From: Kent Y. <shp...@gm...> - 2013-02-05 23:25:53
|
Hi Xiaokai, On Mon, Jan 21, 2013 at 1:57 AM, Wang, Xiaokai <xia...@in...> wrote: > Hi all, > > > > I make two patches about tpm-tools enhancement,one is info.patch that adds > a > > function displaying TPM_PERMANT_FLAGS requiring permissions(ownerpassword). > > After applying info.patch and recompiling sourcecode,you can use “tpm_nvinfo > –f > > ownerpssword” showing that. For info.patch, the output looks good, but instead of "-f <ownerpassword>" we should match the other commands. Please leave -f as the command arg (maybe add "--flags" as the long version), but then add a separate argument for the owner's password, as is done in tpm_nvdefine, for example. > Another one,define.patch,adds two optional arguments “-W localityselection > –R > For define.patch, lets spell out the possible locality numbers in the help text, such as: TPM_LOC_ZERO=1 TPM_LOC_ONE=2 ... Also, please patch the man pages to update them with the new options. Thanks, Kent > localityselection “ meaning when defining index you can select ‘read/write > locality’ > > > > The pathes are below and attach file,please review. > > If you think they are no problem, I hope you can apply them. > > > > > > /*************************info.patch below******************************/ > > > > Add function that displays TPM_PERMANENT_FLAGS requiring > permission(ownerpassword) > > > > Signed-off-by:Xiaokai Wang <xia...@in...> > > > > diff --git a/src/tpm_mgmt/tpm_nvinfo.c b/src/tpm_mgmt/tpm_nvinfo.c > > index 8964681..ee3e7d4 100644 > > --- a/src/tpm_mgmt/tpm_nvinfo.c > > +++ b/src/tpm_mgmt/tpm_nvinfo.c > > @@ -26,9 +26,12 @@ > > #include "tpm_utils.h" > > #include "tpm_nvcommon.h" > > +#define BUFFER_SIZE 1024 > > static BOOL nvindex_set; > > static unsigned int nvindex; > > +static const char *ownerpassword; > > +static int perm_flags; > > static BOOL list_only; > > TSS_HCONTEXT hContext = 0; > > @@ -51,6 +54,11 @@ static int parse(const int aOpt, const char *aArg) > > nvindex_set = FALSE; > > break; > > + case 'f': > > + ownerpassword = aArg; > > + perm_flags = 1; > > + break; > > + > > default: > > return -1; > > } > > @@ -64,6 +72,9 @@ static void help(const char* aCmd) > > logNVIndexCmdOption(); > > logCmdOption("-n, --list-only", > > _("Only list the defined NVRAM areas' indices.")); > > + > > + logCmdOption("-f, --ownerpassword", > > + _("displays TPM_PERMANENT_FLAGS")); > > } > > > > @@ -142,10 +153,155 @@ static void nvindexDisplay(TSS_HTPM hTpm, UINT32 > nvindex) > > return; > > } > > +const char *bool_to_str(int b) > > +{ > > + return b ? "TRUE" : "FALSE"; > > +} > > + > > +void Decode_copy_UINT32(uint32_t *out,unsigned char **blob) > > +{ > > + *out = Decode_UINT32((BYTE *)*blob); > > + *blob += sizeof(*out); > > +} > > + > > +typedef struct { > > + uint32_t disable : 1; > > + uint32_t ownership : 1; > > + uint32_t deactivated : 1; > > + uint32_t readPubek : 1; > > + uint32_t disableOwnerClear : 1; > > + uint32_t allowMaintenance : 1; > > + uint32_t physicalPresenceLifetimeLock : 1; > > + uint32_t physicalPresenceHWEnable : 1; > > + uint32_t physicalPresenceCMDEnable : 1; > > + uint32_t CEKPUsed : 1; > > + uint32_t TPMpost : 1; > > + uint32_t TPMpostLock : 1; > > + uint32_t FIPS : 1; > > + uint32_t Operator : 1; > > + uint32_t enableRevokeEK : 1; > > + uint32_t nvLocked : 1; > > + uint32_t readSRKPub : 1; > > + uint32_t tpmEstablished : 1; > > + uint32_t maintenanceDone : 1; > > +} tpm_perm_flags_t; > > + > > +typedef struct { > > + uint32_t deactivated : 1; > > + uint32_t disableForceClear : 1; > > + uint32_t physicalPresence : 1; > > + uint32_t physicalPresenceLock : 1; > > + uint32_t bGlobalLock : 1; > > +} tpm_stclear_flags_t; > > + > > +TSS_RESULT > > +display_flags(void) > > +{ > > + TSS_HPOLICY htpmpolicy = 0; > > + TSS_HCONTEXT hcontext = 0; > > + TSS_HTPM htpm = 0; > > + > > + uint32_t i; > > + uint32_t subcap = 0; > > + uint32_t datasize = 0; > > + unsigned char *pbuf; > > + int opswd_len = -1; > > + tpm_perm_flags_t perm_flags; > > + tpm_stclear_flags_t stclear_flags; > > + > > + if (contextCreate(&hcontext) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (contextConnect(hcontext) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (contextGetTpm(hcontext, &htpm) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (policyGet(htpm, &htpmpolicy) != TSS_SUCCESS) > > + goto out_close; > > + if (opswd_len < 0) > > + opswd_len = strlen(ownerpassword); > > + if (policySetSecret(htpmpolicy, opswd_len, > > + (BYTE *)ownerpassword) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (getCapability(htpm, TSS_TPMCAP_FLAG, 4, (unsigned char > *)&subcap, > > + &datasize, &pbuf) != TSS_SUCCESS) { > > + logMsg(_("error getting TPM_PERMANENT_FLAGS.\n")); > > + goto out_close; > > + } > > + > > + if (datasize != 2*sizeof(uint32_t)) { > > + logMsg(_("error getting TPM_PERMANENT_FLAGS.\n")); > > + goto out_close; > > + } > > + > > + if (pbuf == NULL) { > > + logMsg(_("error getting TPM_PERMANENT_FLAGS.\n")); > > + goto out_close; > > + } > > + > > + logMsg("The response data is:\n"); > > + for (i = 0; i < datasize; i++) { > > + logMsg("%02x ", pbuf[i]); > > + > > + if (i%16 == 15) > > + logMsg("\n"); > > + } > > + logMsg("\n"); > > + > > + Decode_copy_UINT32((uint32_t *)&perm_flags, &pbuf); > > + Decode_copy_UINT32((uint32_t *)&stclear_flags, &pbuf); > > + > > + logMsg("TPM_PERMANENT_FLAGS:\n"); > > + logMsg("\t disable: %s\n", bool_to_str(perm_flags.disable)); > > + logMsg("\t ownership: %s\n", bool_to_str(perm_flags.ownership)); > > + logMsg("\t deactivated: %s\n", bool_to_str(perm_flags.deactivated)); > > + logMsg("\t readPubek: %s\n", bool_to_str(perm_flags.readPubek)); > > + logMsg("\t disableOwnerClear: %s\n", > > + bool_to_str(perm_flags.disableOwnerClear)); > > + logMsg("\t allowMaintenance: %s\n", > > + bool_to_str(perm_flags.allowMaintenance)); > > + logMsg("\t physicalPresenceLifetimeLock: %s\n", > > + bool_to_str(perm_flags.physicalPresenceLifetimeLock)); > > + logMsg("\t physicalPresenceHWEnable: %s\n", > > + bool_to_str(perm_flags.physicalPresenceHWEnable)); > > + logMsg("\t physicalPresenceCMDEnable: %s\n", > > + bool_to_str(perm_flags.physicalPresenceCMDEnable)); > > + logMsg("\t CEKPUsed: %s\n", bool_to_str(perm_flags.CEKPUsed)); > > + logMsg("\t