex ├── pcrsum ├── Makefile.am ├── include │ ├── Bluetooth.h │ ├── PcAnsi.h │ ├── PeImage.h │ ├── Tpm12.h │ ├── UefiGpt.h │ ├── UefiTcgPlatform.h │ └── efistruct.h ├── pcrdecode.c └── pcrsum.c ├── swtpm-utils ├── Makefile.am ├── getcapability.c ├── include │ ├── hmac.h │ ├── newserialize.h │ ├── oiaposap.h │ ├── pcrs.h │ ├── tpm.h │ ├── tpm_constants.h │ ├── tpm_error.h │ ├── tpm_lowlevel.h │ ├── tpm_structures.h │ ├── tpm_types.h │ ├── tpmfunc.h │ ├── tpmkeys.h │ └── tpmutil.h ├── lib │ ├── Makefile.am │ ├── auditing.c │ ├── bind.c │ ├── chgauth.c │ ├── context.c │ ├── counter.c │ ├── daa.c │ ├── debug.c │ ├── delegation.c │ ├── dir.c │ ├── eviction.c │ ├── hmac.c │ ├── hmac.h │ ├── identity.c │ ├── keys.c │ ├── keyswap.c │ ├── maintenance.c │ ├── management.c │ ├── migrate.c │ ├── miscfunc.c │ ├── newserialize.h │ ├── nv.c │ ├── oiaposap.c │ ├── oiaposap.h │ ├── optin.c │ ├── owner.c │ ├── ownertpmdiag.c │ ├── pcrs.c │ ├── pcrs.h │ ├── raw.c │ ├── rng.c │ ├── seal.c │ ├── serialize.c │ ├── session.c │ ├── sha.c │ ├── signature.c │ ├── startup.c │ ├── testing.c │ ├── ticks.c │ ├── tpm.h │ ├── tpm_constants.h │ ├── tpm_error.h │ ├── tpm_lowlevel.h │ ├── tpm_structures.h │ ├── tpm_types.h │ ├── tpmfunc.h │ ├── tpmkeys.h │ ├── tpmutil.c │ ├── tpmutil.h │ ├── tpmutil_sock.c │ ├── tpmutil_tty.c │ ├── tpmutil_unixio.c │ └── transport.c ├── nv_readvalue.c └── pcr-extend.c └── tpm-luks-scripts ├── etc ├── initramfs-tools │ ├── hooks │ │ └── luks-tpm │ └── scripts │ │ └── local-top │ │ └── cryptpm ├── initramfs │ └── post-update.d │ │ └── tpm-luks-update └── tpm-luks.conf └── usr └── sbin ├── tpm-luks ├── tpm-luks-chain-hashes ├── tpm-luks-findbiosbootcode ├── tpm-luks-findbiosbootdata ├── tpm-luks-findbiosgrubstage15 ├── tpm-luks-findbiosgrubstage2 ├── tpm-luks-findefibootgpt ├── tpm-luks-findefibootmgr ├── tpm-luks-findefishimhash ├── tpm-luks-gen-tgrub-pcr-values ├── tpm-luks-init └── tpm-luks-update /.gitignore: -------------------------------------------------------------------------------- 1 | aclocal.m4 2 | autom4te.cache 3 | compile 4 | config.guess 5 | config.log 6 | config.status 7 | config.sub 8 | configure 9 | depcomp 10 | .deps 11 | install-sh 12 | .libs 13 | libtool 14 | *.lo 15 | ltmain.sh 16 | m4/ 17 | Makefile 18 | Makefile.in 19 | missing 20 | *.o 21 | swtpm-utils/.auditing-0 22 | swtpm-utils/getcapability 23 | swtpm-utils/lib/libtpm.la 24 | swtpm-utils/nv_readvalue 25 | swtpm-utils/pcr-extend 26 | pcrsum/pcrdecode 27 | pcrsum/pcrsum 28 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | tpm-luks: 2 | Kent Yoder 3 | 4 | Modified and extened for UEFI and Ubuntu support by: 5 | Radek Zajic 6 | 7 | The swtpm-utils code was written by: 8 | Ken Goldman and Stefan Berger 9 | -------------------------------------------------------------------------------- /BUILD: -------------------------------------------------------------------------------- 1 | 2 | = build pre-reqs = 3 | 4 | Packages: automake, autoconf, libtool, gcc, libssl-dev, gnu-efi, libmd-dev, make, build-essential 5 | 6 | = build steps = 7 | 8 | $ autoreconf -ivf 9 | $ ./configure 10 | $ make 11 | # make install 12 | 13 | = runtime pre-reqs = 14 | 15 | For using tpm-luks with a LUKS key on your rootfs volume: initramfs-tools grub2* 16 | 17 | All uses: coreutils tpm-tools-1.3.8 trousers-0.3.9 binutils mawk efibootmgr grep util-linux sed bash cryptsetup-bin grub-common 18 | 19 | tpm-luks requires very recent tpm-tools and trousers versions, likely not 20 | included in your distro. To get these versions, you'll need to install them 21 | from their upstream repositories: 22 | 23 | $ git clone git://trousers.git.sourceforge.net/gitroot/trousers/trousers trousers.git 24 | $ git clone git://trousers.git.sourceforge.net/gitroot/trousers/tpm-tools tpm-tools.git 25 | $ cd trousers.git 26 | $ sh bootstrap.sh 27 | $ ./configure 28 | $ make 29 | # make install 30 | $ cd ../tpm-tools.git 31 | $ sh bootstrap.sh 32 | $ ./configure 33 | $ make 34 | # make install 35 | 36 | EOF 37 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zajdee/tpm-luks/210d1a201e6335829f4330bde54883bf25111376/ChangeLog -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = pcrsum swtpm-utils . 2 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zajdee/tpm-luks/210d1a201e6335829f4330bde54883bf25111376/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | 2 | Storing your LUKS key in TPM NVRAM 3 | 4 | First read BUILD, to make sure you have all the runtime pre-reqs installed, 5 | including the upstream trousers and tpm-tools packages. 6 | 7 | A. Required steps 8 | B. If the LUKS volume is not your rootfs 9 | C. If the LUKS volume is your rootfs 10 | I. RHEL6 11 | II. Fedora 17 12 | D. Sealing your NVRAM area to PCR state 13 | E. Backup 14 | 15 | === A. Required steps === 16 | 17 | 1. You can check that your TPM is available by looking for /dev/tpm0, which 18 | will exist if a kernel driver is loaded. If not you'll need to load the 19 | tpm_tis module (or other TPM 1.2 module depending on your platform). On 20 | RHEL 6, the tpm driver is built into the kernel -- on Fedora 17, you'll 21 | need to install the kernel-modules-extra package to get tpm_tis. 22 | 23 | 2. Install tpm-luks, tpm-tools >= 1.3.8, trousers >= 0.3.9. Available at 24 | sf.net/projects/trousers. Start the tcsd: 25 | # tcsd 26 | trousers 0.3.9 is included with Fedora 17. 27 | 28 | You can test if trousers and tpm-tools are working ok by running tpm_nvinfo. 29 | If it errors out with missing library errors after a build, follow these 30 | steps: 31 | 32 | After the trousers build: 33 | $ echo "/usr/local/lib" >> /etc/ld.so.conf 34 | # ldconfig 35 | or during the build: 36 | $ ./configure --prefix=/usr 37 | 38 | 3. Take ownership of your TPM if you haven't before: 39 | $ tpm_takeownership 40 | 41 | 4. Mount securityfs: 42 | # mount -t securityfs securityfs /sys/kernel/security 43 | 44 | and add to /etc/fstab to remount it automatically: 45 | securityfs /sys/kernel/security securityfs defaults 0 0 46 | 47 | 48 | == B. If the LUKS volume is not your rootfs == 49 | 50 | 1. Determine your LUKS encrypted partions: 51 | $ blkid -t TYPE=crypto_LUKS 52 | /dev/sda2: UUID="4cb97e1f-b921-4f1a-bd86-032831b277af" TYPE="crypto_LUKS" 53 | 54 | 2. Add a new LUKS key to a key slot and the TPM: 55 | # tpm-luks -c -d /dev/sda2 56 | Enter a new TPM NV area password: 57 | Re-enter the new TPM NV area password: 58 | Enter your TPM owner password: 59 | Successfully wrote 33 bytes at offset 0 to NVRAM index 0x2 (2). 60 | You will now be prompted to enter any valid LUKS passphrase in order to store 61 | the new TPM NVRAM secret in LUKS key slot 1: 62 | 63 | Enter any passphrase: 64 | Using NV index 2 for device /dev/sda2 65 | 66 | tpm-luks creates a 32-byte binary key and writes it TPM NVRAM. An extra byte 67 | is prepended as a version check. 68 | 69 | C. If the LUKS volume is your rootfs 70 | 71 | These setup steps for RHEL and Fedora are required to include your current kernel 72 | and initramfs in the trust chain (if configured in D.) and to insert the code into 73 | your initramfs to read the LUKS secret from the TPM. 74 | 75 | I. RHEL 6 (may work elsewhere but so far only tested on RHEL 6) 76 | 77 | Run tpm-luks-init, or do these steps manually: 78 | 79 | 1. Determine your LUKS encrypted partions: 80 | $ blkid -t TYPE=crypto_LUKS 81 | /dev/sda2: UUID="4cb97e1f-b921-4f1a-bd86-032831b277af" TYPE="crypto_LUKS" 82 | 83 | 2. Add a new LUKS key to a key slot and the TPM: 84 | # tpm-luks -c -d /dev/sda2 85 | Enter a new TPM NV area password: 86 | Re-enter the new TPM NV area password: 87 | Enter your TPM owner password: 88 | Successfully wrote 33 bytes at offset 0 to NVRAM index 0x2 (2). 89 | You will now be prompted to enter any valid LUKS passphrase in order to store 90 | the new TPM NVRAM secret in LUKS key slot 1: 91 | 92 | Enter any passphrase: 93 | Using NV index 2 for device /dev/sda2 94 | 95 | 3. Add code to query the TPM to the initramfs: 96 | # dracut /boot/initramfs-2.6.32-XXX.el6.x86_64-tpm-luks.img 97 | 98 | 4. Create a new boot entry that uses the new initramfs: 99 | # vi /boot/grub/menu.lst 100 | 101 | (The only change you need to make here is to copy the current boot entry 102 | for the RHEL kernel and change the initramfs path to 103 | /boot/initramfs-2.6.32-XXX.el6.x86_64-tpm-luks.img) 104 | 105 | II. Fedora 17 106 | 107 | Do these steps manually: 108 | 109 | 1. Determine your LUKS encrypted partions: 110 | $ blkid -t TYPE=crypto_LUKS 111 | /dev/sda2: UUID="4cb97e1f-b921-4f1a-bd86-032831b277af" TYPE="crypto_LUKS" 112 | 113 | 2. Add a new LUKS key to a key slot and the TPM: 114 | # tpm-luks -c -d /dev/sda2 115 | Enter a new TPM NV area password: 116 | Re-enter the new TPM NV area password: 117 | Enter your TPM owner password: 118 | Successfully wrote 33 bytes at offset 0 to NVRAM index 0x2 (2). 119 | You will now be prompted to enter any valid LUKS passphrase in order to store 120 | the new TPM NVRAM secret in LUKS key slot 1: 121 | 122 | Enter any passphrase: 123 | Using NV index 2 for device /dev/sda2 124 | 125 | 3. Add code to query the TPM to the initramfs: 126 | # dracut /boot/initramfs-3.4.4-5.fc17.x86_64-tpm-luks.img 127 | 128 | 4. Create a new boot entry that uses the new initramfs: 129 | # vim /boot/grub2/grub.cfg 130 | 131 | (The only change you need to make here is to copy the current boot entry 132 | for Fedora and change the initramfs path to 133 | /boot/initramfs-3.X.X-X.fc17.x86_64-tpm-luks.img) 134 | 135 | From https://fedoraproject.org/wiki/GRUB_2: 136 | "It is safe to directly edit /boot/grub2/grub.cfg in Fedora." 137 | 138 | 8. Reboot 139 | 140 | D. Sealing your NVRAM area to PCR state 141 | 142 | "Sealing" means binding the TPM NVRAM data to the state of your machine. Using 143 | sealing, you can require any arbitrary software to have run and recorded its 144 | state in the TPM before your LUKS secret would be released from the TPM chip. 145 | The usual use case would be to boot using a TPM-aware bootloader which records 146 | the kernel and initramfs you've booted. This would prevent your LUKS secret 147 | from being retrieved from the TPM chip if the machine was booted from any other 148 | media or configuration. 149 | 150 | To get a full chain of trust up through your initramfs, you'll first need to 151 | install TrustedGrUB, available from http://sourceforge.net/projects/trustedgrub/. 152 | A vanilla install of TrustedGrUB doesn't appear to work with Fedora 17 -- if 153 | you get TrustedGrUB working with recent fedora distros, please send a note 154 | to trousers-users@lists.sf.net or shpedoikal@gmail.com. 155 | 156 | Note that trustedgrub is supported 32bit only, so you'll need for example 157 | the glibc-devel.i686 and libgcc.i686 packages to build it on x86_64. 158 | 159 | Once you've installed TrustedGrub successfully, reboot, then continue 160 | with these steps: 161 | 162 | 1. Edit /etc/tpm-luks.conf and set either the 'profile' or 'pcrs' option 163 | to tell tpm-luks to use the PCRs you choose. You'll want to take some time 164 | and make sure you really understand what you're doing here. If you remove 165 | your non-TPM keys from your LUKS header and then your system config 166 | changes, you could lose access to your LUKS partition. Make sure you backup 167 | your LUKS header before removing all the non-TPM keys! 168 | ATM, only the "srtm" profile or PCRs 0-15 are supported. 169 | 170 | 2. Complete the steps in C.I. or C.II. above 171 | 172 | 3. At yum update time: 173 | tpm-luks installs a yum post-transaction hook in 174 | /etc/yum/post-actions/tpm-luks.action. Whenever the kernel package is 175 | updated, the hook runs the tpm-luks-update script, which attempts to 176 | migrate your current TPM NVRAM secret to the new PCR values for the 177 | changed kernel+initramfs. 178 | 179 | E. Backup 180 | 181 | 1. Backup your current LUKS header 182 | $ cryptsetup luksHeaderBackup --header-backup-file 183 | 184 | 2. Remove the LUKS key slot with the non-TPM key, using a secret held 185 | in the TPM: 186 | $ tpm-luks -k -s 187 | 188 | EOF 189 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | 2 | TODO: 3 | 4 | - implement a separate "NV" initramfs for all NV manipulation 5 | o create initramfs with all NV tools included 6 | o lock all new NV areas for write to this initramfs state (or Owner write) 7 | o write the operation to do on next reboot to a /boot/tpm-luks.conf, measure 8 | in tgrub 9 | o lock nvram for write to tpm-luks.conf state 10 | o when NV initramfs comes up, parse tpm-luks.conf, act accordingly, reboot 11 | 12 | - Improve interface between nv-perms creation, grub.conf and tpm_luks 13 | -------------------------------------------------------------------------------- /configure.in: -------------------------------------------------------------------------------- 1 | AC_INIT(tpm-luks, 0.8, shpedoikal@gmail.com) 2 | 3 | AM_INIT_AUTOMAKE([foreign 1.6]) 4 | 5 | AC_PROG_SED 6 | AC_PROG_LIBTOOL 7 | AC_CONFIG_MACRO_DIR([m4]) 8 | 9 | CFLAGS="$CFLAGS -W -Wall -Wno-unused-parameter -Wsign-compare" 10 | AC_PROG_CC 11 | 12 | if `egrep -q "Red Hat Enterprise Linux.*release 6" /etc/*-release`; then 13 | AM_CONDITIONAL([RHEL6], true) 14 | AM_CONDITIONAL([FEDORA17], false) 15 | AC_SUBST(DRACUT_MODULE_NAME, [plymouth]) 16 | AC_SUBST(DRACUT_KERNEL_MODULES, [""]) 17 | elif `egrep -q "CentOS release 6" /etc/*-release`; then 18 | AM_CONDITIONAL([RHEL6], true) 19 | AM_CONDITIONAL([FEDORA17], false) 20 | AC_SUBST(DRACUT_MODULE_NAME, [plymouth]) 21 | AC_SUBST(DRACUT_KERNEL_MODULES, [""]) 22 | else 23 | AM_CONDITIONAL([FEDORA17], true) 24 | AM_CONDITIONAL([RHEL6], false) 25 | AC_SUBST(DRACUT_MODULE_NAME, [crypt]) 26 | AC_SUBST(DRACUT_KERNEL_MODULES, ["tpm_bios tpm tpm_tis"]) 27 | fi 28 | AM_CONDITIONAL(ARCH_AMD64, [test "$(uname -i)" == "x86_64"]) 29 | 30 | AC_CONFIG_FILES([Makefile \ 31 | pcrsum/Makefile \ 32 | swtpm-utils/Makefile \ 33 | swtpm-utils/lib/Makefile 34 | ]) 35 | 36 | AC_OUTPUT 37 | -------------------------------------------------------------------------------- /debian/README.Debian: -------------------------------------------------------------------------------- 1 | tpm-luks for Debian 2 | ------------------ 3 | 4 | Original shpedoikal's tpm-luks [https://github.com/shpedoikal/tpm-luks] modified for Ubuntu 5 | See https://github.com/zajdee/tpm-luks for complete source and comments. 6 | 7 | -- Radek Zajic Thu, 22 Dec 2016 17:45:41 +0100 8 | -------------------------------------------------------------------------------- /debian/README.source: -------------------------------------------------------------------------------- 1 | tpm-luks for Debian 2 | ------------------ 3 | 4 | Original shpedoikal's tpm-luks [https://github.com/shpedoikal/tpm-luks] modified for Ubuntu 5 | See https://github.com/zajdee/tpm-luks for complete source and comments. 6 | 7 | -- Radek Zajic Thu, 22 Dec 2016 17:45:41 +0100 8 | 9 | -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- 1 | tpm-luks (0.02-2zesty) zesty; urgency=medium 2 | 3 | * Updated release with minor bugfixes 4 | 5 | -- Radek Zajic Thu, 05 Oct 2017 00:18:54 +0200 6 | 7 | tpm-luks (0.02-1zesty) zesty; urgency=medium 8 | 9 | * Initial release with support for TPM 1.2. 10 | * Please see https://github.com/zajdee/tpm-luks for details on how to use. 11 | 12 | -- Radek Zajic Thu, 22 Dec 2016 17:45:41 +0100 13 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 7 2 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: tpm-luks 2 | Section: admin 3 | Priority: extra 4 | Maintainer: Radek Zajic 5 | Build-Depends: debhelper (>= 9), 6 | libssl-dev, gnu-efi, libmd-dev 7 | Standards-Version: 3.9.8 8 | Homepage: https://github.com/zajdee/tpm-luks 9 | 10 | Package: tpm-luks 11 | Architecture: any-i386 any-amd64 12 | Depends: ${shlibs:Depends}, ${misc:Depends}, trousers, tpm-tools, binutils, mawk, efibootmgr, grep, coreutils, util-linux, sed, bash, cryptsetup-bin, grub-common, keyutils 13 | Description: Tools to manage your LUKS keys in TPM 14 | When your system is properly measured using measured boot, you can 15 | securely store LUKS keys within the Trusted Platform Module (TPM). 16 | These tools enable you to initialize the LUKS volume and TPM, 17 | bind the stored keys to predefined values of Platform Control 18 | Registers (PCRs) and manage the keys in TPM on update of critical 19 | system files (boot loaders, kernels, initramdisks and kernel cmdline). 20 | 21 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: tpm-luks 3 | Source: https://github.com/zajdee/tpm-luks, https://github.com/shpedoikal/tpm-luks 4 | 5 | Files: debian/*, pcrsum/*, tpm-luks-scripts/*, swtpm-utils/pcr-extend 6 | Copyright: 2016 Radek Zajic 7 | License: GPL-2+ 8 | This package is free software; you can redistribute it and/or modify 9 | it under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 2 of the License, or 11 | (at your option) any later version. 12 | . 13 | This package is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | . 18 | You should have received a copy of the GNU General Public License 19 | along with this program. If not, see 20 | . 21 | On Debian systems, the complete text of the GNU General 22 | Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". 23 | 24 | # Please also look if there are files or directories which have a 25 | # different copyright/license attached and list them here. 26 | # Please avoid picking licenses with terms that are more restrictive than the 27 | # packaged work, as it may make Debian's contributions unacceptable upstream. 28 | Files: pcrsum/include/*.h 29 | License: BSD 30 | This program and the accompanying materials 31 | are licensed and made available under the terms and conditions of the BSD License 32 | which accompanies this distribution. The full text of the license may be found at 33 | http://opensource.org/licenses/bsd-license.php 34 | . 35 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 36 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 37 | 38 | Files: swtpm-utils/* 39 | License: IBM Proprietary License 40 | (c) Copyright IBM Corporation 2006, 2010. 41 | . 42 | All rights reserved. 43 | Redistribution and use in source and binary forms, with or without 44 | modification, are permitted provided that the following conditions are 45 | met: 46 | . 47 | Redistributions of source code must retain the above copyright notice, 48 | this list of conditions and the following disclaimer. 49 | . 50 | Redistributions in binary form must reproduce the above copyright 51 | notice, this list of conditions and the following disclaimer in the 52 | documentation and/or other materials provided with the distribution. 53 | . 54 | Neither the names of the IBM Corporation nor the names of its 55 | contributors may be used to endorse or promote products derived from 56 | this software without specific prior written permission. 57 | . 58 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 59 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 60 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 61 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 62 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 63 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 64 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 65 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 66 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 67 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 68 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 69 | -------------------------------------------------------------------------------- /debian/manpage.1.ex: -------------------------------------------------------------------------------- 1 | .\" Hey, EMACS: -*- nroff -*- 2 | .\" (C) Copyright 2016 Radek Zajic , 3 | .\" 4 | .\" First parameter, NAME, should be all caps 5 | .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection 6 | .\" other parameters are allowed: see man(7), man(1) 7 | .TH Tpm-luks SECTION "December 22 2016" 8 | .\" Please adjust this date whenever revising the manpage. 9 | .\" 10 | .\" Some roff macros, for reference: 11 | .\" .nh disable hyphenation 12 | .\" .hy enable hyphenation 13 | .\" .ad l left justify 14 | .\" .ad b justify to both left and right margins 15 | .\" .nf disable filling 16 | .\" .fi enable filling 17 | .\" .br insert line break 18 | .\" .sp insert n+1 empty lines 19 | .\" for manpage-specific macros, see man(7) 20 | .SH NAME 21 | tpm-luks \- program to do something 22 | .SH SYNOPSIS 23 | .B tpm-luks 24 | .RI [ options ] " files" ... 25 | .br 26 | .B bar 27 | .RI [ options ] " files" ... 28 | .SH DESCRIPTION 29 | This manual page documents briefly the 30 | .B tpm-luks 31 | and 32 | .B bar 33 | commands. 34 | .PP 35 | .\" TeX users may be more comfortable with the \fB\fP and 36 | .\" \fI\fP escape sequences to invode bold face and italics, 37 | .\" respectively. 38 | \fBtpm-luks\fP is a program that... 39 | .SH OPTIONS 40 | These programs follow the usual GNU command line syntax, with long 41 | options starting with two dashes (`-'). 42 | A summary of options is included below. 43 | For a complete description, see the Info files. 44 | .TP 45 | .B \-h, \-\-help 46 | Show summary of options. 47 | .TP 48 | .B \-v, \-\-version 49 | Show version of program. 50 | .SH SEE ALSO 51 | .BR bar (1), 52 | .BR baz (1). 53 | .br 54 | The programs are documented fully by 55 | .IR "The Rise and Fall of a Fooish Bar" , 56 | available via the Info system. 57 | -------------------------------------------------------------------------------- /debian/manpage.sgml.ex: -------------------------------------------------------------------------------- 1 | manpage.1'. You may view 5 | the manual page with: `docbook-to-man manpage.sgml | nroff -man | 6 | less'. A typical entry in a Makefile or Makefile.am is: 7 | 8 | manpage.1: manpage.sgml 9 | docbook-to-man $< > $@ 10 | 11 | 12 | The docbook-to-man binary is found in the docbook-to-man package. 13 | Please remember that if you create the nroff version in one of the 14 | debian/rules file targets (such as build), you will need to include 15 | docbook-to-man in your Build-Depends control field. 16 | 17 | --> 18 | 19 | 20 | FIRSTNAME"> 21 | SURNAME"> 22 | 23 | December 22 2016"> 24 | 26 | SECTION"> 27 | radek@zajic.v.pytli.cz"> 28 | 29 | Tpm-luks"> 30 | 31 | 32 | Debian"> 33 | GNU"> 34 | GPL"> 35 | ]> 36 | 37 | 38 | 39 |
