[01org/tpm2-tools] 224e0e: tpm2_util: Add TSS2_RETRY_EXP macro to cope with T...
by GitHub
Branch: refs/heads/master
Home: https://github.com/01org/tpm2-tools
Commit: 224e0eb1696d02d05e4e620115df87ee0937d83a
https://github.com/01org/tpm2-tools/commit/224e0eb1696d02d05e4e620115df87...
Author: Philip Tricca <philip.b.tricca(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M lib/tpm2_util.h
M tools/tpm2_activatecredential.c
M tools/tpm2_certify.c
M tools/tpm2_create.c
M tools/tpm2_createprimary.c
M tools/tpm2_dictionarylockout.c
M tools/tpm2_encryptdecrypt.c
M tools/tpm2_evictcontrol.c
M tools/tpm2_getcap.c
M tools/tpm2_getmanufec.c
M tools/tpm2_getpubak.c
M tools/tpm2_getpubek.c
M tools/tpm2_getrandom.c
M tools/tpm2_hmac.c
M tools/tpm2_import.c
M tools/tpm2_listpersistent.c
M tools/tpm2_load.c
M tools/tpm2_loadexternal.c
M tools/tpm2_makecredential.c
M tools/tpm2_nvdefine.c
M tools/tpm2_nvlist.c
M tools/tpm2_nvread.c
M tools/tpm2_nvreadlock.c
M tools/tpm2_nvrelease.c
M tools/tpm2_nvwrite.c
M tools/tpm2_pcrevent.c
M tools/tpm2_pcrextend.c
M tools/tpm2_pcrlist.c
M tools/tpm2_quote.c
M tools/tpm2_readpublic.c
M tools/tpm2_rsadecrypt.c
M tools/tpm2_rsaencrypt.c
M tools/tpm2_sign.c
M tools/tpm2_startup.c
M tools/tpm2_takeownership.c
M tools/tpm2_unseal.c
M tools/tpm2_verifysignature.c
Log Message:
-----------
tpm2_util: Add TSS2_RETRY_EXP macro to cope with TPM_RC_RETRY & use in tools.
This is required to support the latest version 974 simulator. It now
returns TPM_RC_RETRY in some cases. The tools code should be resiliant
to this response code. This is accomplished through a macro
(TSS2_RETRY_EXP) that's modeled after the GNU TEMP_FAILURE_RETRY
macro.
Signed-off-by: Philip Tricca <philip.b.tricca(a)intel.com>
Commit: c9de2ad1c996d981382ac18262043b7a907b66c0
https://github.com/01org/tpm2-tools/commit/c9de2ad1c996d981382ac18262043b...
Author: Philip Tricca <philip.b.tricca(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M .travis.yml
Log Message:
-----------
travis.yml: Upgrade TPM2 simulator from version 532 to 974.
Signed-off-by: Philip Tricca <philip.b.tricca(a)intel.com>
Commit: 1fde3c308bd69e5c21d3c2ad43dae07aa06fe901
https://github.com/01org/tpm2-tools/commit/1fde3c308bd69e5c21d3c2ad43dae0...
Author: Philip Tricca <philip.b.tricca(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M tools/tpm2_encryptdecrypt.c
Log Message:
-----------
tpm2_encryptdecrypt: Try EncryptDecrypt2 first, fallback to EncryptDecrypt.
The EncryptDecrypt command has been deprecated. The specification
identifies the EncryptDecrypt2 command as preferred. We now only try
the older function if EncryptDecrypt2 isn't supported.
Signed-off-by: Philip Tricca <philip.b.tricca(a)intel.com>
Compare: https://github.com/01org/tpm2-tools/compare/7108b529eee8...1fde3c308bd6
3 years, 2 months
[01org/tpm2-tools] 5c736f: test: nv check that passwords work
by GitHub
Branch: refs/heads/master
Home: https://github.com/01org/tpm2-tools
Commit: 5c736fdf5a238a82fc47143034fccc030966cd15
https://github.com/01org/tpm2-tools/commit/5c736fdf5a238a82fc47143034fccc...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M test/system/test_tpm2_nv.sh
Log Message:
-----------
test: nv check that passwords work
Not only does this serve as a good example of how to use index and owner
authorizations, this also tests that passwords enforcement works as
expected.