TPMpost: %s\n", bool_to_str(perm_flags.TPMpost)); > > + logMsg("\t TPMpostLock: %s\n", bool_to_str(perm_flags.TPMpostLock)); > > + logMsg("\t FIPS: %s\n", bool_to_str(perm_flags.FIPS)); > > + logMsg("\t Operator: %s\n", bool_to_str(perm_flags.Operator)); > > + logMsg("\t enableRevokeEK: %s\n", > > + bool_to_str(perm_flags.enableRevokeEK)); > > + logMsg("\t nvLocked: %s\n", bool_to_str(perm_flags.nvLocked)); > > + logMsg("\t readSRKPub: %s\n", bool_to_str(perm_flags.readSRKPub)); > > + logMsg("\t tpmEstablished: %s\n", > > + bool_to_str(perm_flags.tpmEstablished)); > > + logMsg("\t maintenanceDone: %s\n", > > + bool_to_str(perm_flags.maintenanceDone)); > > + > > + logMsg("\nTPM_STCLEAR_FLAGS:\n"); > > + logMsg("\t deactivated: %s\n", > bool_to_str(stclear_flags.deactivated)); > > + logMsg("\t disableForceClear: %s\n", > > + bool_to_str(stclear_flags.disableForceClear)); > > + logMsg("\t physicalPresence: %s\n", > > + bool_to_str(stclear_flags.physicalPresence)); > > + logMsg("\t physicalPresenceLock: %s\n", > > + bool_to_str(stclear_flags.physicalPresenceLock)); > > + logMsg("\t bGlobalLock: %s\n", > bool_to_str(stclear_flags.bGlobalLock)); > > + > > + out_close: > > + contextClose(hcontext); > > + > > + return TSS_SUCCESS; > > +} > > int main(int argc, char **argv) > > { > > - TSS_HTPM hTpm; > > + TSS_HTPM hTpm = 0; > > UINT32 ulResultLen; > > BYTE *pResult = NULL; > > int iRc = -1; > > @@ -153,16 +309,29 @@ int main(int argc, char **argv) > > struct option hOpts[] = { > > {"index" , required_argument, NULL, 'i'}, > > {"list-only", no_argument, NULL, 'n'}, > > + {"ownpasswd", required_argument, NULL, 'f'}, > > {NULL , no_argument, NULL, 0}, > > }; > > initIntlSys(); > > if (genericOptHandler > > - (argc, argv, "i:o:n", hOpts, > > + (argc, argv, "i:o:f:n", hOpts, > > sizeof(hOpts) / sizeof(struct option), parse, help) != > 0) > > goto out; > > + if (perm_flags) { > > + if (ownerpassword == NULL) { > > + logMsg(_("no passwd input!need ownerpassword to > display flags.\n")); > > + return iRc; > > + } else if (display_flags() != TSS_SUCCESS) > > + return iRc; > > + > > + iRc = 0; > > + > > + return iRc; > > + } > > + > > if (contextCreate(&hContext) != TSS_SUCCESS) > > goto out; > > > > /*************************define.patch below******************************/ > > > > Add choice that read/write locality selection when defining nv index. > > > > Signed-off-by:Xiaokai Wang <xia...@in...> > > > > diff --git a/src/tpm_mgmt/tpm_nvdefine.c b/src/tpm_mgmt/tpm_nvdefine.c > > index e2c748f..d5a89ef 100644 > > --- a/src/tpm_mgmt/tpm_nvdefine.c > > +++ b/src/tpm_mgmt/tpm_nvdefine.c > > @@ -27,6 +27,10 @@ > > #include "tpm_utils.h" > > #include "tpm_nvcommon.h" > > +static unsigned int r_loc_arg = 0; > > +static unsigned int w_loc_arg = 0; > > +static unsigned int r_loc_flag = 0; > > +static unsigned int w_loc_flag = 0; > > static unsigned int nvindex; > > static BOOL nvindex_set; > > static unsigned int nvperm; > > @@ -122,6 +126,20 @@ static int parse(const int aOpt, const char *aArg) > > return -1; > > break; > > + case 'R': > > + if (parseHexOrDecimal(aArg, &r_loc_arg, 