40 | &dhemail; 41 |
42 | 43 | &dhfirstname; 44 | &dhsurname; 45 | 46 | 47 | 2003 48 | &dhusername; 49 | 50 | &dhdate; 51 | 52 | 53 | &dhucpackage; 54 | 55 | &dhsection; 56 | 57 | 58 | &dhpackage; 59 | 60 | program to do something 61 | 62 | 63 | 64 | &dhpackage; 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | DESCRIPTION 73 | 74 | This manual page documents briefly the 75 | &dhpackage; and bar 76 | commands. 77 | 78 | This manual page was written for the &debian; distribution 79 | because the original program does not have a manual page. 80 | Instead, it has documentation in the &gnu; 81 | Info format; see below. 82 | 83 | &dhpackage; is a program that... 84 | 85 | 86 | 87 | OPTIONS 88 | 89 | These programs follow the usual &gnu; command line syntax, 90 | with long options starting with two dashes (`-'). A summary of 91 | options is included below. For a complete description, see the 92 | Info files. 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | Show summary of options. 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | Show version of program. 109 | 110 | 111 | 112 | 113 | 114 | SEE ALSO 115 | 116 | bar (1), baz (1). 117 | 118 | The programs are documented fully by The Rise and 119 | Fall of a Fooish Bar available via the 120 | Info system. 121 | 122 | 123 | AUTHOR 124 | 125 | This manual page was written by &dhusername; &dhemail; for 126 | the &debian; system (and may be used by others). Permission is 127 | granted to copy, distribute and/or modify this document under 128 | the terms of the &gnu; General Public License, Version 2 any 129 | later version published by the Free Software Foundation. 130 | 131 | 132 | On Debian systems, the complete text of the GNU General Public 133 | License can be found in /usr/share/common-licenses/GPL. 134 | 135 | 136 | 137 | 138 | 139 | 155 | -------------------------------------------------------------------------------- /debian/menu.ex: -------------------------------------------------------------------------------- 1 | ?package(tpm-luks):needs="X11|text|vc|wm" section="Applications/see-menu-manual"\ 2 | title="tpm-luks" command="/usr/bin/tpm-luks" 3 | -------------------------------------------------------------------------------- /debian/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # fix permissions to tpm-luks.conf 4 | chmod 0600 /etc/tpm-luks.conf 5 | 6 | exit 0 7 | -------------------------------------------------------------------------------- /debian/postinst.ex: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst script for tpm-luks 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `configure' 10 | # * `abort-upgrade' 11 | # * `abort-remove' `in-favour' 12 | # 13 | # * `abort-remove' 14 | # * `abort-deconfigure' `in-favour' 15 | # `removing' 16 | # 17 | # for details, see https://www.debian.org/doc/debian-policy/ or 18 | # the debian-policy package 19 | 20 | 21 | case "$1" in 22 | configure) 23 | ;; 24 | 25 | abort-upgrade|abort-remove|abort-deconfigure) 26 | ;; 27 | 28 | *) 29 | echo "postinst called with unknown argument \`$1'" >&2 30 | exit 1 31 | ;; 32 | esac 33 | 34 | # dh_installdeb will replace this with shell code automatically 35 | # generated by other debhelper scripts. 36 | 37 | #DEBHELPER# 38 | 39 | exit 0 40 | -------------------------------------------------------------------------------- /debian/postrm.ex: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postrm script for tpm-luks 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `remove' 10 | # * `purge' 11 | # * `upgrade' 12 | # * `failed-upgrade' 13 | # * `abort-install' 14 | # * `abort-install' 15 | # * `abort-upgrade' 16 | # * `disappear' 17 | # 18 | # for details, see https://www.debian.org/doc/debian-policy/ or 19 | # the debian-policy package 20 | 21 | 22 | case "$1" in 23 | purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) 24 | ;; 25 | 26 | *) 27 | echo "postrm called with unknown argument \`$1'" >&2 28 | exit 1 29 | ;; 30 | esac 31 | 32 | # dh_installdeb will replace this with shell code automatically 33 | # generated by other debhelper scripts. 34 | 35 | #DEBHELPER# 36 | 37 | exit 0 38 | -------------------------------------------------------------------------------- /debian/preinst.ex: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # preinst script for tpm-luks 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `install' 10 | # * `install' 11 | # * `upgrade' 12 | # * `abort-upgrade' 13 | # for details, see https://www.debian.org/doc/debian-policy/ or 14 | # the debian-policy package 15 | 16 | 17 | case "$1" in 18 | install|upgrade) 19 | ;; 20 | 21 | abort-upgrade) 22 | ;; 23 | 24 | *) 25 | echo "preinst called with unknown argument \`$1'" >&2 26 | exit 1 27 | ;; 28 | esac 29 | 30 | # dh_installdeb will replace this with shell code automatically 31 | # generated by other debhelper scripts. 32 | 33 | #DEBHELPER# 34 | 35 | exit 0 36 | -------------------------------------------------------------------------------- /debian/prerm.ex: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # prerm script for tpm-luks 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `remove' 10 | # * `upgrade' 11 | # * `failed-upgrade' 12 | # * `remove' `in-favour' 13 | # * `deconfigure' `in-favour' 14 | # `removing' 15 | # 16 | # for details, see https://www.debian.org/doc/debian-policy/ or 17 | # the debian-policy package 18 | 19 | 20 | case "$1" in 21 | remove|upgrade|deconfigure) 22 | ;; 23 | 24 | failed-upgrade) 25 | ;; 26 | 27 | *) 28 | echo "prerm called with unknown argument \`$1'" >&2 29 | exit 1 30 | ;; 31 | esac 32 | 33 | # dh_installdeb will replace this with shell code automatically 34 | # generated by other debhelper scripts. 35 | 36 | #DEBHELPER# 37 | 38 | exit 0 39 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # See debhelper(7) (uncomment to enable) 3 | # output every command that modifies files on the build system. 4 | #export DH_VERBOSE = 1 5 | 6 | 7 | # see FEATURE AREAS in dpkg-buildflags(1) 8 | #export DEB_BUILD_MAINT_OPTIONS = hardening=+all 9 | 10 | # see ENVIRONMENT in dpkg-buildflags(1) 11 | # package maintainers to append CFLAGS 12 | #export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic 13 | # package maintainers to append LDFLAGS 14 | #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed 15 | 16 | 17 | %: 18 | dh $@ 19 | 20 | 21 | # dh_make generated override targets 22 | # This is example for Cmake (See https://bugs.debian.org/641051 ) 23 | #override_dh_auto_configure: 24 | # dh_auto_configure -- # -DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH) 25 | 26 | override_dh_auto_build: 27 | autoreconf -ivf 28 | ./configure 29 | make 30 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/tpm-luks-docs.docs: -------------------------------------------------------------------------------- 1 | README.source 2 | README.Debian 3 | -------------------------------------------------------------------------------- /debian/tpm-luks.cron.d.ex: -------------------------------------------------------------------------------- 1 | # 2 | # Regular cron jobs for the tpm-luks package 3 | # 4 | 0 4 * * * root [ -x /usr/bin/tpm-luks_maintenance ] && /usr/bin/tpm-luks_maintenance 5 | -------------------------------------------------------------------------------- /debian/tpm-luks.default.ex: -------------------------------------------------------------------------------- 1 | # Defaults for tpm-luks initscript 2 | # sourced by /etc/init.d/tpm-luks 3 | # installed at /etc/default/tpm-luks by the maintainer scripts 4 | 5 | # 6 | # This is a POSIX shell fragment 7 | # 8 | 9 | # Additional options that are passed to the Daemon. 10 | DAEMON_OPTS="" 11 | -------------------------------------------------------------------------------- /debian/tpm-luks.doc-base.EX: -------------------------------------------------------------------------------- 1 | Document: tpm-luks 2 | Title: Debian tpm-luks Manual 3 | Author: 4 | Abstract: This manual describes what tpm-luks is 5 | and how it can be used to 6 | manage online manuals on Debian systems. 7 | Section: unknown 8 | 9 | Format: debiandoc-sgml 10 | Files: /usr/share/doc/tpm-luks/tpm-luks.sgml.gz 11 | 12 | Format: postscript 13 | Files: /usr/share/doc/tpm-luks/tpm-luks.ps.gz 14 | 15 | Format: text 16 | Files: /usr/share/doc/tpm-luks/tpm-luks.text.gz 17 | 18 | Format: HTML 19 | Index: /usr/share/doc/tpm-luks/html/index.html 20 | Files: /usr/share/doc/tpm-luks/html/*.html 21 | -------------------------------------------------------------------------------- /debian/tpm-luks.install: -------------------------------------------------------------------------------- 1 | tpm-luks-scripts/usr/sbin/tpm-luks usr/sbin/ 2 | tpm-luks-scripts/usr/sbin/tpm-luks-init usr/sbin/ 3 | tpm-luks-scripts/usr/sbin/tpm-luks-update usr/sbin/ 4 | tpm-luks-scripts/usr/sbin/tpm-luks-chain-hashes usr/sbin/ 5 | tpm-luks-scripts/usr/sbin/tpm-luks-findbiosbootcode usr/sbin/ 6 | tpm-luks-scripts/usr/sbin/tpm-luks-findbiosbootdata usr/sbin/ 7 | tpm-luks-scripts/usr/sbin/tpm-luks-findbiosgrubstage15 usr/sbin/ 8 | tpm-luks-scripts/usr/sbin/tpm-luks-findbiosgrubstage2 usr/sbin/ 9 | tpm-luks-scripts/usr/sbin/tpm-luks-findefibootmgr usr/sbin/ 10 | tpm-luks-scripts/usr/sbin/tpm-luks-findefibootgpt usr/sbin/ 11 | tpm-luks-scripts/usr/sbin/tpm-luks-findefishimhash usr/sbin/ 12 | tpm-luks-scripts/usr/sbin/tpm-luks-gen-tgrub-pcr-values usr/sbin/ 13 | tpm-luks-scripts/etc/initramfs/post-update.d/tpm-luks-update etc/initramfs/post-update.d/ 14 | tpm-luks-scripts/etc/tpm-luks.conf etc/ 15 | tpm-luks-scripts/etc/initramfs-tools/hooks/luks-tpm etc/initramfs-tools/hooks/ 16 | tpm-luks-scripts/etc/initramfs-tools/scripts/local-top/cryptpm etc/initramfs-tools/scripts/local-top/ 17 | pcrsum/pcrsum usr/sbin/ 18 | pcrsum/pcrdecode usr/sbin/ 19 | swtpm-utils/getcapability usr/sbin/ 20 | swtpm-utils/nv_readvalue usr/sbin/ 21 | swtpm-utils/pcr-extend usr/sbin/ 22 | -------------------------------------------------------------------------------- /debian/watch.ex: -------------------------------------------------------------------------------- 1 | # Example watch control file for uscan 2 | # Rename this file to "watch" and then you can run the "uscan" command 3 | # to check for upstream updates and more. 4 | # See uscan(1) for format 5 | 6 | # Compulsory line, this is a version 4 file 7 | version=4 8 | 9 | # PGP signature mangle, so foo.tar.gz has foo.tar.gz.sig 10 | #opts="pgpsigurlmangle=s%$%.sig%" 11 | 12 | # HTTP site (basic) 13 | #http://example.com/downloads.html \ 14 | # files/tpm-luks-([\d\.]+)\.tar\.gz debian uupdate 15 | 16 | # Uncommment to examine a FTP server 17 | #ftp://ftp.example.com/pub/tpm-luks-(.*)\.tar\.gz debian uupdate 18 | 19 | # SourceForge hosted projects 20 | # http://sf.net/tpm-luks/ tpm-luks-(.*)\.tar\.gz debian uupdate 21 | 22 | # GitHub hosted projects 23 | #opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%-$1.tar.gz%" \ 24 | # https://github.com//tpm-luks/tags \ 25 | # (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate 26 | 27 | # PyPI 28 | # https://pypi.debian.net/tpm-luks/tpm-luks-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) 29 | 30 | # Direct Git 31 | # opts="mode=git" http://git.example.com/tpm-luks.git \ 32 | # refs/tags/v([\d\.]+) debian uupdate 33 | 34 | 35 | 36 | 37 | # Uncomment to find new files on GooglePages 38 | # http://example.googlepages.com/foo.html tpm-luks-(.*)\.tar\.gz 39 | -------------------------------------------------------------------------------- /pcrsum/Makefile.am: -------------------------------------------------------------------------------- 1 | ################################################################################# 2 | # # 3 | # Makefile for libtpm/utils # 4 | # # 5 | # $Id: Makefile.am 4073 2010-04-30 14:44:14Z kgoldman $ # 6 | # # 7 | # (c) Copyright IBM Corporation 2006, 2010. # 8 | # # 9 | # All rights reserved. # 10 | # # 11 | # Redistribution and use in source and binary forms, with or without # 12 | # modification, are permitted provided that the following conditions are # 13 | # met: # 14 | # # 15 | # Redistributions of source code must retain the above copyright notice, # 16 | # this list of conditions and the following disclaimer. # 17 | # # 18 | # Redistributions in binary form must reproduce the above copyright # 19 | # notice, this list of conditions and the following disclaimer in the # 20 | # documentation and/or other materials provided with the distribution. # 21 | # # 22 | # Neither the names of the IBM Corporation nor the names of its # 23 | # contributors may be used to endorse or promote products derived from # 24 | # this software without specific prior written permission. # 25 | # # 26 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # 27 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # 28 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # 29 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # 30 | # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # 31 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # 32 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # 33 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # 34 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # 35 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # 36 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # 37 | # # 38 | ################################################################################# 39 | SUBDIRS = . 40 | if ARCH_AMD64 41 | ARCH=x86_64 42 | else 43 | ARCH=ia32 44 | endif 45 | AM_CFLAGS = -I/usr/linux/include -I/usr/include/efi -I/usr/include/efi/$(ARCH) 46 | 47 | INCLUDES = 48 | #LDADD = lib/.libs/libtpm.a /usr/local/ssl/lib/libcrypto.a 49 | LDADD = 50 | 51 | AM_CONDITIONAL = 52 | #AM_LDFLAGS = -all-static 53 | AM_LDFLAGS = -lmd 54 | LIBS=-lmd 55 | bindir=/usr/sbin 56 | bin_PROGRAMS = pcrsum pcrdecode 57 | 58 | pcrsum_SOURCES = pcrsum.c 59 | pcrdecode_SOURCES = pcrdecode.c 60 | 61 | noinst_HEADERS = \ 62 | include/Bluetooth.h \ 63 | include/efistruct.h \ 64 | include/PcAnsi.h \ 65 | include/PeImage.h \ 66 | include/Tpm12.h \ 67 | include/UefiGpt.h \ 68 | include/UefiTcgPlatform.h 69 | 70 | -------------------------------------------------------------------------------- /pcrsum/include/Bluetooth.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | This file contains the Bluetooth definitions that are consumed by drivers. 3 | These definitions are from Bluetooth Core Specification Version 4.0 June, 2010 4 | 5 | Copyright (c) 2015, Intel Corporation. All rights reserved.
6 | This program and the accompanying materials 7 | are licensed and made available under the terms and conditions of the BSD License 8 | which accompanies this distribution. The full text of the license may be found at 9 | http://opensource.org/licenses/bsd-license.php 10 | 11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 | 14 | **/ 15 | 16 | #ifndef _BLUETOOTH_H_ 17 | #define _BLUETOOTH_H_ 18 | 19 | #pragma pack(1) 20 | 21 | /// 22 | /// BLUETOOTH_ADDRESS 23 | /// 24 | typedef struct { 25 | /// 26 | /// 48bit Bluetooth device address. 27 | /// 28 | UINT8 Address[6]; 29 | } BLUETOOTH_ADDRESS; 30 | 31 | /// 32 | /// BLUETOOTH_CLASS_OF_DEVICE. See Bluetooth specification for detail. 33 | /// 34 | typedef struct { 35 | UINT8 FormatType:2; 36 | UINT8 MinorDeviceClass: 6; 37 | UINT16 MajorDeviceClass: 5; 38 | UINT16 MajorServiceClass:11; 39 | } BLUETOOTH_CLASS_OF_DEVICE; 40 | 41 | #pragma pack() 42 | 43 | #define BLUETOOTH_HCI_COMMAND_LOCAL_READABLE_NAME_MAX_SIZE 248 44 | 45 | #define BLUETOOTH_HCI_LINK_KEY_SIZE 16 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /pcrsum/include/PcAnsi.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Terminal Device Path Vendor Guid. 3 | 4 | Copyright (c) 2006 - 2009, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | @par Revision Reference: 14 | GUIDs defined in UEFI 2.0 spec. 15 | 16 | **/ 17 | 18 | #ifndef __PC_ANSI_H__ 19 | #define __PC_ANSI_H__ 20 | 21 | #define EFI_PC_ANSI_GUID \ 22 | { \ 23 | 0xe0c14753, 0xf9be, 0x11d2, {0x9a, 0x0c, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ 24 | } 25 | 26 | #define EFI_VT_100_GUID \ 27 | { \ 28 | 0xdfa66065, 0xb419, 0x11d3, {0x9a, 0x2d, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ 29 | } 30 | 31 | #define EFI_VT_100_PLUS_GUID \ 32 | { \ 33 | 0x7baec70b, 0x57e0, 0x4c76, {0x8e, 0x87, 0x2f, 0x9e, 0x28, 0x08, 0x83, 0x43 } \ 34 | } 35 | 36 | #define EFI_VT_UTF8_GUID \ 37 | { \ 38 | 0xad15a0d6, 0x8bec, 0x4acf, {0xa0, 0x73, 0xd0, 0x1d, 0xe7, 0x7e, 0x2d, 0x88 } \ 39 | } 40 | 41 | #define DEVICE_PATH_MESSAGING_UART_FLOW_CONTROL \ 42 | { \ 43 | 0x37499a9d, 0x542f, 0x4c89, {0xa0, 0x26, 0x35, 0xda, 0x14, 0x20, 0x94, 0xe4 } \ 44 | } 45 | 46 | #define EFI_SAS_DEVICE_PATH_GUID \ 47 | { \ 48 | 0xd487ddb4, 0x008b, 0x11d9, {0xaf, 0xdc, 0x00, 0x10, 0x83, 0xff, 0xca, 0x4d } \ 49 | } 50 | 51 | extern EFI_GUID gEfiPcAnsiGuid; 52 | extern EFI_GUID gEfiVT100Guid; 53 | extern EFI_GUID gEfiVT100PlusGuid; 54 | extern EFI_GUID gEfiVTUTF8Guid; 55 | extern EFI_GUID gEfiUartDevicePathGuid; 56 | extern EFI_GUID gEfiSasDevicePathGuid; 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /pcrsum/include/UefiGpt.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | EFI Guid Partition Table Format Definition. 3 | 4 | Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials are licensed and made available under 6 | the terms and conditions of the BSD License that accompanies this distribution. 7 | The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php. 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #ifndef __UEFI_GPT_H__ 16 | #define __UEFI_GPT_H__ 17 | 18 | /// 19 | /// The primary GUID Partition Table Header must be 20 | /// located in LBA 1 (i.e., the second logical block). 21 | /// 22 | #define PRIMARY_PART_HEADER_LBA 1 23 | /// 24 | /// EFI Partition Table Signature: "EFI PART". 25 | /// 26 | #define EFI_PTAB_HEADER_ID SIGNATURE_64 ('E','F','I',' ','P','A','R','T') 27 | 28 | #pragma pack(1) 29 | 30 | /// 31 | /// GPT Partition Table Header. 32 | /// 33 | typedef struct { 34 | /// 35 | /// The table header for the GPT partition Table. 36 | /// This header contains EFI_PTAB_HEADER_ID. 37 | /// 38 | EFI_TABLE_HEADER Header; 39 | /// 40 | /// The LBA that contains this data structure. 41 | /// 42 | EFI_LBA MyLBA; 43 | /// 44 | /// LBA address of the alternate GUID Partition Table Header. 45 | /// 46 | EFI_LBA AlternateLBA; 47 | /// 48 | /// The first usable logical block that may be used 49 | /// by a partition described by a GUID Partition Entry. 50 | /// 51 | EFI_LBA FirstUsableLBA; 52 | /// 53 | /// The last usable logical block that may be used 54 | /// by a partition described by a GUID Partition Entry. 55 | /// 56 | EFI_LBA LastUsableLBA; 57 | /// 58 | /// GUID that can be used to uniquely identify the disk. 59 | /// 60 | EFI_GUID DiskGUID; 61 | /// 62 | /// The starting LBA of the GUID Partition Entry array. 63 | /// 64 | EFI_LBA PartitionEntryLBA; 65 | /// 66 | /// The number of Partition Entries in the GUID Partition Entry array. 67 | /// 68 | UINT32 NumberOfPartitionEntries; 69 | /// 70 | /// The size, in bytes, of each the GUID Partition 71 | /// Entry structures in the GUID Partition Entry 72 | /// array. This field shall be set to a value of 128 x 2^n where n is 73 | /// an integer greater than or equal to zero (e.g., 128, 256, 512, etc.). 74 | /// 75 | UINT32 SizeOfPartitionEntry; 76 | /// 77 | /// The CRC32 of the GUID Partition Entry array. 78 | /// Starts at PartitionEntryLBA and is 79 | /// computed over a byte length of 80 | /// NumberOfPartitionEntries * SizeOfPartitionEntry. 81 | /// 82 | UINT32 PartitionEntryArrayCRC32; 83 | } EFI_PARTITION_TABLE_HEADER; 84 | 85 | /// 86 | /// GPT Partition Entry. 87 | /// 88 | typedef struct { 89 | /// 90 | /// Unique ID that defines the purpose and type of this Partition. A value of 91 | /// zero defines that this partition entry is not being used. 92 | /// 93 | EFI_GUID PartitionTypeGUID; 94 | /// 95 | /// GUID that is unique for every partition entry. Every partition ever 96 | /// created will have a unique GUID. 97 | /// This GUID must be assigned when the GUID Partition Entry is created. 98 | /// 99 | EFI_GUID UniquePartitionGUID; 100 | /// 101 | /// Starting LBA of the partition defined by this entry 102 | /// 103 | EFI_LBA StartingLBA; 104 | /// 105 | /// Ending LBA of the partition defined by this entry. 106 | /// 107 | EFI_LBA EndingLBA; 108 | /// 109 | /// Attribute bits, all bits reserved by UEFI 110 | /// Bit 0: If this bit is set, the partition is required for the platform to function. The owner/creator of the 111 | /// partition indicates that deletion or modification of the contents can result in loss of platform 112 | /// features or failure for the platform to boot or operate. The system cannot function normally if 113 | /// this partition is removed, and it should be considered part of the hardware of the system. 114 | /// Actions such as running diagnostics, system recovery, or even OS install or boot, could 115 | /// potentially stop working if this partition is removed. Unless OS software or firmware 116 | /// recognizes this partition, it should never be removed or modified as the UEFI firmware or 117 | /// platform hardware may become non-functional. 118 | /// Bit 1: If this bit is set, then firmware must not produce an EFI_BLOCK_IO_PROTOCOL device for 119 | /// this partition. By not producing an EFI_BLOCK_IO_PROTOCOL partition, file system 120 | /// mappings will not be created for this partition in UEFI. 121 | /// Bit 2: This bit is set aside to let systems with traditional PC-AT BIOS firmware implementations 122 | /// inform certain limited, special-purpose software running on these systems that a GPT 123 | /// partition may be bootable. The UEFI boot manager must ignore this bit when selecting 124 | /// a UEFI-compliant application, e.g., an OS loader. 125 | /// Bits 3-47: Undefined and must be zero. Reserved for expansion by future versions of the UEFI 126 | /// specification. 127 | /// Bits 48-63: Reserved for GUID specific use. The use of these bits will vary depending on the 128 | /// PartitionTypeGUID. Only the owner of the PartitionTypeGUID is allowed 129 | /// to modify these bits. They must be preserved if Bits 0-47 are modified.. 130 | /// 131 | UINT64 Attributes; 132 | /// 133 | /// Null-terminated name of the partition. 134 | /// 135 | CHAR16 PartitionName[36]; 136 | } EFI_PARTITION_ENTRY; 137 | 138 | #pragma pack() 139 | #endif 140 | 141 | 142 | -------------------------------------------------------------------------------- /pcrsum/include/UefiTcgPlatform.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final 3 | 4 | Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
5 | This program and the accompanying materials 6 | are licensed and made available under the terms and conditions of the BSD License 7 | which accompanies this distribution. The full text of the license may be found at 8 | http://opensource.org/licenses/bsd-license.php 9 | 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 | 13 | **/ 14 | 15 | #ifndef __UEFI_TCG_PLATFORM_H__ 16 | #define __UEFI_TCG_PLATFORM_H__ 17 | 18 | #include "Tpm12.h" 19 | 20 | // 21 | // Standard event types 22 | // 23 | #define EV_POST_CODE ((TCG_EVENTTYPE) 0x00000001) 24 | #define EV_NO_ACTION ((TCG_EVENTTYPE) 0x00000003) 25 | #define EV_SEPARATOR ((TCG_EVENTTYPE) 0x00000004) 26 | #define EV_ACTION ((TCG_EVENTTYPE) 0x00000005) 27 | #define EV_EVENT_TAG ((TCG_EVENTTYPE) 0x00000006) 28 | #define EV_S_CRTM_CONTENTS ((TCG_EVENTTYPE) 0x00000007) 29 | #define EV_S_CRTM_VERSION ((TCG_EVENTTYPE) 0x00000008) 30 | #define EV_CPU_MICROCODE ((TCG_EVENTTYPE) 0x00000009) 31 | #define EV_PLATFORM_CONFIG_FLAGS ((TCG_EVENTTYPE) 0x0000000A) 32 | #define EV_TABLE_OF_DEVICES ((TCG_EVENTTYPE) 0x0000000B) 33 | #define EV_COMPACT_HASH ((TCG_EVENTTYPE) 0x0000000C) 34 | #define EV_IPL ((TCG_EVENTTYPE) 0x0000000D) 35 | #define EV_IPL_PARTITION_DATA ((TCG_EVENTTYPE) 0x0000000E) 36 | #define EV_NONHOST_CODE ((TCG_EVENTTYPE) 0x0000000F) 37 | #define EV_NONHOST_CONFIG ((TCG_EVENTTYPE) 0x00000010) 38 | #define EV_NONHOST_INFO ((TCG_EVENTTYPE) 0x00000011) 39 | #define EV_OMIT_BOOT_DEVICE_EVENTS ((TCG_EVENTTYPE) 0x00000012) 40 | 41 | // 42 | // EFI specific event types 43 | // 44 | #define EV_EFI_EVENT_BASE ((TCG_EVENTTYPE) 0x80000000) 45 | #define EV_EFI_VARIABLE_DRIVER_CONFIG (EV_EFI_EVENT_BASE + 1) 46 | #define EV_EFI_VARIABLE_BOOT (EV_EFI_EVENT_BASE + 2) 47 | #define EV_EFI_BOOT_SERVICES_APPLICATION (EV_EFI_EVENT_BASE + 3) 48 | #define EV_EFI_BOOT_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 4) 49 | #define EV_EFI_RUNTIME_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 5) 50 | #define EV_EFI_GPT_EVENT (EV_EFI_EVENT_BASE + 6) 51 | #define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7) 52 | #define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8) 53 | #define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9) 54 | 55 | #define EFI_CALLING_EFI_APPLICATION \ 56 | "Calling EFI Application from Boot Option" 57 | #define EFI_RETURNING_FROM_EFI_APPLICATOIN \ 58 | "Returning from EFI Application from Boot Option" 59 | #define EFI_EXIT_BOOT_SERVICES_INVOCATION \ 60 | "Exit Boot Services Invocation" 61 | #define EFI_EXIT_BOOT_SERVICES_FAILED \ 62 | "Exit Boot Services Returned with Failure" 63 | #define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \ 64 | "Exit Boot Services Returned with Success" 65 | 66 | 67 | #define EV_POSTCODE_INFO_POST_CODE "POST CODE" 68 | #define POST_CODE_STR_LEN (sizeof(EV_POSTCODE_INFO_POST_CODE) - 1) 69 | 70 | #define EV_POSTCODE_INFO_SMM_CODE "SMM CODE" 71 | #define SMM_CODE_STR_LEN (sizeof(EV_POSTCODE_INFO_SMM_CODE) - 1) 72 | 73 | #define EV_POSTCODE_INFO_ACPI_DATA "ACPI DATA" 74 | #define ACPI_DATA_LEN (sizeof(EV_POSTCODE_INFO_ACPI_DATA) - 1) 75 | 76 | #define EV_POSTCODE_INFO_BIS_CODE "BIS CODE" 77 | #define BIS_CODE_LEN (sizeof(EV_POSTCODE_INFO_BIS_CODE) - 1) 78 | 79 | #define EV_POSTCODE_INFO_UEFI_PI "UEFI PI" 80 | #define UEFI_PI_LEN (sizeof(EV_POSTCODE_INFO_UEFI_PI) - 1) 81 | 82 | #define EV_POSTCODE_INFO_OPROM "Embedded Option ROM" 83 | #define OPROM_LEN (sizeof(EV_POSTCODE_INFO_OPROM) - 1) 84 | 85 | // 86 | // Set structure alignment to 1-byte 87 | // 88 | #pragma pack (1) 89 | 90 | typedef UINT32 TCG_EVENTTYPE; 91 | typedef TPM_PCRINDEX TCG_PCRINDEX; 92 | typedef TPM_DIGEST TCG_DIGEST; 93 | /// 94 | /// Event Log Entry Structure Definition 95 | /// 96 | typedef struct tdTCG_PCR_EVENT { 97 | TCG_PCRINDEX PCRIndex; ///< PCRIndex event extended to 98 | TCG_EVENTTYPE EventType; ///< TCG EFI event type 99 | TCG_DIGEST Digest; ///< Value extended into PCRIndex 100 | UINT32 EventSize; ///< Size of the event data 101 | UINT8 Event[1]; ///< The event data 102 | } TCG_PCR_EVENT; 103 | 104 | #define TSS_EVENT_DATA_MAX_SIZE 256 105 | 106 | /// 107 | /// TCG_PCR_EVENT_HDR 108 | /// 109 | typedef struct tdTCG_PCR_EVENT_HDR { 110 | TCG_PCRINDEX PCRIndex; 111 | TCG_EVENTTYPE EventType; 112 | TCG_DIGEST Digest; 113 | UINT32 EventSize; 114 | } TCG_PCR_EVENT_HDR; 115 | 116 | /// 117 | /// EFI_PLATFORM_FIRMWARE_BLOB 118 | /// 119 | /// BlobLength should be of type UINTN but we use UINT64 here 120 | /// because PEI is 32-bit while DXE is 64-bit on x64 platforms 121 | /// 122 | typedef struct tdEFI_PLATFORM_FIRMWARE_BLOB { 123 | EFI_PHYSICAL_ADDRESS BlobBase; 124 | UINT64 BlobLength; 125 | } EFI_PLATFORM_FIRMWARE_BLOB; 126 | 127 | /// 128 | /// EFI_IMAGE_LOAD_EVENT 129 | /// 130 | /// This structure is used in EV_EFI_BOOT_SERVICES_APPLICATION, 131 | /// EV_EFI_BOOT_SERVICES_DRIVER and EV_EFI_RUNTIME_SERVICES_DRIVER 132 | /// 133 | typedef struct tdEFI_IMAGE_LOAD_EVENT { 134 | EFI_PHYSICAL_ADDRESS ImageLocationInMemory; 135 | UINTN ImageLengthInMemory; 136 | UINTN ImageLinkTimeAddress; 137 | UINTN LengthOfDevicePath; 138 | EFI_DEVICE_PATH_PROTOCOL DevicePath[1]; 139 | } EFI_IMAGE_LOAD_EVENT; // EFI_IMAGE_LOAD_EVENT from https://github.com/tianocore/edk2/blob/18b00c8c8773e62b1e2c4a36f490996325570b67/EdkCompatibilityPkg/Foundation/Include/EfiTpm.h 140 | 141 | /// 142 | /// EFI_HANDOFF_TABLE_POINTERS 143 | /// 144 | /// This structure is used in EV_EFI_HANDOFF_TABLES event to facilitate 145 | /// the measurement of given configuration tables. 146 | /// 147 | typedef struct tdEFI_HANDOFF_TABLE_POINTERS { 148 | UINTN NumberOfTables; 149 | EFI_CONFIGURATION_TABLE TableEntry[1]; 150 | } EFI_HANDOFF_TABLE_POINTERS; 151 | 152 | /// 153 | /// EFI_VARIABLE_DATA 154 | /// 155 | /// This structure serves as the header for measuring variables. The name of the 156 | /// variable (in Unicode format) should immediately follow, then the variable 157 | /// data. 158 | /// 159 | typedef struct tdEFI_VARIABLE_DATA { 160 | EFI_GUID VariableName; 161 | UINTN UnicodeNameLength; 162 | UINTN VariableDataLength; 163 | CHAR16 UnicodeName[1]; 164 | INT8 VariableData[1]; ///< Driver or platform-specific data 165 | } EFI_VARIABLE_DATA; 166 | 167 | // EFI_GPT_DATA must be 8-byte aligned, otherwise checksum calculation will fail 168 | #pragma pack (8) 169 | typedef struct tdEFI_GPT_DATA { 170 | EFI_PARTITION_TABLE_HEADER EfiPartitionHeader; 171 | UINTN NumberOfPartitions; 172 | EFI_PARTITION_ENTRY Partitions[1]; 173 | } EFI_GPT_DATA; 174 | 175 | // 176 | // Restore original structure alignment 177 | // 178 | #pragma pack () 179 | 180 | #endif 181 | 182 | 183 | -------------------------------------------------------------------------------- /pcrsum/include/efistruct.h: -------------------------------------------------------------------------------- 1 | #ifndef __EFISTRUCT_H_ 2 | #define __EFISTRUCT_H_ 3 | 4 | #pragma pack(1) 5 | 6 | /** 7 | This protocol can be used on any device handle to obtain generic path/location 8 | information concerning the physical device or logical device. If the handle does 9 | not logically map to a physical device, the handle may not necessarily support 10 | the device path protocol. The device path describes the location of the device 11 | the handle is for. The size of the Device Path can be determined from the structures 12 | that make up the Device Path. 13 | **/ 14 | /// https://www.virtualbox.org/svn/vbox/trunk/src/VBox/Devices/PC/ipxe/src/include/ipxe/efi/Protocol/DevicePath.h 15 | typedef struct { 16 | UINT8 Type; ///< 0x01 Hardware Device Path. 17 | ///< 0x02 ACPI Device Path. 18 | ///< 0x03 Messaging Device Path. 19 | ///< 0x04 Media Device Path. 20 | ///< 0x05 BIOS Boot Specification Device Path. 21 | ///< 0x7F End of Hardware Device Path. 22 | 23 | UINT8 SubType; ///< Varies by Type 24 | ///< 0xFF End Entire Device Path, or 25 | ///< 0x01 End This Instance of a Device Path and start a new 26 | ///< Device Path. 27 | 28 | UINT8 Length[2]; ///< Specific Device Path data. Type and Sub-Type define 29 | ///< type of data. Size of data is included in Length. 30 | 31 | } EFI_DEVICE_PATH_PROTOCOL; 32 | 33 | /** 34 | Returns a 16-bit signature built from 2 ASCII characters. 35 | 36 | This macro returns a 16-bit value built from the two ASCII characters specified 37 | by A and B. 38 | 39 | @param A The first ASCII character. 40 | @param B The second ASCII character. 41 | 42 | @return A 16-bit value built from the two ASCII characters specified by A and B. 43 | 44 | **/ 45 | #define SIGNATURE_16(A, B) ((A) | (B << 8)) 46 | 47 | /** 48 | Returns a 32-bit signature built from 4 ASCII characters. 49 | 50 | This macro returns a 32-bit value built from the four ASCII characters specified 51 | by A, B, C, and D. 52 | 53 | @param A The first ASCII character. 54 | @param B The second ASCII character. 55 | @param C The third ASCII character. 56 | @param D The fourth ASCII character. 57 | 58 | @return A 32-bit value built from the two ASCII characters specified by A, B, 59 | C and D. 60 | 61 | **/ 62 | #define SIGNATURE_32(A, B, C, D) (SIGNATURE_16 (A, B) | (SIGNATURE_16 (C, D) << 16)) 63 | 64 | /** 65 | Returns a 64-bit signature built from 8 ASCII characters. 66 | 67 | This macro returns a 64-bit value built from the eight ASCII characters specified 68 | by A, B, C, D, E, F, G,and H. 69 | 70 | @param A The first ASCII character. 71 | @param B The second ASCII character. 72 | @param C The third ASCII character. 73 | @param D The fourth ASCII character. 74 | @param E The fifth ASCII character. 75 | @param F The sixth ASCII character. 76 | @param G The seventh ASCII character. 77 | @param H The eighth ASCII character. 78 | 79 | @return A 64-bit value built from the two ASCII characters specified by A, B, 80 | C, D, E, F, G and H. 81 | 82 | **/ 83 | #define SIGNATURE_64(A, B, C, D, E, F, G, H) \ 84 | (SIGNATURE_32 (A, B, C, D) | ((UINT64) (SIGNATURE_32 (E, F, G, H)) << 32)) 85 | /// https://raw.githubusercontent.com/ipxe/ipxe/master/src/include/ipxe/efi/Base.h 86 | 87 | typedef struct _EFI_BLOCK_IO_PROTOCOL { 88 | UINT64 Revision; 89 | EFI_BLOCK_IO_MEDIA *Media; 90 | EFI_BLOCK_RESET Reset; 91 | EFI_BLOCK_READ ReadBlocks; 92 | EFI_BLOCK_WRITE WriteBlocks; 93 | EFI_BLOCK_FLUSH FlushBlocks; 94 | } EFI_BLOCK_IO_PROTOCOL; 95 | 96 | #endif // __EFISTRUCT_H_ -------------------------------------------------------------------------------- /swtpm-utils/Makefile.am: -------------------------------------------------------------------------------- 1 | ################################################################################# 2 | # # 3 | # Makefile for libtpm/utils # 4 | # # 5 | # $Id: Makefile.am 4073 2010-04-30 14:44:14Z kgoldman $ # 6 | # # 7 | # (c) Copyright IBM Corporation 2006, 2010. # 8 | # # 9 | # All rights reserved. # 10 | # # 11 | # Redistribution and use in source and binary forms, with or without # 12 | # modification, are permitted provided that the following conditions are # 13 | # met: # 14 | # # 15 | # Redistributions of source code must retain the above copyright notice, # 16 | # this list of conditions and the following disclaimer. # 17 | # # 18 | # Redistributions in binary form must reproduce the above copyright # 19 | # notice, this list of conditions and the following disclaimer in the # 20 | # documentation and/or other materials provided with the distribution. # 21 | # # 22 | # Neither the names of the IBM Corporation nor the names of its # 23 | # contributors may be used to endorse or promote products derived from # 24 | # this software without specific prior written permission. # 25 | # # 26 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # 27 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # 28 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # 29 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # 30 | # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # 31 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # 32 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # 33 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # 34 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # 35 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # 36 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # 37 | # # 38 | ################################################################################# 39 | SUBDIRS = lib . 40 | 41 | AM_CFLAGS = -I/usr/linux/include -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -static -W -Wuninitialized -DTPM_POSIX -DTPM_V12 -DTPM_NV_DISK -DTPM_AES -DTPM_USE_TAG_IN_STRUCTURE=1 -DTPM_USE_CHARDEV 42 | 43 | INCLUDES = -Ilib 44 | #LDADD = lib/.libs/libtpm.a /usr/local/ssl/lib/libcrypto.a 45 | LDADD = lib/.libs/libtpm.a 46 | 47 | AM_CONDITIONAL = TPM_VTPM 48 | #AM_LDFLAGS = -all-static 49 | AM_LDFLAGS = -lc -ldl -lcrypto 50 | LIBS=-lcrypto -lssl 51 | # These must go into /usr/bin because they'll be gathered up by dracut's 52 | # scripts as part of bnuilding the initramfs. The 'inst_binary' script 53 | # only looks in a few places, and /usr/local/bin isn't one of them 54 | bindir=/usr/sbin 55 | bin_PROGRAMS = getcapability nv_readvalue pcr-extend 56 | 57 | getcapability_SOURCES = getcapability.c 58 | nv_readvalue_SOURCES = nv_readvalue.c 59 | pcr_extend_SOURCES = pcr-extend.c 60 | 61 | noinst_HEADERS = \ 62 | include/hmac.h \ 63 | include/newserialize.h \ 64 | include/oiaposap.h \ 65 | include/pcrs.h \ 66 | include/tpm.h \ 67 | include/tpm_constants.h \ 68 | include/tpm_error.h \ 69 | include/tpm_lowlevel.h \ 70 | include/tpm_structures.h \ 71 | include/tpm_types.h \ 72 | include/tpmfunc.h \ 73 | include/tpmkeys.h \ 74 | include/tpmutil.h 75 | 76 | -------------------------------------------------------------------------------- /swtpm-utils/include/hmac.