0, UINT_MAX, > > + "read localityValue") != 0) > > + return -1; > > + r_loc_flag = 1; > > + break; > > + > > + case 'W': > > + if (parseHexOrDecimal(aArg, &w_loc_arg, 0, UINT_MAX, > > + "write localityValue") != 0) > > + return -1; > > + w_loc_flag = 1; > > + break; > > + > > case 'f': > > filename = aArg; > > break; > > @@ -152,6 +170,11 @@ static void help(const char* aCmd) > > _("PCRs to seal the NVRAM area to for reading (use > multiple times)")); > > logCmdOption("-w, --wpcrs", > > _("PCRs to seal the NVRAM area to for writing (use > multiple times)")); > > + logCmdOption("-R, --rlv", > > + _("read locality value:uint8.there are 5 > localities:0~4.\n" > > + "\t\tfor example,locality value is 0x18 if > locality 3 or 4.")); > > + logCmdOption("-W, --wlv", > > + _("write locality value:uint8.the same as read locality > value.")); > > logCmdOption("-f, --filename", > > _("File containing PCR info for the NVRAM area")); > > @@ -252,6 +275,8 @@ int main(int argc, char **argv) > > {"rpcrs" , required_argument, NULL, 'r'}, > > {"wpcrs" , required_argument, NULL, 'w'}, > > {"filename" , required_argument, NULL, 'f'}, > > + {"rlv" , optional_argument, NULL, 'R'}, > > + {"wlv" , optional_argument, NULL, 'W'}, > > {"pwdo" , optional_argument, NULL, 'o'}, > > {"pwda" , optional_argument, NULL, 'a'}, > > {"use-unicode" , no_argument, NULL, 'u'}, > > @@ -266,7 +291,7 @@ int main(int argc, char **argv) > > initIntlSys(); > > if (genericOptHandler > > - (argc, argv, "i:s:p:o:a:r:w:f:yzu", hOpts, > > + (argc, argv, "i:s:p:o:a:r:w:R:W:f:yzu", hOpts, > > sizeof(hOpts) / sizeof(struct option), parse, help) != > 0) > > goto out; > > @@ -451,13 +476,39 @@ int main(int argc, char **argv) > > goto out_close_obj; > > } > > - if (hPcrsRead) > > + if (r_loc_arg > 0x1f) { > > + logMsg(_("wrong read locality number!\n")); > > + goto out_close; > > + } > > + > > + if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, > > + &hPcrsRead) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (r_loc_flag == 1) { > > + if (pcrcompositeSetPcrLocality(hPcrsRead, r_loc_arg) != > TSS_SUCCESS) > > + goto out_close; > > + } else { > > if (pcrcompositeSetPcrLocality(hPcrsRead, localityValue) != > TSS_SUCCESS) > > goto out_close; > > + } > > + > > + if (w_loc_arg > 0x1f) { > > + logMsg(_("wrong write locality number!\n")); > > + goto out_close; > > + } > > + > > + if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, > > + &hPcrsWrite) != TSS_SUCCESS) > > + goto out_close; > > - if (hPcrsWrite) > > + if (w_loc_flag == 1) { > > + if (pcrcompositeSetPcrLocality(hPcrsWrite, w_loc_arg) != > TSS_SUCCESS) > > + goto out_close; > > + } else { > > if (pcrcompositeSetPcrLocality(hPcrsWrite, localityValue) != > TSS_SUCCESS) > > goto out_close; > > + } > > if (NVDefineSpace(nvObject, hPcrsRead, hPcrsWrite) != TSS_SUCCESS) > > goto out_close; > > > > Regards > > Xiaokai > > > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. SALE $99.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122412 > _______________________________________________ > TrouSerS-tech mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-tech > |