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM HMAC */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: hmac.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef HMAC_H 41 | #define HMAC_H 42 | 43 | #include 44 | 45 | uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int keylen, 46 | unsigned char *h1, unsigned char *h2, unsigned char h3,...); 47 | uint32_t TSS_checkhmac1(const struct tpm_buffer *tb, uint32_t command, unsigned char *ononce, 48 | unsigned char *key, unsigned int keylen, ...); 49 | uint32_t TSS_checkhmac1New(const struct tpm_buffer *tb, uint32_t command, session *sess, unsigned char *ononce, 50 | unsigned char *key, unsigned int keylen, ...); 51 | uint32_t TSS_checkhmac2(const struct tpm_buffer *tb, uint32_t command, 52 | unsigned char *ononce1, 53 | unsigned char *key1, unsigned int keylen1, 54 | unsigned char *ononce2, 55 | unsigned char *key2, unsigned int keylen2, ...); 56 | uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...); 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /swtpm-utils/include/oiaposap.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Session Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: oiaposap.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef OIAPOSAP_H 41 | #define OIAPOSAP_H 42 | #include 43 | #include 44 | 45 | typedef struct osapsess 46 | { 47 | uint32_t handle; 48 | unsigned char enonce[TPM_NONCE_SIZE]; 49 | unsigned char enonceOSAP[TPM_NONCE_SIZE]; 50 | unsigned char ononceOSAP[TPM_NONCE_SIZE]; 51 | unsigned char ssecret[TPM_HASH_SIZE]; 52 | unsigned char ononce[TPM_NONCE_SIZE]; 53 | uint16_t etype; 54 | } osapsess; 55 | 56 | typedef struct dsapsess 57 | { 58 | uint32_t handle; 59 | unsigned char enonce[TPM_NONCE_SIZE]; 60 | unsigned char enonceDSAP[TPM_NONCE_SIZE]; 61 | unsigned char ononceDSAP[TPM_NONCE_SIZE]; 62 | unsigned char ssecret[TPM_HASH_SIZE]; 63 | unsigned char ononce[TPM_NONCE_SIZE]; 64 | uint16_t etype; 65 | } dsapsess; 66 | 67 | typedef struct oiapsess 68 | { 69 | uint32_t handle; 70 | unsigned char enonce[TPM_NONCE_SIZE]; 71 | } oiapsess; 72 | 73 | typedef struct transess 74 | { 75 | uint32_t handle; 76 | unsigned char enonce[TPM_NONCE_SIZE]; 77 | } transess; 78 | 79 | typedef struct session 80 | { 81 | uint32_t sess_type; // see below 82 | union { 83 | oiapsess oiap; 84 | osapsess osap; 85 | dsapsess dsap; 86 | transess tran; 87 | } type; 88 | unsigned char authdata[TPM_AUTHDATA_SIZE]; 89 | } session; 90 | 91 | 92 | #define SESSION_OIAP 1 93 | #define SESSION_OSAP 2 94 | #define SESSION_DSAP 4 95 | #define SESSION_TRAN 8 96 | 97 | uint32_t TSS_HANDclose(uint32_t handle, TPM_RESOURCE_TYPE); 98 | uint32_t TSS_OIAPopen(uint32_t *handle, unsigned char *enonce); 99 | uint32_t TSS_OIAPclose(uint32_t handle); 100 | uint32_t TSS_OSAPopen(osapsess *sess,const unsigned char *key, uint16_t etype, uint32_t evalue); 101 | uint32_t TSS_OSAPclose(osapsess *sess); 102 | uint32_t TSS_DSAPopen(dsapsess *sess, 103 | unsigned char *key, 104 | uint16_t etype, 105 | uint32_t keyhandle, 106 | unsigned char * evalue, uint32_t evalueSize); 107 | uint32_t TSS_DSAPclose(dsapsess *sess); 108 | 109 | uint32_t TSS_SessionOpen(uint32_t allowed_type, 110 | session * sess, 111 | unsigned char *passHash, uint16_t etype, uint32_t evalue); 112 | uint32_t TSS_SessionClose(session * sess); 113 | uint32_t TSS_Session_CreateTransport(session *sess, 114 | unsigned char *transAuth, 115 | uint32_t transHandle, 116 | unsigned char *transNonce); 117 | unsigned char * TSS_Session_GetAuth(session * sess); 118 | unsigned char * TSS_Session_GetENonce(session * sess); 119 | void TSS_Session_SetENonce(session * sess, const unsigned char *enonce); 120 | uint32_t TSS_Session_GetHandle(session * sess); 121 | 122 | #endif 123 | -------------------------------------------------------------------------------- /swtpm-utils/include/pcrs.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM PCR Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: pcrs.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef PCRS_H 41 | #define PCRS_H 42 | 43 | #define TPM_PCR_NUM 16 /* number of PCR registers supported */ 44 | #define TPM_PCR_MASK_SIZE 2 /* size in bytes of PCR bit mask */ 45 | 46 | uint32_t TPM_PcrRead(uint32_t pcrindex, unsigned char *pcrvalue); 47 | //uint32_t TSS_GenPCRInfo(uint32_t pcrmap, unsigned char *pcrinfo, unsigned int *len); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /swtpm-utils/include/tpm.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Utilities */ 4 | /* Written by J. Kravitz */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpm.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPM_H 41 | #define TPM_H 42 | 43 | #include 44 | #include 45 | #ifdef TPM_POSIX 46 | #include 47 | #endif 48 | #ifdef TPM_WINDOWS 49 | #include 50 | #endif 51 | 52 | #define ERR_MASK 0x80000000 /* mask to define error state */ 53 | /* keep 0x8001000 unassigned since the bash only sees the lowest byte! */ 54 | #define ERR_DUMMY 0x80001000 55 | #define ERR_HMAC_FAIL 0x80001001 /* HMAC authorization verification failed */ 56 | #define ERR_NULL_ARG 0x80001002 /* An argument was NULL that shouldn't be */ 57 | #define ERR_BAD_ARG 0x80001003 /* An argument had an invalid value */ 58 | #define ERR_CRYPT_ERR 0x80001004 /* An error occurred in an OpenSSL library call */ 59 | #define ERR_IO 0x80001005 /* An I/O Error occured */ 60 | #define ERR_MEM_ERR 0x80001006 /* A memory allocation error occurred */ 61 | #define ERR_BAD_FILE 0x80001007 /* File error occurred */ 62 | #define ERR_BAD_DATA 0x80001008 /* data read from a stream were bad */ 63 | #define ERR_BAD_SIZE 0x80001009 /* the size of the data to send to the TPM is too large */ 64 | #define ERR_BUFFER 0x8000100a /* the size of the buffer is too small */ 65 | #define ERR_STRUCTURE 0x8000100b /* this is not the stream for the structure to be parsed */ 66 | #define ERR_NOT_FOUND 0x8000100c /* searched item could not be found */ 67 | #define ERR_ENV_VARIABLE 0x8000100d /* environment varaible is not set */ 68 | #define ERR_NO_TRANSPORT 0x8000100e /* no transport allowed for this ordinal */ 69 | #define ERR_BADRESPONSETAG 0x8000100f /* bad response tag in message */ 70 | #define ERR_SIGNATURE 0x80001010 /* bad signature */ 71 | #define ERR_PCR_LIST_NOT_IMA 0x80001011 /* PCR values do not correspond to that in IMA */ 72 | #define ERR_CHECKSUM 0x80001012 /* Checksum not correct */ 73 | #define ERR_BAD_RESP 0x80001013 /* response from TPM not formatted correctly */ 74 | #define ERR_BAD_SESSION_TYPE 0x80001014 /* session type choice is not good */ 75 | 76 | #define ERR_LAST 0x80001015 /* keep this as the last error code !!!! */ 77 | 78 | #define TPM_MAX_BUFF_SIZE 4096 79 | #define TPM_HASH_SIZE 20 80 | #define TPM_NONCE_SIZE 20 81 | 82 | #define TPM_U16_SIZE 2 83 | #define TPM_U32_SIZE 4 84 | 85 | #define TPM_PARAMSIZE_OFFSET TPM_U16_SIZE 86 | #define TPM_RETURN_OFFSET ( TPM_U16_SIZE + TPM_U32_SIZE ) 87 | #define TPM_DATA_OFFSET ( TPM_RETURN_OFFSET + TPM_U32_SIZE ) 88 | 89 | #define STORE32(buffer,offset,value) { *(uint32_t *)&buffer[offset] = htonl(value); } 90 | #define STORE16(buffer,offset,value) { *(uint16_t *)&buffer[offset] = htons(value); } 91 | #define STORE32N(buffer,offset,value) { *(uint32_t *)&buffer[offset] = value; } 92 | #define STORE16N(buffer,offset,value) { *(uint16_t *)&buffer[offset] = value; } 93 | #define LOAD32(buffer,offset) ( ntohl(*(uint32_t *)&buffer[offset]) ) 94 | #define LOAD16(buffer,offset) ( ntohs(*(uint16_t *)&buffer[offset]) ) 95 | #define LOAD32N(buffer,offset) ( *(uint32_t *)&buffer[offset] ) 96 | #define LOAD16N(buffer,offset) ( *(uint16_t *)&buffer[offset] ) 97 | 98 | #define TPM_CURRENT_TICKS_SIZE (sizeof(TPM_STRUCTURE_TAG)+2*TPM_U32_SIZE+TPM_U16_SIZE+TPM_NONCE_SIZE) 99 | 100 | struct tpm_buffer 101 | { 102 | uint32_t size; 103 | uint32_t used; 104 | uint32_t flags; 105 | unsigned char buffer[TPM_MAX_BUFF_SIZE]; 106 | }; 107 | 108 | enum { 109 | BUFFER_FLAG_ON_STACK = 1, 110 | }; 111 | 112 | #define STACK_TPM_BUFFER(X) \ 113 | struct tpm_buffer X = { \ 114 | .size = sizeof( X.buffer ), \ 115 | .used = 0, \ 116 | .flags = BUFFER_FLAG_ON_STACK, \ 117 | .buffer = ""}; 118 | #define RESET_TPM_BUFFER(X) \ 119 | (X)->used = 0 120 | #define ALLOC_TPM_BUFFER(X,S) \ 121 | struct tpm_buffer *X = TSS_AllocTPMBuffer(S); 122 | #define FREE_TPM_BUFFER(X) \ 123 | TSS_FreeTPMBuffer(X) 124 | #define SET_TPM_BUFFER(X, src, len) \ 125 | do { \ 126 | uint32_t to_copy = (X)->size > len ? len : (X)->size; \ 127 | memcpy((X)->buffer, src, to_copy); \ 128 | (X)->used = to_copy; \ 129 | } while (0); 130 | #define IS_TPM_BUFFER_EMPTY(X) \ 131 | ((X)->used == 0) 132 | 133 | struct tpm_buffer *TSS_AllocTPMBuffer(int len); 134 | 135 | static inline struct tpm_buffer *clone_tpm_buffer(struct tpm_buffer *orig) { 136 | struct tpm_buffer * buf = TSS_AllocTPMBuffer(orig->used + 20); 137 | if (buf) { 138 | SET_TPM_BUFFER(buf, orig->buffer, orig->used); 139 | } 140 | return buf; 141 | } 142 | 143 | #if defined (__x86_64__) 144 | #define OUT_FORMAT(a,b) b 145 | #else 146 | #define OUT_FORMAT(a,b) a 147 | #endif 148 | 149 | #endif 150 | -------------------------------------------------------------------------------- /swtpm-utils/include/tpm_constants.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zajdee/tpm-luks/210d1a201e6335829f4330bde54883bf25111376/swtpm-utils/include/tpm_constants.h -------------------------------------------------------------------------------- /swtpm-utils/include/tpm_lowlevel.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Low Level Transport */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpm_lowlevel.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPM_LOWLEVEL_H 41 | #define TPM_LOWLEVEL_H 42 | 43 | #include "tpm.h" 44 | 45 | struct tpm_transport 46 | { 47 | uint32_t (*open)(int *fd); 48 | uint32_t (*close)(int fd); 49 | uint32_t (*send)(int fd, struct tpm_buffer *tb, const char *msg); 50 | uint32_t (*recv)(int fd, struct tpm_buffer *tb); 51 | }; 52 | 53 | enum { 54 | TPM_LOWLEVEL_TRANSPORT_CHARDEV = 1, 55 | TPM_LOWLEVEL_TRANSPORT_TCP_SOCKET, 56 | TPM_LOWLEVEL_TRANSPORT_UNIXIO, 57 | TPM_LOWLEVEL_TRANSPORT_CCA 58 | }; 59 | 60 | void TPM_LowLevel_TransportSocket_Set(void); 61 | void TPM_LowLevel_TransportUnixIO_Set(void); 62 | void TPM_LowLevel_TransportCharDev_Set(void); 63 | void TPM_LowLevel_Transport_Init(int choice); 64 | int TPM_LowLevel_Use_VTPM(void); 65 | int TPM_LowLevel_VTPM_Set(int state); 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /swtpm-utils/include/tpmkeys.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Key Structures */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpmkeys.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPMKEYS_H 41 | #define TPMKEYS_H 42 | #include "tpm.h" 43 | #include "tpm_structures.h" 44 | #include 45 | 46 | #ifndef TPM_MAXIMUM_KEY_SIZE 47 | #define TPM_MAXIMUM_KEY_SIZE 4096 48 | #endif 49 | 50 | 51 | #define TPM_SIZED_BUFFER_EMB(SIZE_OF_BUFFER,uniq,name) \ 52 | struct uniq { \ 53 | uint32_t size; \ 54 | BYTE buffer[SIZE_OF_BUFFER]; \ 55 | } name 56 | 57 | 58 | typedef struct tdTPM_RSA_KEY_PARMS_EMB { 59 | uint32_t keyLength; 60 | uint32_t numPrimes; 61 | uint32_t exponentSize; 62 | BYTE exponent[3]; 63 | } TPM_RSA_KEY_PARMS_EMB; 64 | 65 | 66 | typedef struct tdTPM_SYMMETRIC_KEY_PARMS_EMB { 67 | uint32_t keyLength; 68 | uint32_t blockSize; 69 | uint32_t ivSize; 70 | BYTE IV[256]; 71 | } TPM_SYMMETRIC_KEY_PARMS_EMB; 72 | 73 | typedef struct tdTPM_KEY_PARMS_EMB { 74 | TPM_ALGORITHM_ID algorithmID; /* This SHALL be the key algorithm in use */ 75 | TPM_ENC_SCHEME encScheme; /* This SHALL be the encryption scheme that the key uses to encrypt 76 | information */ 77 | TPM_SIG_SCHEME sigScheme; /* This SHALL be the signature scheme that the key uses to perform 78 | digital signatures */ 79 | union { 80 | TPM_RSA_KEY_PARMS_EMB rsaKeyParms; 81 | TPM_SYMMETRIC_KEY_PARMS_EMB symKeyParms; 82 | } u; 83 | } TPM_KEY_PARMS_EMB; 84 | 85 | 86 | typedef struct tdTPM_STORE_PUBKEY_EMB { 87 | uint32_t keyLength; 88 | BYTE modulus[TPM_MAXIMUM_KEY_SIZE/8]; 89 | } TPM_STORE_PUBKEY_EMB; 90 | 91 | 92 | typedef struct tdTPM_KEY_EMB { 93 | TPM_STRUCT_VER ver; 94 | TPM_KEY_USAGE keyUsage; 95 | TPM_KEY_FLAGS keyFlags; 96 | TPM_AUTH_DATA_USAGE authDataUsage; 97 | TPM_KEY_PARMS_EMB algorithmParms; 98 | TPM_SIZED_BUFFER_EMB(256, 99 | pcrInfo_TPM_KEY_EMB, pcrInfo); 100 | TPM_STORE_PUBKEY_EMB pubKey; 101 | TPM_SIZED_BUFFER_EMB(1024, encData_TPM_KEY_EMB, encData); 102 | } TPM_KEY_EMB; 103 | 104 | 105 | typedef struct tdTPM_KEY12_EMB { 106 | TPM_STRUCTURE_TAG tag; 107 | uint16_t fill; 108 | TPM_KEY_USAGE keyUsage; 109 | TPM_KEY_FLAGS keyFlags; 110 | TPM_AUTH_DATA_USAGE authDataUsage; 111 | TPM_KEY_PARMS_EMB algorithmParms; 112 | TPM_SIZED_BUFFER_EMB(256, 113 | pcrInfo_TPM_KEY12_EMB, pcrInfo); 114 | TPM_STORE_PUBKEY_EMB pubKey; 115 | TPM_SIZED_BUFFER_EMB(1024, encData_TPM_KEY12_EMB, encData); 116 | } TPM_KEY12_EMB; 117 | 118 | typedef struct pubkeydata 119 | { 120 | TPM_KEY_PARMS_EMB algorithmParms; 121 | TPM_STORE_PUBKEY_EMB pubKey; 122 | TPM_SIZED_BUFFER_EMB(256, 123 | pcrInfo_pubkeydata, pcrInfo); 124 | } pubkeydata; 125 | 126 | typedef struct keydata 127 | { 128 | union { 129 | TPM_STRUCT_VER ver; 130 | TPM_STRUCTURE_TAG tag; // 1 131 | } v; 132 | TPM_KEY_USAGE keyUsage; // 2 133 | TPM_KEY_FLAGS keyFlags; // 3 134 | TPM_AUTH_DATA_USAGE authDataUsage; // 4 135 | pubkeydata pub; 136 | TPM_SIZED_BUFFER_EMB(1024, encData_keydata, encData); 137 | } keydata; 138 | 139 | 140 | #endif 141 | -------------------------------------------------------------------------------- /swtpm-utils/include/tpmutil.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Utilities */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpmutil.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPMUTIL_H 41 | #define TPMUTIL_H 42 | 43 | #include 44 | 45 | #include 46 | 47 | #include 48 | 49 | #include 50 | 51 | #ifdef MIN 52 | #undef MIN 53 | #endif 54 | 55 | #define MIN(x,y) (x) < (y) ? (x) : (y) 56 | 57 | #define TPM_COUNTER_VALUE_SIZE 10 58 | 59 | #define TPM_MAX_TRANSPORTS 10 60 | 61 | /* AES requires data lengths that are a multiple of the block size */ 62 | #define TPM_AES_BITS 128 63 | /* The AES block size is always 16 bytes */ 64 | #define TPM_AES_BLOCK_SIZE 16 65 | 66 | 67 | struct tpm_buffer; 68 | 69 | uint32_t TSS_getsize(unsigned char *rsp); 70 | int TSS_gennonce(unsigned char *nonce); 71 | int TSS_buildbuff(char *format,struct tpm_buffer *, ...); 72 | int TSS_parsebuff(char *format,const struct tpm_buffer *, uint32_t offset, ...); 73 | uint32_t TPM_Transmit(struct tpm_buffer *,const char *msg); 74 | uint32_t TPM_Send(struct tpm_buffer *,const char *); 75 | int TPM_setlog(int flag); 76 | void TSS_sha1(void *input, unsigned int len, unsigned char *output); 77 | uint32_t TSS_SHAFile(const char *filename, unsigned char *hash); 78 | void showBuff(unsigned char* buff, char* string); 79 | 80 | uint32_t TPM_GetDelegationBlob(uint32_t etype, 81 | uint32_t keyhandle, 82 | unsigned char *passHash, 83 | unsigned char *buffer, uint32_t *bufferSize); 84 | uint32_t TPM_AddDelegationBlob(uint32_t etype, 85 | uint32_t keyhandle, 86 | unsigned char *oldPassHash, 87 | unsigned char *newPassHash, 88 | unsigned char *buffer, uint32_t bufferSize); 89 | uint32_t TPM_ResetDelegation(void); 90 | 91 | 92 | uint32_t _TPM_AuditInputstream(const struct tpm_buffer *req, int is_encrypted); 93 | uint32_t _TPM_AuditOutputstream(const struct tpm_buffer *res, uint32_t ord, 94 | int is_encrypted); 95 | uint32_t _TPM_IsAuditedOrdinal(uint32_t ord, uint32_t *rc); 96 | uint32_t TPM_SetAuditedOrdinal(uint32_t ord); 97 | uint32_t TPM_ClearAuditedOrdinal(uint32_t ord); 98 | uint32_t TPM_SetAuditingCounterValue(TPM_COUNTER_VALUE *cv); 99 | uint32_t TPM_ResetAuditing(void); 100 | 101 | uint32_t getNumHandles(uint32_t ord); 102 | uint32_t getNumRespHandles(uint32_t ord); 103 | #if 0 104 | uint32_t TPM_OpenClientSocket(int *sock_fd); 105 | uint32_t TPM_CloseClientSocket(int sock_fd); 106 | uint32_t TPM_TransmitSocket(int sock_fd, struct tpm_buffer *tb); 107 | uint32_t TPM_ReceiveSocket(int sock_fd, struct tpm_buffer *tb); 108 | uint32_t TPM_ReceiveBytes(int sock_fd, 109 | unsigned char *buffer, 110 | size_t nbytes); 111 | #endif 112 | 113 | uint32_t tpm_buffer_load32 (const struct tpm_buffer *tb, uint32_t offset, uint32_t *val); 114 | uint32_t tpm_buffer_load32N(const struct tpm_buffer *tb, uint32_t offset, uint32_t *val); 115 | uint32_t tpm_buffer_load16 (const struct tpm_buffer *tb, uint32_t offset, uint16_t *val); 116 | uint32_t tpm_buffer_load16N(const struct tpm_buffer *tb, uint32_t offset, uint16_t *val); 117 | uint32_t tpm_buffer_store32(struct tpm_buffer *tb, uint32_t val); 118 | uint32_t tpm_buffer_store(struct tpm_buffer *dest, struct tpm_buffer *src, uint32_t soff, uint32_t slen); 119 | 120 | uint32_t parseHash(char *string, unsigned char *hash); 121 | TPM_RESULT TPM_AES_ctr128_Encrypt(unsigned char *data_out, 122 | const unsigned char *data_in, 123 | unsigned long data_size, 124 | const AES_KEY *aes_enc_key, 125 | unsigned char ctr[TPM_AES_BLOCK_SIZE]); 126 | TPM_RESULT TPM_MGF1(unsigned char *mask, 127 | uint32_t maskLen, 128 | const unsigned char *mgfSeed, 129 | uint32_t mgfSeedlen); 130 | TPM_RESULT TPM_SHA1(TPM_DIGEST md, ...); 131 | TPM_RESULT TPM_SHA1Init(void **context); 132 | TPM_RESULT TPM_SHA1_Update(void *context, const unsigned char *data, uint32_t length); 133 | TPM_RESULT TPM_SHA1Final(unsigned char *md, void *context); 134 | TPM_RESULT TPM_SHA1Delete(void **context); 135 | 136 | 137 | #if 0 138 | void TPM_XOR(unsigned char *out, 139 | const unsigned char *in1, 140 | const unsigned char *in2, 141 | size_t length); 142 | #endif 143 | 144 | int allowsTransport(uint32_t ord); 145 | 146 | void _TPM_getTransportAlgIdEncScheme(TPM_ALGORITHM_ID *algId, 147 | TPM_ENC_SCHEME *encScheme); 148 | void TPM_DetermineSessionEncryption(const session *, int *); 149 | 150 | struct tpm_transport *TPM_LowLevel_Transport_Set(struct tpm_transport *new_tp); 151 | void TPM_LowLevel_Transport_Init(int choice); 152 | 153 | uint32_t needKeysRoom(uint32_t key1, uint32_t key2, uint32_t key3, 154 | uint32_t room); 155 | uint32_t needKeysRoom_Stacked(uint32_t key1); 156 | 157 | 158 | #endif 159 | -------------------------------------------------------------------------------- /swtpm-utils/lib/Makefile.am: -------------------------------------------------------------------------------- 1 | ################################################################################# 2 | # # 3 | # Makefile for libtpm/lib # 4 | # # 5 | # $Id: Makefile.am 4073 2010-04-30 14:44:14Z kgoldman $ # 6 | # # 7 | # (c) Copyright IBM Corporation 2006, 2010. # 8 | # # 9 | # All rights reserved. # 10 | # # 11 | # Redistribution and use in source and binary forms, with or without # 12 | # modification, are permitted provided that the following conditions are # 13 | # met: # 14 | # # 15 | # Redistributions of source code must retain the above copyright notice, # 16 | # this list of conditions and the following disclaimer. # 17 | # # 18 | # Redistributions in binary form must reproduce the above copyright # 19 | # notice, this list of conditions and the following disclaimer in the # 20 | # documentation and/or other materials provided with the distribution. # 21 | # # 22 | # Neither the names of the IBM Corporation nor the names of its # 23 | # contributors may be used to endorse or promote products derived from # 24 | # this software without specific prior written permission. # 25 | # # 26 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # 27 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # 28 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # 29 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # 30 | # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # 31 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # 32 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # 33 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # 34 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # 35 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # 36 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # 37 | # # 38 | ################################################################################# 39 | 40 | AM_CFLAGS = -I/usr/linux/include -I../include -Wall -ggdb -Wuninitialized -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -W -DTPM_POSIX -DTPM_V12 -DTPM_NV_DISK -DTPM_AES -DTPM_USE_TAG_IN_STRUCTURE=1 -DTPM_USE_CHARDEV 41 | noinst_LTLIBRARIES = libtpm.la 42 | 43 | 44 | noinst_HEADERS = tpmfunc.h \ 45 | tpm.h \ 46 | tpmkeys.h \ 47 | tpm_constants.h \ 48 | tpm_error.h \ 49 | tpm_structures.h \ 50 | tpmutil.h \ 51 | tpm_types.h \ 52 | tpm_lowlevel.h \ 53 | oiaposap.h 54 | 55 | libtpm_la_SOURCES = auditing.c bind.c chgauth.c context.c \ 56 | counter.c daa.c debug.c delegation.c dir.c \ 57 | eviction.c hmac.c identity.c keys.c keyswap.c \ 58 | maintenance.c management.c migrate.c miscfunc.c nv.c \ 59 | oiaposap.c optin.c owner.c ownertpmdiag.c \ 60 | pcrs.c raw.c rng.c seal.c serialize.c session.c \ 61 | sha.c signature.c startup.c testing.c \ 62 | ticks.c tpmutil.c tpmutil_sock.c tpmutil_tty.c tpmutil_unixio.c \ 63 | transport.c 64 | 65 | -------------------------------------------------------------------------------- /swtpm-utils/lib/context.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Context Management Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: context.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | uint32_t TPM_SaveKeyContext(uint32_t keyhandle, 58 | struct tpm_buffer *context) 59 | { 60 | uint32_t ret; 61 | uint32_t ordinal_no = htonl(TPM_ORD_SaveKeyContext); 62 | STACK_TPM_BUFFER(tpmdata) 63 | uint32_t keyhandle_no = htonl(keyhandle); 64 | uint32_t len; 65 | 66 | ret = needKeysRoom(keyhandle, 0, 0, 0); 67 | if (ret != 0) { 68 | return ret; 69 | } 70 | 71 | ret = TSS_buildbuff("00 c1 T l l",&tpmdata, 72 | ordinal_no, 73 | keyhandle_no); 74 | if (( ret & ERR_MASK )!= 0) { 75 | return ret; 76 | } 77 | 78 | ret = TPM_Transmit(&tpmdata,"SaveKeyContext"); 79 | 80 | if (ret != 0) { 81 | return ret; 82 | } 83 | 84 | ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, &len); 85 | if ((ret & ERR_MASK)) { 86 | return ret; 87 | } 88 | 89 | if (NULL != context) { 90 | SET_TPM_BUFFER(context, 91 | &tpmdata.buffer[TPM_DATA_OFFSET+TPM_U32_SIZE], 92 | len); 93 | } 94 | 95 | return ret; 96 | } 97 | 98 | 99 | uint32_t TPM_LoadKeyContext(struct tpm_buffer *context, 100 | uint32_t *keyhandle) 101 | { 102 | uint32_t ret; 103 | uint32_t ordinal_no = htonl(TPM_ORD_LoadKeyContext); 104 | STACK_TPM_BUFFER(tpmdata); 105 | 106 | ret = TSS_buildbuff("00 c1 T l @",&tpmdata, 107 | ordinal_no, 108 | context->used, context->buffer); 109 | if ((ret & ERR_MASK) != 0) { 110 | return ret; 111 | } 112 | 113 | ret = TPM_Transmit(&tpmdata,"LoadKeyContext"); 114 | 115 | if (ret != 0) { 116 | return ret; 117 | } 118 | 119 | ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, keyhandle); 120 | if ((ret & ERR_MASK)) { 121 | return ret; 122 | } 123 | 124 | return ret; 125 | } 126 | 127 | 128 | 129 | 130 | uint32_t TPM_SaveAuthContext(uint32_t authhandle, 131 | unsigned char * authContextBlob, uint32_t * authContextSize) 132 | { 133 | uint32_t ret; 134 | uint32_t ordinal_no = htonl(TPM_ORD_SaveAuthContext); 135 | STACK_TPM_BUFFER(tpmdata) 136 | uint32_t authhandle_no = htonl(authhandle); 137 | uint32_t len; 138 | 139 | ret = TSS_buildbuff("00 c1 T l l",&tpmdata, 140 | ordinal_no, 141 | authhandle_no); 142 | if (( ret & ERR_MASK )!= 0) { 143 | return ret; 144 | } 145 | 146 | ret = TPM_Transmit(&tpmdata,"SaveAuthContext"); 147 | 148 | if (ret != 0) { 149 | return ret; 150 | } 151 | 152 | ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, &len); 153 | if ((ret & ERR_MASK)) { 154 | return ret; 155 | } 156 | 157 | if (NULL != authContextBlob) { 158 | *authContextSize = MIN(*authContextSize, len); 159 | memcpy(authContextBlob, 160 | &tpmdata.buffer[TPM_DATA_OFFSET+TPM_U32_SIZE], 161 | *authContextSize); 162 | } 163 | 164 | return ret; 165 | } 166 | 167 | 168 | uint32_t TPM_LoadAuthContext(unsigned char *authContextBlob, uint32_t authContextSize, 169 | uint32_t *authhandle) 170 | { 171 | uint32_t ret; 172 | uint32_t ordinal_no = htonl(TPM_ORD_LoadAuthContext); 173 | STACK_TPM_BUFFER(tpmdata); 174 | 175 | ret = TSS_buildbuff("00 c1 T l @",&tpmdata, 176 | ordinal_no, 177 | authContextSize, authContextBlob); 178 | if ( ( ret & ERR_MASK ) != 0) { 179 | return ret; 180 | } 181 | 182 | ret = TPM_Transmit(&tpmdata,"LoadAuthContext"); 183 | 184 | if (ret != 0) { 185 | return ret; 186 | } 187 | 188 | ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, authhandle); 189 | if ((ret & ERR_MASK)) { 190 | return ret; 191 | } 192 | 193 | return ret; 194 | } 195 | -------------------------------------------------------------------------------- /swtpm-utils/lib/debug.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Debug */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: debug.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | 41 | #include 42 | #include 43 | 44 | #include "tpmfunc.h" 45 | 46 | void print_array(const char *name, const unsigned char *data, unsigned int len) 47 | { 48 | unsigned int i = 0; 49 | printf("%s \n",name); 50 | while (i < len) { 51 | printf("0x%02X ",data[i]); 52 | i++; 53 | if (0 == (i & 0xf)) { 54 | printf("\n"); 55 | } 56 | } 57 | printf("\n"); 58 | } 59 | -------------------------------------------------------------------------------- /swtpm-utils/lib/dir.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Dir Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: dir.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | uint32_t TPM_DirWriteAuth(uint32_t dirIndex, 58 | unsigned char * newValue, 59 | unsigned char * ownerAuth) 60 | { 61 | STACK_TPM_BUFFER(tpmdata) 62 | uint32_t ordinal_no = htonl(TPM_ORD_DirWriteAuth); 63 | uint32_t ret; 64 | uint32_t dirIndex_no = htonl(dirIndex); 65 | 66 | unsigned char nonceodd[TPM_NONCE_SIZE]; 67 | unsigned char authdata[TPM_NONCE_SIZE]; 68 | session sess; 69 | int c = 0; 70 | 71 | /* check input arguments */ 72 | if (NULL == ownerAuth || 73 | NULL == newValue) { 74 | return ERR_NULL_ARG; 75 | } 76 | 77 | 78 | /* Open OSAP Session */ 79 | ret = TSS_SessionOpen(SESSION_DSAP | SESSION_OSAP | SESSION_OIAP, 80 | &sess, 81 | ownerAuth, TPM_ET_OWNER, 0); 82 | 83 | if (ret != 0) 84 | return ret; 85 | 86 | /* generate odd nonce */ 87 | ret = TSS_gennonce(nonceodd); 88 | if (0 == ret) 89 | return ERR_CRYPT_ERR; 90 | 91 | /* move Network byte order data to varaible for hmac calcualtion */ 92 | ret = TSS_authhmac(authdata,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE,TSS_Session_GetENonce(&sess),nonceodd,c, 93 | TPM_U32_SIZE,&ordinal_no, 94 | TPM_U32_SIZE,&dirIndex_no, 95 | TPM_HASH_SIZE, newValue, 96 | 0,0); 97 | 98 | if (0 != ret) { 99 | TSS_SessionClose(&sess); 100 | return ret; 101 | } 102 | /* build the request buffer */ 103 | ret = TSS_buildbuff("00 c2 T l l % L % o %", &tpmdata, 104 | ordinal_no, 105 | dirIndex_no, 106 | TPM_HASH_SIZE, newValue, 107 | TSS_Session_GetHandle(&sess), 108 | TPM_HASH_SIZE, nonceodd, 109 | c, 110 | TPM_HASH_SIZE, authdata); 111 | 112 | 113 | if ((ret & ERR_MASK)) { 114 | TSS_SessionClose(&sess); 115 | return ret; 116 | } 117 | 118 | /* transmit the request buffer to the TPM device and read the reply */ 119 | ret = TPM_Transmit(&tpmdata,"DirWriteAuth"); 120 | TSS_SessionClose(&sess); 121 | 122 | if (ret != 0) { 123 | return ret; 124 | } 125 | /* check the HMAC in the response */ 126 | 127 | ret = TSS_checkhmac1(&tpmdata,ordinal_no,nonceodd,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE, 128 | 0,0); 129 | 130 | return ret; 131 | } 132 | 133 | 134 | uint32_t TPM_DirRead(uint32_t dirIndex, 135 | unsigned char * dirValueBuffer) 136 | { 137 | uint32_t ret; 138 | uint32_t ordinal_no = htonl(TPM_ORD_DirRead); 139 | STACK_TPM_BUFFER(tpmdata) 140 | uint32_t dirIndex_no = htonl(dirIndex); 141 | 142 | ret = TSS_buildbuff("00 c1 T l l",&tpmdata, 143 | ordinal_no, 144 | dirIndex_no); 145 | if ((ret & ERR_MASK)) { 146 | return ret; 147 | } 148 | 149 | ret = TPM_Transmit(&tpmdata,"DirRead"); 150 | 151 | if (ret != 0) { 152 | return ret; 153 | } 154 | 155 | if (tpmdata.used != 30) { 156 | ret = ERR_BAD_RESP; 157 | } 158 | 159 | if (NULL != dirValueBuffer) { 160 | memcpy(dirValueBuffer, 161 | &tpmdata.buffer[TPM_DATA_OFFSET], 162 | 20); 163 | } 164 | 165 | return ret; 166 | } 167 | -------------------------------------------------------------------------------- /swtpm-utils/lib/eviction.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Eviction Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: eviction.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | uint32_t TPM_FlushSpecific(uint32_t handle, 58 | uint32_t resourceType) 59 | { 60 | uint32_t ret; 61 | uint32_t ordinal_no = htonl(TPM_ORD_FlushSpecific); 62 | uint32_t handle_no = htonl(handle); 63 | uint32_t resourceType_no = htonl(resourceType); 64 | STACK_TPM_BUFFER(tpmdata) 65 | 66 | #if 0 67 | if (resourceType == TPM_RT_KEY) { 68 | ret = needKeysRoom(handle, 0, 0, 0); 69 | if (ret != 0) { 70 | return ret; 71 | } 72 | } 73 | #endif 74 | 75 | ret = TSS_buildbuff("00 c1 T l l l",&tpmdata, 76 | ordinal_no, 77 | handle_no, 78 | resourceType_no); 79 | if ((ret & ERR_MASK)) { 80 | return ret; 81 | } 82 | 83 | ret = TPM_Transmit(&tpmdata,"FlushSpecific"); 84 | 85 | return ret; 86 | } 87 | -------------------------------------------------------------------------------- /swtpm-utils/lib/hmac.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM HMAC */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: hmac.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef HMAC_H 41 | #define HMAC_H 42 | 43 | #include 44 | 45 | uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int keylen, 46 | unsigned char *h1, unsigned char *h2, unsigned char h3,...); 47 | uint32_t TSS_checkhmac1(const struct tpm_buffer *tb, uint32_t command, unsigned char *ononce, 48 | unsigned char *key, unsigned int keylen, ...); 49 | uint32_t TSS_checkhmac1New(const struct tpm_buffer *tb, uint32_t command, session *sess, unsigned char *ononce, 50 | unsigned char *key, unsigned int keylen, ...); 51 | uint32_t TSS_checkhmac2(const struct tpm_buffer *tb, uint32_t command, 52 | unsigned char *ononce1, 53 | unsigned char *key1, unsigned int keylen1, 54 | unsigned char *ononce2, 55 | unsigned char *key2, unsigned int keylen2, ...); 56 | uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...); 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /swtpm-utils/lib/management.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Administrative Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: management.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | 58 | uint32_t TPM_SetRedirection(uint32_t keyhandle, 59 | uint32_t redirCmd, 60 | unsigned char * inputData, uint32_t inputDataSize, 61 | unsigned char * ownerAuth, 62 | unsigned char * usageAuth) 63 | { 64 | uint32_t ret = 0; 65 | STACK_TPM_BUFFER(tpmdata) 66 | unsigned char nonceodd[TPM_HASH_SIZE]; /* odd nonce */ 67 | unsigned char authdata[TPM_HASH_SIZE]; /* auth data */ 68 | session sess; 69 | uint32_t ordinal_no = htonl(TPM_ORD_SetRedirection); 70 | uint32_t redirCmd_no = htonl(redirCmd); 71 | uint32_t inputDataSize_no = htonl(inputDataSize); 72 | uint32_t keyHandle_no = htonl(keyhandle); 73 | TPM_BOOL c = FALSE; 74 | (void)usageAuth; 75 | 76 | ret = needKeysRoom(keyhandle, 0, 0, 0); 77 | if (ret != 0) { 78 | return ret; 79 | } 80 | 81 | /* generate the odd nonce */ 82 | ret = TSS_gennonce(nonceodd); 83 | if (ret == 0) 84 | return ret; 85 | 86 | /* initiate the OSAP protocol */ 87 | ret = TSS_SessionOpen(SESSION_DSAP|SESSION_OSAP,&sess,ownerAuth,TPM_ET_OWNER,keyhandle); 88 | if (ret != 0) { 89 | return ret; 90 | } 91 | /* calculate the Authorization Data */ 92 | ret = TSS_authhmac(authdata,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE,TSS_Session_GetENonce(&sess),nonceodd,0, 93 | TPM_U32_SIZE,&ordinal_no, 94 | TPM_U32_SIZE,&redirCmd_no, 95 | TPM_U32_SIZE,&inputDataSize_no, 96 | inputDataSize, inputData, 97 | 0,0); 98 | if (ret != 0) { 99 | TSS_SessionClose(&sess); 100 | return ret; 101 | } 102 | 103 | /* insert all the calculated fields into the request buffer */ 104 | ret = TSS_buildbuff("00 c2 T l l l @ L % o %",&tpmdata, 105 | ordinal_no, 106 | keyHandle_no, 107 | redirCmd_no, 108 | inputDataSize, inputData, 109 | TSS_Session_GetHandle(&sess), 110 | TPM_HASH_SIZE, nonceodd, 111 | c, 112 | TPM_HASH_SIZE, authdata); 113 | if ((ret & ERR_MASK)) { 114 | TSS_SessionClose(&sess); 115 | return ret; 116 | } 117 | /* transmit the request buffer to the TPM device and read the reply */ 118 | ret = TPM_Transmit(&tpmdata,"SetRedirection"); 119 | TSS_SessionClose(&sess); 120 | if (ret != 0) { 121 | return ret; 122 | } 123 | 124 | ret = TSS_checkhmac1(&tpmdata,ordinal_no,nonceodd,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE, 125 | 0,0); 126 | 127 | return ret; 128 | } 129 | 130 | uint32_t TPM_ResetLockValue(unsigned char * ownerAuth) 131 | { 132 | STACK_TPM_BUFFER(tpmdata) 133 | uint32_t ordinal_no = htonl(TPM_ORD_ResetLockValue); 134 | uint32_t ret; 135 | 136 | /* check input arguments */ 137 | 138 | unsigned char nonceodd[TPM_NONCE_SIZE]; 139 | unsigned char authdata[TPM_NONCE_SIZE]; 140 | TPM_BOOL c = 0; 141 | session sess; 142 | 143 | 144 | /* generate odd nonce */ 145 | ret = TSS_gennonce(nonceodd); 146 | if (0 == ret) 147 | return ERR_CRYPT_ERR; 148 | 149 | /* Open OIAP Session */ 150 | ret = TSS_SessionOpen(SESSION_DSAP|SESSION_OSAP|SESSION_OIAP, 151 | &sess, 152 | ownerAuth, TPM_ET_OWNER, 0); 153 | 154 | if (ret != 0) 155 | return ret; 156 | 157 | /* move Network byte order data to varaible for hmac calculation */ 158 | ret = TSS_authhmac(authdata,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE,TSS_Session_GetENonce(&sess),nonceodd,c, 159 | TPM_U32_SIZE,&ordinal_no, 160 | 0,0); 161 | 162 | if (0 != ret) { 163 | TSS_SessionClose(&sess); 164 | return ret; 165 | } 166 | /* build the request buffer */ 167 | ret = TSS_buildbuff("00 c2 T l L % o %", &tpmdata, 168 | ordinal_no, 169 | TSS_Session_GetHandle(&sess), 170 | TPM_HASH_SIZE, nonceodd, 171 | c, 172 | TPM_HASH_SIZE, authdata); 173 | 174 | 175 | if ((ret & ERR_MASK) != 0) { 176 | TSS_SessionClose(&sess); 177 | return ret; 178 | } 179 | 180 | /* transmit the request buffer to the TPM device and read the reply */ 181 | ret = TPM_Transmit(&tpmdata,"ResetLockValue"); 182 | TSS_SessionClose(&sess); 183 | 184 | if (ret != 0) { 185 | return ret; 186 | } 187 | /* check the HMAC in the response */ 188 | ret = TSS_checkhmac1(&tpmdata,ordinal_no,nonceodd,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE, 189 | 0,0); 190 | 191 | return ret; 192 | } 193 | -------------------------------------------------------------------------------- /swtpm-utils/lib/oiaposap.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Session Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: oiaposap.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef OIAPOSAP_H 41 | #define OIAPOSAP_H 42 | #include 43 | #include 44 | 45 | typedef struct osapsess 46 | { 47 | uint32_t handle; 48 | unsigned char enonce[TPM_NONCE_SIZE]; 49 | unsigned char enonceOSAP[TPM_NONCE_SIZE]; 50 | unsigned char ononceOSAP[TPM_NONCE_SIZE]; 51 | unsigned char ssecret[TPM_HASH_SIZE]; 52 | unsigned char ononce[TPM_NONCE_SIZE]; 53 | uint16_t etype; 54 | } osapsess; 55 | 56 | typedef struct dsapsess 57 | { 58 | uint32_t handle; 59 | unsigned char enonce[TPM_NONCE_SIZE]; 60 | unsigned char enonceDSAP[TPM_NONCE_SIZE]; 61 | unsigned char ononceDSAP[TPM_NONCE_SIZE]; 62 | unsigned char ssecret[TPM_HASH_SIZE]; 63 | unsigned char ononce[TPM_NONCE_SIZE]; 64 | uint16_t etype; 65 | } dsapsess; 66 | 67 | typedef struct oiapsess 68 | { 69 | uint32_t handle; 70 | unsigned char enonce[TPM_NONCE_SIZE]; 71 | } oiapsess; 72 | 73 | typedef struct transess 74 | { 75 | uint32_t handle; 76 | unsigned char enonce[TPM_NONCE_SIZE]; 77 | } transess; 78 | 79 | typedef struct session 80 | { 81 | uint32_t sess_type; // see below 82 | union { 83 | oiapsess oiap; 84 | osapsess osap; 85 | dsapsess dsap; 86 | transess tran; 87 | } type; 88 | unsigned char authdata[TPM_AUTHDATA_SIZE]; 89 | } session; 90 | 91 | 92 | #define SESSION_OIAP 1 93 | #define SESSION_OSAP 2 94 | #define SESSION_DSAP 4 95 | #define SESSION_TRAN 8 96 | 97 | uint32_t TSS_HANDclose(uint32_t handle, TPM_RESOURCE_TYPE); 98 | uint32_t TSS_OIAPopen(uint32_t *handle, unsigned char *enonce); 99 | uint32_t TSS_OIAPclose(uint32_t handle); 100 | uint32_t TSS_OSAPopen(osapsess *sess,const unsigned char *key, uint16_t etype, uint32_t evalue); 101 | uint32_t TSS_OSAPclose(osapsess *sess); 102 | uint32_t TSS_DSAPopen(dsapsess *sess, 103 | unsigned char *key, 104 | uint16_t etype, 105 | uint32_t keyhandle, 106 | unsigned char * evalue, uint32_t evalueSize); 107 | uint32_t TSS_DSAPclose(dsapsess *sess); 108 | 109 | uint32_t TSS_SessionOpen(uint32_t allowed_type, 110 | session * sess, 111 | unsigned char *passHash, uint16_t etype, uint32_t evalue); 112 | uint32_t TSS_SessionClose(session * sess); 113 | uint32_t TSS_Session_CreateTransport(session *sess, 114 | unsigned char *transAuth, 115 | uint32_t transHandle, 116 | unsigned char *transNonce); 117 | unsigned char * TSS_Session_GetAuth(session * sess); 118 | unsigned char * TSS_Session_GetENonce(session * sess); 119 | void TSS_Session_SetENonce(session * sess, const unsigned char *enonce); 120 | uint32_t TSS_Session_GetHandle(session * sess); 121 | 122 | #endif 123 | -------------------------------------------------------------------------------- /swtpm-utils/lib/pcrs.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM PCR Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: pcrs.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef PCRS_H 41 | #define PCRS_H 42 | 43 | #define TPM_PCR_NUM 16 /* number of PCR registers supported */ 44 | #define TPM_PCR_MASK_SIZE 2 /* size in bytes of PCR bit mask */ 45 | 46 | uint32_t TPM_PcrRead(uint32_t pcrindex, unsigned char *pcrvalue); 47 | //uint32_t TSS_GenPCRInfo(uint32_t pcrmap, unsigned char *pcrinfo, unsigned int *len); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /swtpm-utils/lib/raw.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Test Routines to detect bugs */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: raw.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | 58 | uint32_t TPM_RawDataRaw(uint32_t ordinal, 59 | unsigned char * data, 60 | uint32_t datalen) 61 | { 62 | STACK_TPM_BUFFER(tpmdata) 63 | uint32_t ordinal_no = ntohl(ordinal); 64 | uint32_t ret; 65 | 66 | ret = TSS_buildbuff("00 c1 T l %", &tpmdata, 67 | ordinal_no, 68 | datalen, data); 69 | 70 | if ((ret & ERR_MASK)) { 71 | return ret; 72 | } 73 | 74 | ret = TPM_Transmit(&tpmdata,"* RawData - Raw *"); 75 | 76 | return ret; 77 | } 78 | 79 | 80 | uint32_t TPM_RawDataOIAP(uint32_t ordinal, 81 | unsigned char * ownerauth, 82 | unsigned char * data, 83 | uint32_t datalen) 84 | { 85 | unsigned char enonce[TPM_HASH_SIZE]; 86 | unsigned char nonceodd[TPM_HASH_SIZE]; 87 | unsigned char authdata[TPM_HASH_SIZE]; 88 | STACK_TPM_BUFFER(tpmdata) 89 | unsigned char c = 0; 90 | uint32_t ordinal_no = ntohl(ordinal); 91 | uint32_t ret; 92 | uint32_t authhandle; 93 | 94 | ret = TSS_OIAPopen(&authhandle,enonce); 95 | if (ret != 0) { 96 | printf("Could not open OIAP session!\n"); 97 | return ret; 98 | } 99 | 100 | /* generate odd nonce */ 101 | ret = TSS_gennonce(nonceodd); 102 | if (0 == ret) { 103 | TSS_OIAPclose(authhandle); 104 | return ERR_CRYPT_ERR; 105 | } 106 | 107 | ret = TSS_authhmac(authdata,ownerauth,TPM_HASH_SIZE,enonce,nonceodd,c, 108 | TPM_U32_SIZE,&ordinal_no, 109 | datalen,data, 110 | 0,0); 111 | 112 | if (0 != ret) { 113 | printf("Error calculating MAC.\n"); 114 | TSS_OIAPclose(authhandle); 115 | return ret; 116 | } 117 | 118 | ret = TSS_buildbuff("00 c1 T l % l % o %", &tpmdata, 119 | ordinal_no, 120 | datalen, data, 121 | authhandle, 122 | TPM_NONCE_SIZE, nonceodd, 123 | c, 124 | TPM_HASH_SIZE,authdata); 125 | 126 | if ((ret & ERR_MASK)) { 127 | TSS_OIAPclose(authhandle); 128 | return ret; 129 | } 130 | 131 | ret = TPM_Transmit(&tpmdata,"* RawData - OIAP*"); 132 | 133 | TSS_OIAPclose(authhandle); 134 | 135 | return ret; 136 | } 137 | 138 | uint32_t TPM_RawDataOSAP(uint32_t keyhandle, 139 | uint32_t ordinal, 140 | unsigned char * ownerauth, 141 | unsigned char * data, 142 | uint32_t datalen) 143 | { 144 | unsigned char nonceodd[TPM_HASH_SIZE]; 145 | unsigned char authdata[TPM_HASH_SIZE]; 146 | STACK_TPM_BUFFER(tpmdata) 147 | unsigned char encauth[TPM_HASH_SIZE]; 148 | unsigned char dummy[TPM_HASH_SIZE]; 149 | unsigned char c = 0; 150 | uint32_t ordinal_no = ntohl(ordinal); 151 | uint32_t ret; 152 | session sess; 153 | osapsess *osap = &sess.type.osap; 154 | uint16_t keytype; 155 | unsigned char *passptr1; 156 | 157 | if (keyhandle == 0x40000000) keytype = TPM_ET_SRK; 158 | else keytype = TPM_ET_OWNER; 159 | 160 | ret = needKeysRoom(keyhandle, 0 ,0, 0); 161 | if (ret != 0) { 162 | return ret; 163 | } 164 | 165 | memset(dummy,0x0,sizeof(dummy)); 166 | 167 | if (NULL != ownerauth) 168 | passptr1 = ownerauth; 169 | else 170 | passptr1 = dummy; 171 | 172 | sess.sess_type = SESSION_OSAP; 173 | ret = TSS_OSAPopen(osap,ownerauth,keytype,keyhandle); 174 | if (ret != 0) { 175 | printf("Could not open OIAP session!\n"); 176 | return ret; 177 | } 178 | 179 | /* calculate encrypted authorization value */ 180 | TPM_CreateEncAuth(&sess, passptr1, encauth, 0); 181 | 182 | /* generate odd nonce */ 183 | ret = TSS_gennonce(nonceodd); 184 | if (0 == ret) { 185 | TSS_OSAPclose(osap); 186 | return ERR_CRYPT_ERR; 187 | } 188 | 189 | ret = TSS_authhmac(authdata,osap->ssecret,TPM_HASH_SIZE,osap->enonce,nonceodd,c, 190 | TPM_U32_SIZE,&ordinal_no, 191 | datalen,data, 192 | 0,0); 193 | 194 | if (0 != ret) { 195 | printf("Error calculating MAC.\n"); 196 | TSS_OSAPclose(osap); 197 | return ret; 198 | } 199 | 200 | ret = TSS_buildbuff("00 c1 T l % l % o %", &tpmdata, 201 | ordinal_no, 202 | datalen, data, 203 | osap->handle, 204 | TPM_NONCE_SIZE, nonceodd, 205 | c, 206 | TPM_HASH_SIZE,authdata); 207 | 208 | if ((ret & ERR_MASK)) { 209 | TSS_OSAPclose(osap); 210 | return ret; 211 | } 212 | 213 | ret = TPM_Transmit(&tpmdata,"* RawData - OIAP*"); 214 | 215 | TSS_OSAPclose(osap); 216 | 217 | return ret; 218 | } 219 | -------------------------------------------------------------------------------- /swtpm-utils/lib/rng.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Random Number Generator Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: rng.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | 58 | /****************************************************************************/ 59 | /* */ 60 | /* Get Random Number */ 61 | /* */ 62 | /* The parameters are... */ 63 | /* */ 64 | /* numbytes : The number of bytes requested */ 65 | /* buffer : a buffer to hold the amount of requested bytes */ 66 | /* bytesret : The actual number of bytes that were returned */ 67 | /****************************************************************************/ 68 | uint32_t TPM_GetRandom(uint32_t bytesreq, 69 | unsigned char * buffer, uint32_t * bytesret) 70 | { 71 | uint32_t ret; 72 | STACK_TPM_BUFFER( tpmdata ) 73 | 74 | uint32_t ordinal_no = htonl(TPM_ORD_GetRandom); 75 | uint32_t numbytes_no = htonl(bytesreq); 76 | 77 | TSS_buildbuff("00 c1 T l l",&tpmdata, 78 | ordinal_no, 79 | numbytes_no); 80 | 81 | ret = TPM_Transmit(&tpmdata,"GetRandom"); 82 | 83 | if (0 != ret) { 84 | return ret; 85 | } 86 | 87 | ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, bytesret); 88 | if ((ret & ERR_MASK)) { 89 | return ret; 90 | } 91 | memcpy(buffer, 92 | &tpmdata.buffer[TPM_DATA_OFFSET + TPM_U32_SIZE], 93 | *bytesret); 94 | 95 | return ret; 96 | } 97 | 98 | 99 | 100 | /****************************************************************************/ 101 | /* */ 102 | /* Stir Random Number Generator */ 103 | /* */ 104 | /* The parameters are... */ 105 | /* */ 106 | /* data : Data to add entropy to the random number generator's state */ 107 | /* datalen : The number of bytes; must be < 256 */ 108 | /****************************************************************************/ 109 | uint32_t TPM_StirRandom(unsigned char * data, uint32_t datalen) 110 | { 111 | uint32_t ret; 112 | STACK_TPM_BUFFER(tpmdata) 113 | uint32_t ordinal_no = htonl(TPM_ORD_StirRandom); 114 | 115 | TSS_buildbuff("00 c1 T l @",&tpmdata, 116 | ordinal_no, 117 | (datalen & 0xff), data); 118 | 119 | ret = TPM_Transmit(&tpmdata,"StirRandom"); 120 | return ret; 121 | } 122 | 123 | -------------------------------------------------------------------------------- /swtpm-utils/lib/signature.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Signature Routines */ 4 | /* Written by J. Kravitz, S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: signature.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | 56 | /****************************************************************************/ 57 | /* */ 58 | /* Sign some data */ 59 | /* */ 60 | /* The arguments are... */ 61 | /* */ 62 | /* keyhandle is the handle of the key to sign with */ 63 | /* keyauth is the authorization data (password) for the parent key */ 64 | /* if null, it is assumed that the key has no authorization req */ 65 | /* data is a pointer to the data to be signed */ 66 | /* datalen is the length of the data being signed */ 67 | /* sig is a pointer to an area to receive the signature (<=256 bytes) */ 68 | /* siglen is a pointer to an integer to receive the signature length */ 69 | /* */ 70 | /****************************************************************************/ 71 | uint32_t TPM_Sign(uint32_t keyhandle, unsigned char *keyauth, 72 | unsigned char *data, uint32_t datalen, 73 | unsigned char *sig, uint32_t *siglen) { 74 | uint32_t ret; 75 | STACK_TPM_BUFFER(tpmdata) 76 | unsigned char nonceodd[TPM_NONCE_SIZE]; 77 | unsigned char pubauth[TPM_HASH_SIZE]; 78 | unsigned char c = 0; 79 | uint32_t ordinal = htonl(TPM_ORD_Sign); 80 | uint32_t keyhndl = htonl(keyhandle); 81 | uint32_t datasize = htonl(datalen); 82 | uint32_t sigsize; 83 | 84 | /* check input arguments */ 85 | if (data == NULL || sig == NULL) return ERR_NULL_ARG; 86 | 87 | ret = needKeysRoom(keyhandle, 0, 0, 0); 88 | if (ret != 0) { 89 | return ret; 90 | } 91 | 92 | if (keyauth != NULL) /* key requires authorization */ 93 | { 94 | session sess; 95 | /* 96 | generate odd nonce from data. This is 97 | good, but for a test suite it should 98 | be Ok. I need to do this to be able to later on 99 | verify the INFO type of signature. 100 | */ 101 | TSS_sha1(data, datalen, nonceodd); 102 | 103 | /* Open OIAP Session */ 104 | ret = TSS_SessionOpen(SESSION_OSAP|SESSION_OIAP|SESSION_DSAP, 105 | &sess, 106 | keyauth, TPM_ET_KEYHANDLE, keyhandle); 107 | if (ret != 0) 108 | return ret; 109 | 110 | /* calculate authorization HMAC value */ 111 | ret = TSS_authhmac(pubauth,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE,TSS_Session_GetENonce(&sess),nonceodd,c, 112 | TPM_U32_SIZE,&ordinal, 113 | TPM_U32_SIZE,&datasize, 114 | datalen,data, 115 | 0,0); 116 | if (ret != 0) { 117 | TSS_SessionClose(&sess); 118 | return ret; 119 | } 120 | /* build the request buffer */ 121 | ret = TSS_buildbuff("00 c2 T l l @ L % o %",&tpmdata, 122 | ordinal, 123 | keyhndl, 124 | datalen,data, 125 | TSS_Session_GetHandle(&sess), 126 | TPM_NONCE_SIZE,nonceodd, 127 | c, 128 | TPM_HASH_SIZE,pubauth); 129 | if ((ret & ERR_MASK) != 0) { 130 | TSS_SessionClose(&sess); 131 | return ret; 132 | } 133 | /* transmit the request buffer to the TPM device and read the reply */ 134 | ret = TPM_Transmit(&tpmdata,"Sign"); 135 | TSS_SessionClose(&sess); 136 | if (ret != 0) { 137 | return ret; 138 | } 139 | ret = tpm_buffer_load32(&tpmdata,TPM_DATA_OFFSET, &sigsize); 140 | if ((ret & ERR_MASK)) { 141 | return ret; 142 | } 143 | /* check the HMAC in the response */ 144 | ret = TSS_checkhmac1(&tpmdata,ordinal,nonceodd,TSS_Session_GetAuth(&sess),TPM_HASH_SIZE, 145 | TPM_U32_SIZE,TPM_DATA_OFFSET, 146 | sigsize,TPM_DATA_OFFSET+TPM_U32_SIZE, 147 | 0,0); 148 | if (ret != 0) 149 | return ret; 150 | memcpy(sig, 151 | &tpmdata.buffer[TPM_DATA_OFFSET+TPM_U32_SIZE], 152 | sigsize); 153 | *siglen = sigsize; 154 | } else /* key requires NO authorization */ { 155 | /* move Network byte order data to variables for hmac calculation */ 156 | /* build the request buffer */ 157 | ret = TSS_buildbuff("00 c1 T l l @",&tpmdata, 158 | ordinal, 159 | keyhndl, 160 | datalen,data); 161 | if ((ret & ERR_MASK) != 0) 162 | return ret; 163 | /* transmit the request buffer to the TPM device and read the reply */ 164 | ret = TPM_Transmit(&tpmdata,"Sign"); 165 | if (ret != 0) 166 | return ret; 167 | ret = tpm_buffer_load32(&tpmdata, 168 | TPM_DATA_OFFSET, 169 | &sigsize); 170 | if ((ret & ERR_MASK)) { 171 | return ret; 172 | } 173 | memcpy(sig, 174 | &tpmdata.buffer[TPM_DATA_OFFSET+TPM_U32_SIZE], 175 | sigsize); 176 | *siglen = sigsize; 177 | } 178 | return 0; 179 | } 180 | -------------------------------------------------------------------------------- /swtpm-utils/lib/startup.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Startup Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: startup.c 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | uint32_t TPM_Startup(uint16_t type) 58 | { 59 | uint32_t ret; 60 | uint32_t ordinal_no = htonl(TPM_ORD_Startup); 61 | STACK_TPM_BUFFER(tpmdata) 62 | uint16_t type_no = htons(type); 63 | 64 | ret = TSS_buildbuff("00 c1 T l s",&tpmdata, 65 | ordinal_no, 66 | type_no); 67 | if ((ret & ERR_MASK)) { 68 | return ret; 69 | } 70 | 71 | ret = TPM_Transmit(&tpmdata,"Startup"); 72 | 73 | if (ret == 0 && tpmdata.used != 10) { 74 | ret = ERR_BAD_RESP; 75 | } 76 | 77 | return ret; 78 | } 79 | 80 | uint32_t TPM_SaveState() 81 | { 82 | uint32_t ret; 83 | uint32_t ordinal_no = htonl(TPM_ORD_SaveState); 84 | STACK_TPM_BUFFER(tpmdata) 85 | 86 | ret = TSS_buildbuff("00 c1 T l",&tpmdata, 87 | ordinal_no); 88 | if ((ret & ERR_MASK)) { 89 | return ret; 90 | } 91 | 92 | ret = TPM_Transmit(&tpmdata,"SaveState"); 93 | 94 | if (ret == 0 && tpmdata.used != 10) { 95 | ret = ERR_BAD_RESP; 96 | } 97 | 98 | return ret; 99 | } 100 | 101 | uint32_t TPM_Init() 102 | { 103 | uint32_t ret; 104 | uint32_t ordinal_no = htonl(TPM_ORD_Init); 105 | STACK_TPM_BUFFER(tpmdata); 106 | 107 | ret = TSS_buildbuff("00 c1 T l",&tpmdata, 108 | ordinal_no); 109 | if ((ret & ERR_MASK)) { 110 | return ret; 111 | } 112 | 113 | ret = TPM_Transmit(&tpmdata,"Init"); 114 | 115 | return ret; 116 | } 117 | -------------------------------------------------------------------------------- /swtpm-utils/lib/tpm.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Utilities */ 4 | /* Written by J. Kravitz */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpm.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPM_H 41 | #define TPM_H 42 | 43 | #include 44 | #include 45 | #ifdef TPM_POSIX 46 | #include 47 | #endif 48 | #ifdef TPM_WINDOWS 49 | #include 50 | #endif 51 | 52 | #define ERR_MASK 0x80000000 /* mask to define error state */ 53 | /* keep 0x8001000 unassigned since the bash only sees the lowest byte! */ 54 | #define ERR_DUMMY 0x80001000 55 | #define ERR_HMAC_FAIL 0x80001001 /* HMAC authorization verification failed */ 56 | #define ERR_NULL_ARG 0x80001002 /* An argument was NULL that shouldn't be */ 57 | #define ERR_BAD_ARG 0x80001003 /* An argument had an invalid value */ 58 | #define ERR_CRYPT_ERR 0x80001004 /* An error occurred in an OpenSSL library call */ 59 | #define ERR_IO 0x80001005 /* An I/O Error occured */ 60 | #define ERR_MEM_ERR 0x80001006 /* A memory allocation error occurred */ 61 | #define ERR_BAD_FILE 0x80001007 /* File error occurred */ 62 | #define ERR_BAD_DATA 0x80001008 /* data read from a stream were bad */ 63 | #define ERR_BAD_SIZE 0x80001009 /* the size of the data to send to the TPM is too large */ 64 | #define ERR_BUFFER 0x8000100a /* the size of the buffer is too small */ 65 | #define ERR_STRUCTURE 0x8000100b /* this is not the stream for the structure to be parsed */ 66 | #define ERR_NOT_FOUND 0x8000100c /* searched item could not be found */ 67 | #define ERR_ENV_VARIABLE 0x8000100d /* environment varaible is not set */ 68 | #define ERR_NO_TRANSPORT 0x8000100e /* no transport allowed for this ordinal */ 69 | #define ERR_BADRESPONSETAG 0x8000100f /* bad response tag in message */ 70 | #define ERR_SIGNATURE 0x80001010 /* bad signature */ 71 | #define ERR_PCR_LIST_NOT_IMA 0x80001011 /* PCR values do not correspond to that in IMA */ 72 | #define ERR_CHECKSUM 0x80001012 /* Checksum not correct */ 73 | #define ERR_BAD_RESP 0x80001013 /* response from TPM not formatted correctly */ 74 | #define ERR_BAD_SESSION_TYPE 0x80001014 /* session type choice is not good */ 75 | 76 | #define ERR_LAST 0x80001015 /* keep this as the last error code !!!! */ 77 | 78 | #define TPM_MAX_BUFF_SIZE 4096 79 | #define TPM_HASH_SIZE 20 80 | #define TPM_NONCE_SIZE 20 81 | 82 | #define TPM_U16_SIZE 2 83 | #define TPM_U32_SIZE 4 84 | 85 | #define TPM_PARAMSIZE_OFFSET TPM_U16_SIZE 86 | #define TPM_RETURN_OFFSET ( TPM_U16_SIZE + TPM_U32_SIZE ) 87 | #define TPM_DATA_OFFSET ( TPM_RETURN_OFFSET + TPM_U32_SIZE ) 88 | 89 | #define STORE32(buffer,offset,value) { *(uint32_t *)&buffer[offset] = htonl(value); } 90 | #define STORE16(buffer,offset,value) { *(uint16_t *)&buffer[offset] = htons(value); } 91 | #define STORE32N(buffer,offset,value) { *(uint32_t *)&buffer[offset] = value; } 92 | #define STORE16N(buffer,offset,value) { *(uint16_t *)&buffer[offset] = value; } 93 | #define LOAD32(buffer,offset) ( ntohl(*(uint32_t *)&buffer[offset]) ) 94 | #define LOAD16(buffer,offset) ( ntohs(*(uint16_t *)&buffer[offset]) ) 95 | #define LOAD32N(buffer,offset) ( *(uint32_t *)&buffer[offset] ) 96 | #define LOAD16N(buffer,offset) ( *(uint16_t *)&buffer[offset] ) 97 | 98 | #define TPM_CURRENT_TICKS_SIZE (sizeof(TPM_STRUCTURE_TAG)+2*TPM_U32_SIZE+TPM_U16_SIZE+TPM_NONCE_SIZE) 99 | 100 | struct tpm_buffer 101 | { 102 | uint32_t size; 103 | uint32_t used; 104 | uint32_t flags; 105 | unsigned char buffer[TPM_MAX_BUFF_SIZE]; 106 | }; 107 | 108 | enum { 109 | BUFFER_FLAG_ON_STACK = 1, 110 | }; 111 | 112 | #define STACK_TPM_BUFFER(X) \ 113 | struct tpm_buffer X = { \ 114 | .size = sizeof( X.buffer ), \ 115 | .used = 0, \ 116 | .flags = BUFFER_FLAG_ON_STACK, \ 117 | .buffer = ""}; 118 | #define RESET_TPM_BUFFER(X) \ 119 | (X)->used = 0 120 | #define ALLOC_TPM_BUFFER(X,S) \ 121 | struct tpm_buffer *X = TSS_AllocTPMBuffer(S); 122 | #define FREE_TPM_BUFFER(X) \ 123 | TSS_FreeTPMBuffer(X) 124 | #define SET_TPM_BUFFER(X, src, len) \ 125 | do { \ 126 | uint32_t to_copy = (X)->size > len ? len : (X)->size; \ 127 | memcpy((X)->buffer, src, to_copy); \ 128 | (X)->used = to_copy; \ 129 | } while (0); 130 | #define IS_TPM_BUFFER_EMPTY(X) \ 131 | ((X)->used == 0) 132 | 133 | struct tpm_buffer *TSS_AllocTPMBuffer(int len); 134 | 135 | static inline struct tpm_buffer *clone_tpm_buffer(struct tpm_buffer *orig) { 136 | struct tpm_buffer * buf = TSS_AllocTPMBuffer(orig->used + 20); 137 | if (buf) { 138 | SET_TPM_BUFFER(buf, orig->buffer, orig->used); 139 | } 140 | return buf; 141 | } 142 | 143 | #if defined (__x86_64__) 144 | #define OUT_FORMAT(a,b) b 145 | #else 146 | #define OUT_FORMAT(a,b) a 147 | #endif 148 | 149 | #endif 150 | -------------------------------------------------------------------------------- /swtpm-utils/lib/tpm_constants.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zajdee/tpm-luks/210d1a201e6335829f4330bde54883bf25111376/swtpm-utils/lib/tpm_constants.h -------------------------------------------------------------------------------- /swtpm-utils/lib/tpm_lowlevel.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Low Level Transport */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpm_lowlevel.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPM_LOWLEVEL_H 41 | #define TPM_LOWLEVEL_H 42 | 43 | #include "tpm.h" 44 | 45 | struct tpm_transport 46 | { 47 | uint32_t (*open)(int *fd); 48 | uint32_t (*close)(int fd); 49 | uint32_t (*send)(int fd, struct tpm_buffer *tb, const char *msg); 50 | uint32_t (*recv)(int fd, struct tpm_buffer *tb); 51 | }; 52 | 53 | enum { 54 | TPM_LOWLEVEL_TRANSPORT_CHARDEV = 1, 55 | TPM_LOWLEVEL_TRANSPORT_TCP_SOCKET, 56 | TPM_LOWLEVEL_TRANSPORT_UNIXIO, 57 | TPM_LOWLEVEL_TRANSPORT_CCA 58 | }; 59 | 60 | void TPM_LowLevel_TransportSocket_Set(void); 61 | void TPM_LowLevel_TransportUnixIO_Set(void); 62 | void TPM_LowLevel_TransportCharDev_Set(void); 63 | void TPM_LowLevel_Transport_Init(int choice); 64 | int TPM_LowLevel_Use_VTPM(void); 65 | int TPM_LowLevel_VTPM_Set(int state); 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /swtpm-utils/lib/tpmkeys.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Key Structures */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpmkeys.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPMKEYS_H 41 | #define TPMKEYS_H 42 | #include "tpm.h" 43 | #include "tpm_structures.h" 44 | #include 45 | 46 | #ifndef TPM_MAXIMUM_KEY_SIZE 47 | #define TPM_MAXIMUM_KEY_SIZE 4096 48 | #endif 49 | 50 | 51 | #define TPM_SIZED_BUFFER_EMB(SIZE_OF_BUFFER,uniq,name) \ 52 | struct uniq { \ 53 | uint32_t size; \ 54 | BYTE buffer[SIZE_OF_BUFFER]; \ 55 | } name 56 | 57 | 58 | typedef struct tdTPM_RSA_KEY_PARMS_EMB { 59 | uint32_t keyLength; 60 | uint32_t numPrimes; 61 | uint32_t exponentSize; 62 | BYTE exponent[3]; 63 | } TPM_RSA_KEY_PARMS_EMB; 64 | 65 | 66 | typedef struct tdTPM_SYMMETRIC_KEY_PARMS_EMB { 67 | uint32_t keyLength; 68 | uint32_t blockSize; 69 | uint32_t ivSize; 70 | BYTE IV[256]; 71 | } TPM_SYMMETRIC_KEY_PARMS_EMB; 72 | 73 | typedef struct tdTPM_KEY_PARMS_EMB { 74 | TPM_ALGORITHM_ID algorithmID; /* This SHALL be the key algorithm in use */ 75 | TPM_ENC_SCHEME encScheme; /* This SHALL be the encryption scheme that the key uses to encrypt 76 | information */ 77 | TPM_SIG_SCHEME sigScheme; /* This SHALL be the signature scheme that the key uses to perform 78 | digital signatures */ 79 | union { 80 | TPM_RSA_KEY_PARMS_EMB rsaKeyParms; 81 | TPM_SYMMETRIC_KEY_PARMS_EMB symKeyParms; 82 | } u; 83 | } TPM_KEY_PARMS_EMB; 84 | 85 | 86 | typedef struct tdTPM_STORE_PUBKEY_EMB { 87 | uint32_t keyLength; 88 | BYTE modulus[TPM_MAXIMUM_KEY_SIZE/8]; 89 | } TPM_STORE_PUBKEY_EMB; 90 | 91 | 92 | typedef struct tdTPM_KEY_EMB { 93 | TPM_STRUCT_VER ver; 94 | TPM_KEY_USAGE keyUsage; 95 | TPM_KEY_FLAGS keyFlags; 96 | TPM_AUTH_DATA_USAGE authDataUsage; 97 | TPM_KEY_PARMS_EMB algorithmParms; 98 | TPM_SIZED_BUFFER_EMB(256, 99 | pcrInfo_TPM_KEY_EMB, pcrInfo); 100 | TPM_STORE_PUBKEY_EMB pubKey; 101 | TPM_SIZED_BUFFER_EMB(1024, encData_TPM_KEY_EMB, encData); 102 | } TPM_KEY_EMB; 103 | 104 | 105 | typedef struct tdTPM_KEY12_EMB { 106 | TPM_STRUCTURE_TAG tag; 107 | uint16_t fill; 108 | TPM_KEY_USAGE keyUsage; 109 | TPM_KEY_FLAGS keyFlags; 110 | TPM_AUTH_DATA_USAGE authDataUsage; 111 | TPM_KEY_PARMS_EMB algorithmParms; 112 | TPM_SIZED_BUFFER_EMB(256, 113 | pcrInfo_TPM_KEY12_EMB, pcrInfo); 114 | TPM_STORE_PUBKEY_EMB pubKey; 115 | TPM_SIZED_BUFFER_EMB(1024, encData_TPM_KEY12_EMB, encData); 116 | } TPM_KEY12_EMB; 117 | 118 | typedef struct pubkeydata 119 | { 120 | TPM_KEY_PARMS_EMB algorithmParms; 121 | TPM_STORE_PUBKEY_EMB pubKey; 122 | TPM_SIZED_BUFFER_EMB(256, 123 | pcrInfo_pubkeydata, pcrInfo); 124 | } pubkeydata; 125 | 126 | typedef struct keydata 127 | { 128 | union { 129 | TPM_STRUCT_VER ver; 130 | TPM_STRUCTURE_TAG tag; // 1 131 | } v; 132 | TPM_KEY_USAGE keyUsage; // 2 133 | TPM_KEY_FLAGS keyFlags; // 3 134 | TPM_AUTH_DATA_USAGE authDataUsage; // 4 135 | pubkeydata pub; 136 | TPM_SIZED_BUFFER_EMB(1024, encData_keydata, encData); 137 | } keydata; 138 | 139 | 140 | #endif 141 | -------------------------------------------------------------------------------- /swtpm-utils/lib/tpmutil.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Utilities */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpmutil.h 4073 2010-04-30 14:44:14Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef TPMUTIL_H 41 | #define TPMUTIL_H 42 | 43 | #include 44 | 45 | #include 46 | 47 | #include 48 | 49 | #include 50 | 51 | #ifdef MIN 52 | #undef MIN 53 | #endif 54 | 55 | #define MIN(x,y) (x) < (y) ? (x) : (y) 56 | 57 | #define TPM_COUNTER_VALUE_SIZE 10 58 | 59 | #define TPM_MAX_TRANSPORTS 10 60 | 61 | /* AES requires data lengths that are a multiple of the block size */ 62 | #define TPM_AES_BITS 128 63 | /* The AES block size is always 16 bytes */ 64 | #define TPM_AES_BLOCK_SIZE 16 65 | 66 | 67 | struct tpm_buffer; 68 | 69 | uint32_t TSS_getsize(unsigned char *rsp); 70 | int TSS_gennonce(unsigned char *nonce); 71 | int TSS_buildbuff(char *format,struct tpm_buffer *, ...); 72 | int TSS_parsebuff(char *format,const struct tpm_buffer *, uint32_t offset, ...); 73 | uint32_t TPM_Transmit(struct tpm_buffer *,const char *msg); 74 | uint32_t TPM_Send(struct tpm_buffer *,const char *); 75 | int TPM_setlog(int flag); 76 | void TSS_sha1(void *input, unsigned int len, unsigned char *output); 77 | uint32_t TSS_SHAFile(const char *filename, unsigned char *hash); 78 | void showBuff(unsigned char* buff, char* string); 79 | 80 | uint32_t TPM_GetDelegationBlob(uint32_t etype, 81 | uint32_t keyhandle, 82 | unsigned char *passHash, 83 | unsigned char *buffer, uint32_t *bufferSize); 84 | uint32_t TPM_AddDelegationBlob(uint32_t etype, 85 | uint32_t keyhandle, 86 | unsigned char *oldPassHash, 87 | unsigned char *newPassHash, 88 | unsigned char *buffer, uint32_t bufferSize); 89 | uint32_t TPM_ResetDelegation(void); 90 | 91 | 92 | uint32_t _TPM_AuditInputstream(const struct tpm_buffer *req, int is_encrypted); 93 | uint32_t _TPM_AuditOutputstream(const struct tpm_buffer *res, uint32_t ord, 94 | int is_encrypted); 95 | uint32_t _TPM_IsAuditedOrdinal(uint32_t ord, uint32_t *rc); 96 | uint32_t TPM_SetAuditedOrdinal(uint32_t ord); 97 | uint32_t TPM_ClearAuditedOrdinal(uint32_t ord); 98 | uint32_t TPM_SetAuditingCounterValue(TPM_COUNTER_VALUE *cv); 99 | uint32_t TPM_ResetAuditing(void); 100 | 101 | uint32_t getNumHandles(uint32_t ord); 102 | uint32_t getNumRespHandles(uint32_t ord); 103 | #if 0 104 | uint32_t TPM_OpenClientSocket(int *sock_fd); 105 | uint32_t TPM_CloseClientSocket(int sock_fd); 106 | uint32_t TPM_TransmitSocket(int sock_fd, struct tpm_buffer *tb); 107 | uint32_t TPM_ReceiveSocket(int sock_fd, struct tpm_buffer *tb); 108 | uint32_t TPM_ReceiveBytes(int sock_fd, 109 | unsigned char *buffer, 110 | size_t nbytes); 111 | #endif 112 | 113 | uint32_t tpm_buffer_load32 (const struct tpm_buffer *tb, uint32_t offset, uint32_t *val); 114 | uint32_t tpm_buffer_load32N(const struct tpm_buffer *tb, uint32_t offset, uint32_t *val); 115 | uint32_t tpm_buffer_load16 (const struct tpm_buffer *tb, uint32_t offset, uint16_t *val); 116 | uint32_t tpm_buffer_load16N(const struct tpm_buffer *tb, uint32_t offset, uint16_t *val); 117 | uint32_t tpm_buffer_store32(struct tpm_buffer *tb, uint32_t val); 118 | uint32_t tpm_buffer_store(struct tpm_buffer *dest, struct tpm_buffer *src, uint32_t soff, uint32_t slen); 119 | 120 | uint32_t parseHash(char *string, unsigned char *hash); 121 | TPM_RESULT TPM_AES_ctr128_Encrypt(unsigned char *data_out, 122 | const unsigned char *data_in, 123 | unsigned long data_size, 124 | const AES_KEY *aes_enc_key, 125 | unsigned char ctr[TPM_AES_BLOCK_SIZE]); 126 | TPM_RESULT TPM_MGF1(unsigned char *mask, 127 | uint32_t maskLen, 128 | const unsigned char *mgfSeed, 129 | uint32_t mgfSeedlen); 130 | TPM_RESULT TPM_SHA1(TPM_DIGEST md, ...); 131 | TPM_RESULT TPM_SHA1Init(void **context); 132 | TPM_RESULT TPM_SHA1_Update(void *context, const unsigned char *data, uint32_t length); 133 | TPM_RESULT TPM_SHA1Final(unsigned char *md, void *context); 134 | TPM_RESULT TPM_SHA1Delete(void **context); 135 | 136 | 137 | #if 0 138 | void TPM_XOR(unsigned char *out, 139 | const unsigned char *in1, 140 | const unsigned char *in2, 141 | size_t length); 142 | #endif 143 | 144 | int allowsTransport(uint32_t ord); 145 | 146 | void _TPM_getTransportAlgIdEncScheme(TPM_ALGORITHM_ID *algId, 147 | TPM_ENC_SCHEME *encScheme); 148 | void TPM_DetermineSessionEncryption(const session *, int *); 149 | 150 | struct tpm_transport *TPM_LowLevel_Transport_Set(struct tpm_transport *new_tp); 151 | void TPM_LowLevel_Transport_Init(int choice); 152 | 153 | uint32_t needKeysRoom(uint32_t key1, uint32_t key2, uint32_t key3, 154 | uint32_t room); 155 | uint32_t needKeysRoom_Stacked(uint32_t key1); 156 | 157 | 158 | #endif 159 | -------------------------------------------------------------------------------- /swtpm-utils/pcr-extend.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 Philip Tricca 3 | * Modified for IBM TSS (c) 2016 by Radek Zajic 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | #ifdef TPM_POSIX 28 | #include 29 | #endif 30 | #ifdef TPM_WINDOWS 31 | #include 32 | #endif 33 | 34 | #include "tpm.h" 35 | #include "tpmutil.h" 36 | #include "tpmfunc.h" 37 | #include "tpm_constants.h" 38 | #include "tpm_structures.h" 39 | 40 | #define BUF_SIZE 1024 41 | 42 | error_t 43 | parse_opts (int key, char *arg, struct argp_state *state); 44 | 45 | typedef struct extend_args { 46 | char *file; 47 | uint32_t pcr_index; 48 | bool pcr_set; 49 | bool verbose; 50 | } extend_args_t; 51 | 52 | const struct argp_option extend_opts[] = { 53 | { 54 | .name = "file", 55 | .key = 'f', 56 | .arg = "file", 57 | .flags = 0, 58 | .doc = "File containing data to extend into the PCR.", 59 | .group = 0, 60 | }, 61 | { 62 | .name = "pcr", 63 | .key = 'p', 64 | .arg = "0-PCR_MAX", 65 | .flags = 0, 66 | .doc = "The PCR to extend.", 67 | .group = 0, 68 | }, 69 | { 70 | .name = "verbose", 71 | .key = 'v', 72 | .arg = NULL, 73 | .flags = OPTION_ARG_OPTIONAL, 74 | .doc = "verbose", 75 | .group = 0, 76 | }, 77 | { 0 } 78 | }; 79 | 80 | const struct argp extend_argp = { 81 | .options = extend_opts, 82 | .parser = parse_opts, 83 | .args_doc = NULL, 84 | .doc = "Arguments for the PCR extend utility." 85 | }; 86 | 87 | error_t 88 | parse_opts (int key, char *arg, struct argp_state *state) 89 | { 90 | extend_args_t *args = state->input; 91 | 92 | switch (key) { 93 | case 'f': 94 | args->file = arg; 95 | break; 96 | case 'p': 97 | args->pcr_index = strtol (arg, NULL, 10); 98 | args->pcr_set = true; 99 | break; 100 | case 'v': 101 | args->verbose = true; 102 | break; 103 | default: 104 | return ARGP_ERR_UNKNOWN; 105 | } 106 | return 0; 107 | } 108 | 109 | static void 110 | extend_args_dump (extend_args_t *args) 111 | { 112 | printf ("User provided options:\n"); 113 | printf (" file: %s\n", args->file); 114 | printf (" pcr: %d\n", args->pcr_index); 115 | printf (" pcr_set: %s\n", args->pcr_set ? "true" : "false"); 116 | printf (" verbose: %s\n", args->verbose ? "true" : "false"); 117 | } 118 | 119 | static void 120 | dump_buf (FILE *file, unsigned char *buf, size_t length) 121 | { 122 | int unsigned i; 123 | 124 | for (i = 0; i < length; ++i) { 125 | fprintf (file, "%02x ", (unsigned char)buf[i]); 126 | } 127 | fprintf (file, "\n"); 128 | } 129 | 130 | static unsigned char* 131 | sha1_file (FILE *file, unsigned int *hash_len) 132 | { 133 | EVP_MD_CTX ctx = { 0 }; 134 | unsigned char *buf = NULL, *hash = NULL; 135 | size_t num_read = 0; 136 | 137 | buf = malloc (BUF_SIZE); 138 | if (buf == NULL) { 139 | perror ("malloc:\n"); 140 | goto sha1_fail; 141 | } 142 | if (EVP_DigestInit (&ctx, EVP_sha1 ()) == 0) { 143 | ERR_print_errors_fp (stderr); 144 | goto sha1_fail; 145 | } 146 | do { 147 | num_read = fread (buf, 1, BUF_SIZE, file); 148 | if (num_read <= 0) 149 | break; 150 | if (EVP_DigestUpdate (&ctx, buf, num_read) == 0) { 151 | ERR_print_errors_fp (stderr); 152 | goto sha1_fail; 153 | } 154 | } while (!feof (file) && !ferror (file)); 155 | if (ferror (file)) { 156 | perror ("fread:\n"); 157 | goto sha1_fail; 158 | } 159 | hash = calloc (1, EVP_MAX_MD_SIZE); 160 | if (hash == NULL) { 161 | perror ("calloc of hash buffer:\n"); 162 | goto sha1_fail; 163 | } 164 | if (EVP_DigestFinal (&ctx, hash, hash_len) == 0) { 165 | ERR_print_errors_fp (stderr); 166 | goto sha1_fail; 167 | } 168 | if (buf) 169 | free (buf); 170 | return hash; 171 | sha1_fail: 172 | if (buf) 173 | free (buf); 174 | if (hash) 175 | free (hash); 176 | return NULL; 177 | } 178 | 179 | /* Read data from file object and extend into PCR till EOF or error. 180 | */ 181 | static int 182 | extend_pcr (uint32_t index, unsigned char *hash, size_t hash_len) 183 | { 184 | uint32_t pcr_before_len = 20, pcr_after_len = 20; 185 | unsigned char *pcr_before = NULL, *pcr_after = NULL; 186 | static int result, out; 187 | 188 | pcr_before = calloc(pcr_before_len, 1); 189 | result = TPM_PcrRead (index, pcr_before); 190 | if (result != 0) { 191 | fprintf (stderr, "Failed to read PCR %d: %d\n", 192 | index, result); 193 | goto extend_out; 194 | } 195 | fprintf (stdout, "Current value for PCR %d:\n ", index); 196 | dump_buf (stdout, pcr_before, pcr_before_len); 197 | fprintf (stdout, "Extending PCR %d with data:\n ", index); 198 | dump_buf (stdout, hash, hash_len); 199 | /* extend the PCR ... finally */ 200 | pcr_after = calloc(pcr_after_len, 1); 201 | result = TPM_Extend (index, hash, 202 | pcr_after); 203 | if (result != 0) { 204 | fprintf (stderr, "Failed to extend PCR %d: %d\n", 205 | index, result); 206 | goto extend_out; 207 | } 208 | fprintf (stdout, "New state for PCR %d:\n ", index); 209 | dump_buf (stdout, pcr_after, pcr_after_len); 210 | extend_out: 211 | out = result; 212 | return out; 213 | } 214 | 215 | int 216 | main (int argc, char *argv[]) 217 | { 218 | FILE *file = stdin; 219 | extend_args_t extend_args = { 0 }; 220 | unsigned char *buf = NULL; 221 | unsigned int buf_len = 0; 222 | int ret = -1; 223 | 224 | TPM_setlog(0); 225 | 226 | if (argp_parse (&extend_argp, argc, argv, 0, NULL, &extend_args)) { 227 | perror ("argp_parse: \n"); 228 | goto main_out; 229 | } 230 | if (extend_args.verbose) { 231 | extend_args_dump (&extend_args); 232 | TPM_setlog(1); 233 | } 234 | if (extend_args.pcr_set == false) { 235 | fprintf (stderr, "No PCR provided.\n"); 236 | goto main_out; 237 | } 238 | if (extend_args.file) { 239 | file = fopen (extend_args.file, "r"); 240 | if (file == NULL) { 241 | perror ("fopen:\n"); 242 | goto main_out; 243 | } 244 | } else { 245 | file = stdin; 246 | } 247 | 248 | buf = sha1_file (file, &buf_len); 249 | if (buf == NULL) 250 | goto main_out; 251 | if (extend_pcr (extend_args.pcr_index, buf, buf_len) != 0) 252 | goto main_out; 253 | ret = 0; 254 | main_out: 255 | if (file != stdin) 256 | fclose (file); 257 | if (buf) 258 | free (buf); 259 | if (ret == 0) 260 | exit (EXIT_SUCCESS); 261 | else 262 | exit (EXIT_FAILURE); 263 | } 264 | 265 | -------------------------------------------------------------------------------- /tpm-luks-scripts/etc/initramfs-tools/hooks/luks-tpm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PREREQ="" 4 | 5 | prereqs() 6 | { 7 | echo "$PREREQ" 8 | } 9 | 10 | case $1 in 11 | prereqs) 12 | prereqs 13 | exit 0 14 | ;; 15 | esac 16 | 17 | if [ ! -x /usr/sbin/nv_readvalue ]; then 18 | exit 0 19 | fi 20 | if [ ! -x /usr/sbin/getcapability ]; then 21 | exit 0 22 | fi 23 | if [ ! -x /usr/sbin/pcr-extend ]; then 24 | exit 0 25 | fi 26 | if [ ! -x /bin/keyctl ]; then 27 | exit 0 28 | fi 29 | 30 | . /usr/share/initramfs-tools/hook-functions 31 | 32 | copy_exec /usr/sbin/nv_readvalue 33 | copy_exec /usr/sbin/getcapability 34 | copy_exec /usr/sbin/pcr-extend 35 | copy_exec /bin/keyctl 36 | egrep '(TPM_LUKS_NV|NVPASS)' /etc/tpm-luks.conf > "${DESTDIR}/etc/tpm-luks.conf" 37 | -------------------------------------------------------------------------------- /tpm-luks-scripts/etc/initramfs/post-update.d/tpm-luks-update: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | INITRD_UPDATED="$2" 4 | 5 | # if the initrd is not specified on command line, exit 6 | if [ -z "$INITRD_UPDATED" ]; then 7 | exit 0 8 | fi 9 | 10 | # if there is no TPM-enabled file, exit 11 | if [ ! -f /sys/class/tpm/tpm0/enabled ]; then 12 | exit 0 13 | fi 14 | 15 | # if the TPM is present, but not enabled, then quit 16 | if ! grep -qi 1 /sys/class/tpm/tpm0/enabled; then 17 | exit 0 18 | fi 19 | 20 | # if the TPM is present, but not owned, then quit 21 | if ! grep -qi 1 /sys/class/tpm/tpm0/owned; then 22 | exit 0 23 | fi 24 | 25 | . /etc/tpm-luks.conf 26 | 27 | # both owner and nvram password must be set for the tpm-luks-update to work 28 | if [ -z "$OWNERPASS" -o -z "$NVPASS" ]; then 29 | echo "Owner pass or NVRAM password not set!" 30 | exit 0 31 | fi 32 | 33 | # initrd updates must be enabled in the configuration file /etc/tpm-luks.conf 34 | if [ "x$TPM_INITRD_ENABLED" != "x1" ]; then 35 | exit 0 36 | fi 37 | 38 | MENU=/boot/grub/grub.cfg 39 | 40 | # Simple parsing of grub.cfg (GRUB2) 41 | IDX=-1 42 | while read LINE; do 43 | # for every "menuentry", increment IDX 44 | if echo $LINE | egrep -qw '^menuentry'; then 45 | IDX=$(( IDX + 1)) 46 | TITLES[$IDX]=$(echo "${LINE}" | awk -F"'" '{print $2}') 47 | KERNEL_FILES[$IDX]="" 48 | CMDLINES[$IDX]="" 49 | INITRD_FILES[$IDX]="" 50 | MENUENTRIES[$IDX]="$LINE" 51 | fi 52 | 53 | # as long as we didn't find any menuentry, skip further steps 54 | [ $IDX -lt 0 ] && continue 55 | 56 | # search for linux(efi)? entries and cmdlines /vmlinuz-4.4.0-53-generic.efi.signed root=UUID=25993870-4742-4723-bbbd-d22bdab6a6f9 ro quiet splash $vt_handoff 57 | # the following code assumes that /boot partition is separate and files in grub.cfg refer to this partition 58 | if echo $LINE | egrep -qw '^linux(efi)?'; then 59 | KERNEL_FILES[$IDX]="/boot$(echo ${LINE} | awk '{ print $2 }')" 60 | # multiple spaces are replaced by single space (the same as in Grub) 61 | CMDLINES[$IDX]=$(echo "${LINE}" | sed 's/^linux[ \t]*//;s/^linuxefi[ \t]*//;s/[ ]\+/ /g' | tr -d "\n") 62 | CMDLINES_HASH[$IDX]=$(echo -n "${CMDLINES[$IDX]}" | sha1sum | awk '{ print $1}') 63 | fi 64 | # search for initrd(efi)? entries (filenames) /initrd.img-4.4.0-53-generic 65 | if echo $LINE | egrep -qw '^initrd(efi)?'; then 66 | INITRD_FILES[$IDX]="/boot$(echo ${LINE} | awk '{ print $2 }')" 67 | fi 68 | done < $MENU 69 | 70 | NUM_ENTRIES=$(( ${#KERNEL_FILES[@]} - 1 )) 71 | 72 | # default entry - search for saved entry first 73 | USENUM=0 74 | grep 'set default="${saved_entry}"' $MENU > /dev/null 2>&1 || USENUM=1 75 | if [ $USENUM -gt 0 ]; then 76 | # echo "Using GRUB numeric default entry" 77 | DEFAULT=`egrep -o 'set default="([0-9]+)"' $MENU | head -n 1 | awk -F'"' '{print $2}'` 78 | else 79 | SAVEDENTRY=`grub-editenv list | grep saved_entry | awk -F'=' '{print $2}'` 80 | if [ "x$SAVEDENTRY" == "x" ]; then 81 | DEFAULT=0 82 | else 83 | DEFAULT=0 84 | for e in $(seq 0 $NUM_ENTRIES); do 85 | ENTRY_LINE=${MENUENTRIES[$e]} 86 | ENTRYID=$(echo "$ENTRY_LINE" | egrep -o "menuentry_id_option '.*'" | awk -F"'" '{print $2}') 87 | if [ "x$ENTRYID" == "x" ]; then 88 | ENTRYID=$e 89 | fi 90 | if [ "x$SAVEDENTRY" == "x$ENTRYID" ]; then 91 | DEFAULT=$e 92 | break 93 | fi 94 | done 95 | fi 96 | fi 97 | 98 | # only run tpm-luks-update if the initrd for latest grub entry has been updated 99 | if [ "${INITRD_FILES[$DEFAULT]}" == "${INITRD_UPDATED}" ]; then 100 | tpm-luks-update 101 | fi 102 | -------------------------------------------------------------------------------- /tpm-luks-scripts/etc/tpm-luks.conf: -------------------------------------------------------------------------------- 1 | OWNERPASS= 2 | NVPASS= 3 | TPM_LUKS_NV_INDEX_LIMIT_MIN=2 4 | TPM_LUKS_NV_INDEX_LIMIT_MAX=16 5 | TPM_LUKS_GENPCR=tpm-luks-gen-tgrub-pcr-values 6 | DEVICE= 7 | ### PCRs in BIOS (MBR-style, incl. MBR on GPT!) boot 8 | ### Described in TCG_PCClientImplementation_1-21_1_00 9 | # PCR Index Use 10 | # 0 CRTM, BIOS, and Host Platform Extensions 11 | # 1 Host Platform Configuration 12 | # 2 Option ROM Code 13 | # 3 Option ROM Configuration and Data 14 | # 4 IPL Code (usually the MBR; GRUB stage 1) 15 | # 5 IPL Code Configuration and Data (MBR partition data) 16 | # 6 State Transition and Wake Events 17 | # 7 Host Platform Manufacturer Control 18 | # 8 GRUB modules loaded extra from disk 19 | # 9 GRUB stage 1.5, GRUB stage 2, kernel, 20 | # kernel cmdline, initrd (in this order) 21 | # 10 Linux IMA (won't see these data in ascii_bios_measurements) 22 | # 11 GRUB commands as executed during boot 23 | # (evaluated by GRUB, then measured; "submenu", "menuentry" 24 | # and "[" not measured at all) 25 | # 12 - 15 Not defined (not used by luks-tpm) 26 | PCRS_BIOS="0 2 4 5 6 9" 27 | ### PCRs in UEFI boot 28 | ### Described in TCG-EFI-Platform-Specification 29 | # PCR Index Use 30 | # 0 CRTM, BIOS, and Host Platform Extensions 31 | # 1 Host Platform Configuration, EFI variables 32 | # 2 EFI boot services drivers, option ROM applications, runtime drivers 33 | # 3 Configuration and Data of Appications and Drivers from PCR[3] 34 | # 4 EFI Boot Application (shimx64.efi or grub64.efi) 35 | # 5 EFI Boot Configuration and Data (GPT partition data) 36 | # 6 State Transition and Wake Events 37 | # 7 UEFI Secure Boot Variables and Status 38 | # 8 GRUB modules loaded extra from disk 39 | # 9 grubx64.efi (if loaded by shim), kernel, 40 | # kernel cmdline, initrd (in this order) 41 | # 10 Linux IMA (won't see these data in ascii_bios_measurements) 42 | # 11 GRUB commands as executed during boot 43 | # (evaluated by GRUB, then measured; "submenu", "menuentry" 44 | # and "[" not measured at all) 45 | # 12 - 15 Not defined (not used by luks-tpm) 46 | PCRS_UEFI="0 2 4 5 6 9" 47 | 48 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-chain-hashes: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # This script calculates a chain of sha1 hashes in the same way a TPM would 4 | # when extending Platform Configuration Registers. This is handy when you need to 5 | # seal a TPM key or NVRAM area to a PCR value that's not yet measured into 6 | # the TPM. 7 | # 8 | # This script defaults to an initial state of 20 bytes of zeroes and files 9 | # will be chained in the order that they appear on the command line 10 | # 11 | # Author: Kent Yoder 12 | # 13 | 14 | function usage 15 | { 16 | echo -e "usage: ${0##*/} [options] ... " 17 | echo -e " options:" 18 | echo -e " -s use as the initial hash state. This should be" 19 | echo -e " ascii, which will be converted to binary. The default" 20 | echo -e " hash state is 20 bytes of zeros" 21 | echo -e " -f use as the initial hash state. The file will not be" 22 | echo -e " modified unless it is the same passed as the -o option" 23 | echo -e " -o use as the output file. When the script terminates" 24 | echo -e " will contain the binary representation of the final" 25 | echo -e " hash which allows you to chain calls to this script together" 26 | echo -e " -h use a list of ascii hash values in the calculation instead of" 27 | echo -e " files. Useful for parsing /sys/kernel/security/tpm0/*" 28 | } 29 | 30 | function cleanup 31 | { 32 | rm -f $OUTFILE 33 | } 34 | 35 | function ascii_to_bin 36 | { 37 | ASCII=$1 38 | OUT=$2 39 | i=0 40 | 41 | while test $i -lt ${#ASCII}; do 42 | BYTE="\x${ASCII:${i}:2}" 43 | echo -ne $BYTE >> $OUT 44 | i=$(( $i + 2 )) 45 | done 46 | } 47 | 48 | INIT_STATE= 49 | INTERMEDIATE_SHA1_ASCII= 50 | OUT_FILE= 51 | HASH_MODE=0 52 | STATE_FILE= 53 | 54 | while getopts "hs:f:o:" opt; do 55 | case $opt in 56 | h) 57 | HASH_MODE=1 58 | ;; 59 | o) 60 | OUT_FILE=${OPTARG} 61 | ;; 62 | f) 63 | STATE_FILE=${OPTARG} 64 | if [ -n "${INIT_STATE}" ]; then 65 | echo "-s and -f are mututally exclusive options" 66 | exit -1 67 | fi 68 | ;; 69 | s) 70 | INIT_STATE=${OPTARG} 71 | if [ -n "${STATE_FILE}" ]; then 72 | echo "-s and -f are mututally exclusive options" 73 | exit -1 74 | fi 75 | ;; 76 | *) 77 | usage 78 | exit -1 79 | ;; 80 | esac 81 | done 82 | 83 | shift $(($OPTIND - 1)) 84 | 85 | if [ ! -n "${OUT_FILE}" ]; then 86 | OUTFILE=$(mktemp /tmp/${0##*/}-XXXXXX) 87 | trap cleanup EXIT 88 | else 89 | OUTFILE=${OUT_FILE} 90 | fi 91 | 92 | if [ ! -n "${INIT_STATE}" ] ; then 93 | INIT_STATE="0000000000000000000000000000000000000000" 94 | fi 95 | 96 | # if we're not using an initial state from file, put the initial state 97 | # there manually 98 | if [ ! -n "${STATE_FILE}" ]; then 99 | truncate -s 0 ${OUTFILE} 100 | ascii_to_bin ${INIT_STATE} ${OUTFILE} 101 | elif [ "$(readlink -f ${STATE_FILE})" != "$(readlink -f ${OUTFILE})" ]; then 102 | cp ${STATE_FILE} ${OUTFILE} 103 | fi 104 | 105 | FILE=$1 106 | 107 | if [ "x${FILE}" == "x" ]; then 108 | usage 109 | exit -1 110 | fi 111 | 112 | while [ "x$FILE" != "x" ]; do 113 | if [ ${HASH_MODE} -eq 1 ]; then 114 | FILE_SHA1_ASCII=$FILE 115 | else 116 | if [ ! -e "${FILE}" ]; then 117 | echo "File ${FILE} does not exist" 118 | exit -1 119 | fi 120 | 121 | FILE_SHA1_ASCII=$(sha1sum $FILE | awk '{ print $1 }') 122 | fi 123 | 124 | ascii_to_bin $FILE_SHA1_ASCII $OUTFILE 125 | 126 | INTERMEDIATE_SHA1_ASCII=$(sha1sum $OUTFILE | awk '{ print $1 }') 127 | rm -f $OUTFILE 128 | ascii_to_bin $INTERMEDIATE_SHA1_ASCII $OUTFILE 129 | 130 | shift 131 | FILE=$1 132 | done 133 | 134 | echo $INTERMEDIATE_SHA1_ASCII 135 | 136 | exit 0 137 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findbiosbootcode: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echoerr() { echo "$@" 1>&2; } 4 | 5 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 6 | if [ "x$MODE" == "xUEFI" ]; then 7 | echoerr "This script is for BIOS boot only." 8 | exit 9 9 | fi 10 | 11 | # simply check for /boot partition - it should be mounted 12 | BIOSDISK=`df -P /boot | awk 'NR==2{print $1}'` 13 | if [ -z "$BIOSDISK" ]; then 14 | echoerr "Unable to determine current mountpoint of /boot (is the partition mounted?)" 15 | exit 4 16 | fi 17 | echoerr "BIOSDISK=$BIOSDISK" 18 | LOADERDRIVE=`echo $BIOSDISK | sed 's/[0-9]*$//g'` 19 | if [ -z "$LOADERDRIVE" ]; then 20 | echoerr "Unable to determine disk used for /boot (should not happen!)" 21 | exit 5 22 | fi 23 | echoerr "LOADERDRIVE=$LOADERDRIVE" 24 | echoerr "Hashing $LOADERDRIVE MBR code" 25 | pcrsum -l $LOADERDRIVE 26 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findbiosbootdata: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echoerr() { echo "$@" 1>&2; } 4 | 5 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 6 | if [ "x$MODE" == "xUEFI" ]; then 7 | echoerr "This script is for BIOS boot only." 8 | exit 9 9 | fi 10 | 11 | # simply check for /boot partition - it should be mounted 12 | BIOSDISK=`df -P /boot | awk 'NR==2{print $1}'` 13 | if [ -z "$BIOSDISK" ]; then 14 | echoerr "Unable to determine current mountpoint of /boot (is the partition mounted?)" 15 | exit 4 16 | fi 17 | echoerr "BIOSDISK=$BIOSDISK" 18 | LOADERDRIVE=`echo $BIOSDISK | sed 's/[0-9]*$//g'` 19 | if [ -z "$LOADERDRIVE" ]; then 20 | echoerr "Unable to determine disk used for /boot (should not happen!)" 21 | exit 5 22 | fi 23 | echoerr "LOADERDRIVE=$LOADERDRIVE" 24 | echoerr "Hashing $LOADERDRIVE partition data" 25 | pcrsum -p $LOADERDRIVE 26 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findbiosgrubstage15: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echoerr() { echo "$@" 1>&2; } 4 | 5 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 6 | if [ "x$MODE" == "xUEFI" ]; then 7 | echoerr "This script is for BIOS boot only." 8 | exit 9 9 | fi 10 | 11 | # simply check for /boot partition - it should be mounted 12 | BIOSDISK=`df -P /boot | awk 'NR==2{print $1}'` 13 | if [ -z "$BIOSDISK" ]; then 14 | echoerr "Unable to determine current mountpoint of /boot (is the partition mounted?)" 15 | exit 4 16 | fi 17 | echoerr "BIOSDISK=$BIOSDISK" 18 | LOADERDRIVE=`echo $BIOSDISK | sed 's/[0-9]*$//g'` 19 | if [ -z "$LOADERDRIVE" ]; then 20 | echoerr "Unable to determine disk used for /boot (should not happen!)" 21 | exit 5 22 | fi 23 | echoerr "LOADERDRIVE=$LOADERDRIVE" 24 | echoerr "Hashing $LOADERDRIVE partition data" 25 | pcrsum -o $LOADERDRIVE 26 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findbiosgrubstage2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echoerr() { echo "$@" 1>&2; } 4 | 5 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 6 | if [ "x$MODE" == "xUEFI" ]; then 7 | echoerr "This script is for BIOS boot only." 8 | exit 9 9 | fi 10 | 11 | # simply check for /boot partition - it should be mounted 12 | BIOSDISK=`df -P /boot | awk 'NR==2{print $1}'` 13 | if [ -z "$BIOSDISK" ]; then 14 | echoerr "Unable to determine current mountpoint of /boot (is the partition mounted?)" 15 | exit 4 16 | fi 17 | echoerr "BIOSDISK=$BIOSDISK" 18 | LOADERDRIVE=`echo $BIOSDISK | sed 's/[0-9]*$//g'` 19 | if [ -z "$LOADERDRIVE" ]; then 20 | echoerr "Unable to determine disk used for /boot (should not happen!)" 21 | exit 5 22 | fi 23 | echoerr "LOADERDRIVE=$LOADERDRIVE" 24 | echoerr "Hashing $LOADERDRIVE partition data" 25 | pcrsum -t $LOADERDRIVE 26 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findefibootgpt: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echoerr() { echo "$@" 1>&2; } 4 | 5 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 6 | if [ "x$MODE" == "xBIOS" ]; then 7 | echoerr "This script is for UEFI boot only." 8 | exit 9 9 | fi 10 | 11 | BOOTCURRENT=`efibootmgr -v | grep 'BootCurrent' | awk '{print $2}'` 12 | if [ -z "$BOOTCURRENT" ]; then 13 | echoerr "Unable to determine current boot entry number" 14 | exit 1 15 | fi 16 | EFIENTRY=`efibootmgr -v | grep Boot${BOOTCURRENT} | egrep -o '[a-zA-Z0-9.,()/\-]*' | grep .efi` 17 | if [ -z "$EFIENTRY" ]; then 18 | echoerr "Unable to determine current boot entry data" 19 | exit 2 20 | fi 21 | echoerr "EFIENTRY=$EFIENTRY" 22 | UUID=`echo $EFIENTRY | awk -F, '{print $3}'` 23 | if [ -z "$UUID" ]; then 24 | echoerr "Unable to determine current boot entry UUID" 25 | exit 3 26 | fi 27 | echoerr "UUID=$UUID" 28 | # searches all disks. uses sfdisk to dump uuids on each disk. greps for the $UUID. if there are multiple matches 29 | # (should not occur), select the first and only 30 | DRIVES=`lsblk | grep disk | awk '{print $1}'` 31 | EFIDISK=`for disk in ${DRIVES}; do sfdisk -d $disk | grep -i uuid=$UUID | awk '{print $1}'; done | head -n 1` 32 | if [ -z "$EFIDISK" ]; then 33 | echoerr "Unable to determine current boot entry UUID disk (is the partition still present?)" 34 | exit 4 35 | fi 36 | echoerr "EFIDISK=$EFIDISK" 37 | LOADERDRIVE=`echo $EFIDISK | sed 's/[p]*[0-9]*$//g'` 38 | if [ -z "$LOADERDRIVE" ]; then 39 | echoerr "Unable to determine current boot entry UUID disk (is the disk present?)" 40 | exit 5 41 | fi 42 | echoerr "LOADERDRIVE=$LOADERDRIVE" 43 | echoerr "Hashing $LOADERDRIVE" 44 | pcrsum -e -p $LOADERDRIVE 45 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findefibootmgr: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echoerr() { echo "$@" 1>&2; } 4 | 5 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 6 | if [ "x$MODE" == "xBIOS" ]; then 7 | echoerr "This script is for UEFI boot only." 8 | exit 9 9 | fi 10 | 11 | BOOTCURRENT=`efibootmgr -v | grep 'BootCurrent' | awk '{print $2}'` 12 | if [ -z "$BOOTCURRENT" ]; then 13 | echoerr "Unable to determine current boot entry number" 14 | exit 1 15 | fi 16 | EFIENTRY=`efibootmgr -v | grep Boot${BOOTCURRENT} | egrep -o '[a-zA-Z0-9.,()/\-]*' | grep .efi` 17 | if [ -z "$EFIENTRY" ]; then 18 | echoerr "Unable to determine current boot entry data" 19 | exit 2 20 | fi 21 | echoerr "EFIENTRY=$EFIENTRY" 22 | UUID=`echo $EFIENTRY | awk -F, '{print $3}'` 23 | if [ -z "$UUID" ]; then 24 | echoerr "Unable to determine current boot entry UUID" 25 | exit 3 26 | fi 27 | EFIFILE=`echo $EFIENTRY | awk -F'/File' '{print $2}' | egrep -o '[a-zA-Z0-9.,/\-]*' | head -n 1 | sed 's/\\\\/\\//g'` 28 | if [ -z "$EFIFILE" ]; then 29 | echoerr "Unable to determine current boot entry filename" 30 | exit 3 31 | fi 32 | echoerr "UUID=$UUID, EFIFILE=$EFIFILE" 33 | # searches all disks. uses sfdisk to dump uuids on each disk. greps for the $UUID. if there are multiple matches 34 | # (should not occur), select the first and only 35 | DRIVES=`lsblk | grep disk | awk '{print $1}'` 36 | EFIDISK=`for disk in ${DRIVES}; do sfdisk -d $disk | grep -i uuid=$UUID | awk '{print $1}'; done | head -n 1` 37 | if [ -z "$EFIDISK" ]; then 38 | echoerr "Unable to determine current boot entry UUID disk (is the partition still present?)" 39 | exit 4 40 | fi 41 | echoerr "EFIDISK=$EFIDISK" 42 | MOUNTPOINT=`mount | grep -w $EFIDISK | awk '{print $3}'` 43 | if [ -z "$MOUNTPOINT" ]; then 44 | echoerr "Unable to determine current boot entry UUID disk (is the disk present?)" 45 | exit 5 46 | fi 47 | echoerr "MOUNTPOINT=$MOUNTPOINT" 48 | LOADERFILE="${MOUNTPOINT}$EFIFILE" 49 | if [ -z "$LOADERFILE" ]; then 50 | echoerr "Unable to determine current boot entry filename." 51 | exit 5 52 | fi 53 | if [ ! -f "$LOADERFILE" ]; then 54 | echoerr "Boot entry file not found. Is the boot file for EFI boot still present?" 55 | exit 5 56 | fi 57 | echoerr "Hashing $LOADERFILE" 58 | pcrsum -e -l $LOADERFILE 59 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-findefishimhash: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | GRUBLOADER="grubx64.efi" 4 | 5 | # This script searches for SHIM loader (if UEFI is in use) 6 | # If yes, it then checks if SHIM supports TPM extensions 7 | # If no TPM extensions are supported within SHIM, a warning message is printed 8 | # Otherwise a sha1 hash of "grubx64.efi" (harcoded in shim.efi) is computed and printed 9 | 10 | echoerr() { echo "$@" 1>&2; } 11 | 12 | MODE=$([ -d /sys/firmware/efi ] && echo -n UEFI || echo -n BIOS) 13 | if [ "x$MODE" == "xBIOS" ]; then 14 | echoerr "This script is for UEFI boot only." 15 | exit 9 16 | fi 17 | 18 | BOOTCURRENT=`efibootmgr -v | grep 'BootCurrent' | awk '{print $2}'` 19 | if [ -z "$BOOTCURRENT" ]; then 20 | echoerr "Unable to determine current boot entry number" 21 | exit 1 22 | fi 23 | 24 | EFIENTRY=`efibootmgr -v | grep Boot${BOOTCURRENT} | egrep -o '[a-zA-Z0-9.,()/\-]*' | grep .efi` 25 | if [ -z "$EFIENTRY" ]; then 26 | echoerr "Unable to determine current boot entry data" 27 | exit 2 28 | fi 29 | echoerr "EFIENTRY=$EFIENTRY" 30 | 31 | UUID=`echo $EFIENTRY | awk -F, '{print $3}'` 32 | if [ -z "$UUID" ]; then 33 | echoerr "Unable to determine current boot entry UUID" 34 | exit 3 35 | fi 36 | 37 | EFIFILE=`echo $EFIENTRY | awk -F'/File' '{print $2}' | egrep -o '[a-zA-Z0-9.,/\-]*' | head -n 1 | sed 's/\\\\/\\//g'` 38 | if [ -z "$EFIFILE" ]; then 39 | echoerr "Unable to determine current boot entry filename" 40 | exit 3 41 | fi 42 | echoerr "UUID=$UUID, EFIFILE=$EFIFILE" 43 | 44 | # searches all disks. uses sfdisk to dump uuids on each disk. greps for the $UUID. if there are multiple matches 45 | # (should not occur), select the first and only 46 | DRIVES=`lsblk | grep disk | awk '{print $1}'` 47 | EFIDISK=`for disk in ${DRIVES}; do sfdisk -d $disk | grep -i uuid=$UUID | awk '{print $1}'; done | head -n 1` 48 | if [ -z "$EFIDISK" ]; then 49 | echoerr "Unable to determine current boot entry UUID disk (is the partition still present?)" 50 | exit 4 51 | fi 52 | echoerr "EFIDISK=$EFIDISK" 53 | 54 | MOUNTPOINT=`mount | grep -w $EFIDISK | awk '{print $3}'` 55 | if [ -z "$MOUNTPOINT" ]; then 56 | echoerr "Unable to determine current boot entry UUID disk (is the disk present?)" 57 | exit 5 58 | fi 59 | echoerr "MOUNTPOINT=$MOUNTPOINT" 60 | 61 | LOADERFILE="${MOUNTPOINT}$EFIFILE" 62 | if [ -z "$LOADERFILE" ]; then 63 | echoerr "Unable to determine current boot entry filename." 64 | exit 5 65 | fi 66 | if [ ! -f "$LOADERFILE" ]; then 67 | echoerr "Boot entry file not found. Is the boot file for EFI boot still present?" 68 | exit 5 69 | fi 70 | 71 | HAVESHIM=0 72 | SHIMPATH="" 73 | [[ "$LOADERFILE" == *shimx64.efi ]] && HAVESHIM=1 74 | [[ "$LOADERFILE" == *shimx64.efi.signed ]] && HAVESHIM=1 75 | [[ "$LOADERFILE" == *shim.efi ]] && HAVESHIM=1 76 | [[ "$LOADERFILE" == *shim.efi.signed ]] && HAVESHIM=1 77 | 78 | if [ $HAVESHIM -eq 0 ]; then 79 | # Shim is not in use, just terminate and do not print any output 80 | exit 0 81 | fi 82 | 83 | # Shim is in use - now check it for TPM support 84 | TPM=1 85 | # https://github.com/rhinstaller/shim/blob/6c180c6004ac464d7e83c1dc4c24047fad281b32/shim.c 86 | # Shim attempts to log the "Second stage bootloader" string into TCG log 87 | # This string is not present in the shims without TPM support 88 | strings $LOADERFILE | grep -qi "Second stage bootloader" || TPM=0 89 | 90 | if [ $TPM -eq 0 ]; then 91 | echoerr "Your shim does NOT support TPM extensions. Your system is partially unprotected!" 92 | exit 99 93 | fi 94 | 95 | [[ "$LOADERFILE" == *shimx64.efi ]] && SHIMPATH=${LOADERFILE%shimx64.efi} 96 | [[ "$LOADERFILE" == *shimx64.efi.signed ]] && SHIMPATH=${LOADERFILE%shimx64.efi.signed} 97 | [[ "$LOADERFILE" == *shim.efi ]] && SHIMPATH=${LOADERFILE%shim.efi} 98 | [[ "$LOADERFILE" == *shim.efi.signed ]] && SHIMPATH=${LOADERFILE%shim.efi.signed} 99 | 100 | GRUBPATH="$SHIMPATH$GRUBLOADER" 101 | echoerr "Hashing $GRUBPATH" 102 | 103 | if [ -z "$GRUBPATH" ]; then 104 | echoerr "Unable to determine SHIM directory/GRUB path." 105 | exit 5 106 | fi 107 | if [ ! -f "$GRUBPATH" ]; then 108 | echoerr "$GRUBLOADER file not found in $SHIMPATH. Did you by any chance remove it accidentaly?" 109 | exit 5 110 | fi 111 | sha1sum $GRUBPATH | awk '{print $1}' -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-init: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # tpm-luks-init: For each entry in the config file, run the script to 4 | # generate its PCR values, then run tpm-luks to create a 5 | # new TPM NVRAM secret for it 6 | # 7 | # 8 | CONF=/etc/tpm-luks.conf 9 | NVPERMSFILE=$(mktemp /tmp/${0##*/}-XXXXXX) 10 | 11 | function cleanup 12 | { 13 | rm -f ${NVPERMSFILE} 14 | } 15 | 16 | . $CONF 17 | 18 | trap cleanup EXIT 19 | echo ${DEVICES} 20 | IFS=' ' read -r -a DEVICES <<< "${DEVICE}" 21 | NUM_DEVICES=$(( ${#DEVICES[@]} - 1 )) 22 | 23 | if [ $NUM_DEVICES -lt 0 ]; then 24 | echo "${CONF} parse error (no LUKS devices defined)" 1>&2 25 | exit 1 26 | fi 27 | 28 | for d in $(seq 0 $NUM_DEVICES); do 29 | echo "Generating PCR values for ${DEVICES[$d]}..." 30 | $TPM_LUKS_GENPCR -o ${NVPERMSFILE} 31 | if [ $? -ne 0 ]; then 32 | echo "${SCRIPTS[$d]} has failed. Aborting." 33 | exit 2 34 | fi 35 | 36 | echo "Creating new TPM NVRAM secret for ${DEVICES[$d]}..." 37 | tpm-luks -c -d ${DEVICES[$d]} -p ${NVPERMSFILE} 38 | if [ $? -ne 0 ]; then 39 | echo "tpm-luks has failed. Aborting." 40 | exit 3 41 | fi 42 | rm -f ${NVPERMSFILE} 43 | done 44 | 45 | exit 0 46 | -------------------------------------------------------------------------------- /tpm-luks-scripts/usr/sbin/tpm-luks-update: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # 3 | # tpm-luks-update: For each entry in the config file, run the script to 4 | # regenerate its PCR values, then run tpm-luks to migrate 5 | # its secret to a new NVRAM index sealed to the new PCRs 6 | # 7 | CONF=/etc/tpm-luks.conf 8 | NVPERMSFILE=$(mktemp /tmp/${0##*/}-XXXXXX) 9 | 10 | function cleanup 11 | { 12 | echo $MSG 13 | rm -f ${NVPERMSFILE} 14 | } 15 | 16 | trap cleanup EXIT 17 | 18 | . $CONF 19 | 20 | AWK=awk 21 | TPM_LUKS_SIZE=32 22 | NVPERMSFILE=$(mktemp /tmp/${0##*/}-XXXXXX) 23 | 24 | function find_used_nv_indexes 25 | { 26 | echo "Generating PCR values..." 27 | $TPM_LUKS_GENPCR -o ${NVPERMSFILE} 28 | if [ $? -ne 0 ]; then 29 | echo "$TPM_LUKS_GENPCR has failed." 30 | return 31 | fi 32 | 33 | # start at index 1, making the default first index to use 2. In 34 | # testing, the Atmel TPM threw errors if NV index 1 was used 35 | NV_INDEX=2 36 | NV_USED_INDEXES=( $(tpm_nvinfo | ${AWK} '$1$2 ~ /NVRAMindex/ { print $4 }') ) 37 | NV_USED_SIZES=( $(tpm_nvinfo | ${AWK} '$1$2 ~ /Size/ { print $3 }') ) 38 | NUM_INDEXES=$(( ${#NV_USED_INDEXES[@]} - 1 )) 39 | NUM_SIZES=$(( ${#NV_USED_SIZES[@]} - 1 )) 40 | 41 | if [ -z $NUM_SIZES -o -z $NUM_INDEXES ]; then 42 | echo "tpm_nvinfo error - unable to fetch existing indexes" 1>&2 43 | return 1 44 | fi 45 | 46 | # iterate through NV indexes $TPM_LUKS_NV_INDEX_LIMIT_MIN..$TPM_LUKS_NV_INDEX_LIMIT_MAX 47 | # compare current index with $NV_USED_INDEXES 48 | # if the index is not yet used, return it 49 | # take care of NV_USED_INDEXES - tpm_nvinfo returns data in HEX 50 | ### FIXME: if no PCR entry can be read, do NOT release any of them! 51 | ### FIXME: Take MIN/MAX into account not to break other distros' NVRAM entries 52 | 53 | HAVE_KEYS=0 54 | for d in $(seq 0 $NUM_INDEXES); do 55 | # fetch index and convert it from hex to dec 56 | NV_INDEX=$(( ${NV_USED_INDEXES[$d]} )) 57 | NV_SIZE=${NV_USED_SIZES[$d]} 58 | [ $NV_SIZE -ne $TPM_LUKS_SIZE ] && continue 59 | [ $NV_INDEX -lt $TPM_LUKS_NV_INDEX_LIMIT_MIN ] && continue 60 | [ $NV_INDEX -gt $TPM_LUKS_NV_INDEX_LIMIT_MAX ] && continue 61 | echo "Found NVRAM index: $NV_INDEX, size: $NV_SIZE" 62 | CANREAD=1 63 | FILENAME=$(tpm-luks -r -i $NV_INDEX) || CANREAD=0 64 | if [ $CANREAD -eq 0 ]; then 65 | echo "Index $NV_INDEX cannot be read. Removing from NVRAM..." 66 | tpm_nvrelease -i $NV_INDEX --pwdo=$OWNERPASS 67 | continue 68 | else 69 | SHA1NAME=$(sha1sum $FILENAME | awk '{print $1}') 70 | echo "Index $NV_INDEX was read into file $FILENAME and has sha1sum $SHA1NAME" 71 | mv -u $FILENAME /dev/shm/lukskey$SHA1NAME 72 | HAVE_KEYS=1 73 | fi 74 | done 75 | 76 | if [ $HAVE_KEYS -eq 0 ]; then 77 | # no keys set up in TPM, just terminate 78 | return 79 | fi 80 | 81 | # now search for files to be migrated and store these into NVRAM 82 | MIGRATE_FILES=( $(ls /dev/shm/lukskey*) ) 83 | NUM_FILES=$(( ${#MIGRATE_FILES[@]} - 1)) 84 | for d in $(seq 0 $NUM_FILES); do 85 | FILENAME=${MIGRATE_FILES[$d]} 86 | echo "Storing key from $FILENAME into NVRAM..." 87 | MSG=$(tpm-luks -w $FILENAME -p ${NVPERMSFILE}) 88 | echo $MSG 89 | if [ $? -ne 0 ]; then 90 | echo "Unable to migrate key from $FILENAME into NVRAM. File NOT DELETED, please migrate yourself!" 91 | continue 92 | fi 93 | NEWINDEX=$(echo ${MSG} | awk '$1 ~ /Successfully/ { print $11 }') 94 | NEWINDEX=$(( ${NEWINDEX} )) 95 | echo "Success. Migrated $FILENAME into NVRAM, new index $NEWINDEX." 96 | rm -f $FILENAME 97 | done 98 | 99 | rm -f ${NVPERMSFILE} 100 | } 101 | find_used_nv_indexes 102 | 103 | exit 0 104 | --------------------------------------------------------------------------------