Fixes: #580
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: ed41c04dc1065474360215a5b9c4e12e59dffe42
https://github.com/01org/tpm2-tools/commit/ed41c04dc1065474360215a5b9c4e1...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M man/tpm2_nvwrite.1.md
M test/system/test_tpm2_nv.sh
M tools/tpm2_nvwrite.c
Log Message:
-----------
tpm2_nvwrite: add starting offset
Add the -o option to allow specifying a starting offset
for the write.
Add a check to ensure that the write will fit before starting
to write. This will help prevent data integrity issue when a
write only partially completes.
Add tests to ensure:
- offset writes are functional.
- offset data sizes past the defined nv space fail and do not
modify the contents.
Fixes: #505
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: a851da7fb969a286a66e9e1c0a6dd5af7cb7e9f8
https://github.com/01org/tpm2-tools/commit/a851da7fb969a286a66e9e1c0a6dd5...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M tools/tpm2_nvdefine.c
Log Message:
-----------
tpm2_nvdefine: fix space size
Size is a UINT16 but the argument paramater was a UINT32. Make
it match as a UINT16 to avoid truncation errors.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: e84490479b5db19125e729b0a06ee7118820063c
https://github.com/01org/tpm2-tools/commit/e84490479b5db19125e729b0a06ee7...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M man/tpm2_nvwrite.1.md
M test/system/test_tpm2_nv.sh
M tools/tpm2_nvwrite.c
Log Message:
-----------
tpm2_nvwrite: make -f an argument
File is now an argument versus an option and support for
reading from stdin now exists.
Fixes: #506
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: dc1242a8b0149675d4c3921a43747c4e56b7ecab
https://github.com/01org/tpm2-tools/commit/dc1242a8b0149675d4c3921a43747c...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M tools/tpm2_nvwrite.c
Log Message:
-----------
tpm2_nvwrite: add warning on size 0 writes
Writing size 0 bytes to an nv index is not an error as far
as the TPM is concerned. However, most users would expect that
they are writing data.
Add a warning to let the user know that they are writing 0 bytes
to the nv index, but proceed with writing.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: 2f8a120f0140cba57ff306957ddf47671b522a82
https://github.com/01org/tpm2-tools/commit/2f8a120f0140cba57ff306957ddf47...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M tools/tpm2_nvdefine.c
Log Message:
-----------
tpm2_nvdefine: issue a warning on size 0 defines
Defining an nv index with a size of 0 is valid, however,
the index is essentially unusable for storing data.
Issue a warning on size 0 index sizes.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Commit: 19e16358316e0344f3f9002e186ae2a3b94df96d
https://github.com/01org/tpm2-tools/commit/19e16358316e0344f3f9002e186ae2...
Author: William Roberts <william.c.roberts(a)intel.com>
Date: 2017-10-31 (Tue, 31 Oct 2017)
Changed paths:
M man/tpm2_nvdefine.1.md
M tools/tpm2_nvdefine.c
Log Message:
-----------
tpm2_nvdefine: default size to MAX_NV_INDEX_SIZE
The current default size of 0 causes a warning, set the
size to MAX_NV_INDEX_SIZE so users get something, even
if sub-optimal and wasteful.
Signed-off-by: William Roberts <william.c.roberts(a)intel.com>
Compare: https://github.com/01org/tpm2-tools/compare/539ea8898df7...19e16358316e
3 years, 2 months
[01org/tpm2-tools] 06e2b6: test: don't extend a PCR with more digest values t...
by GitHub
Branch: refs/heads/master
Home: https://github.com/01org/tpm2-tools
Commit: 06e2b6d94a2b258b5468910ce252e534edae9eb9
https://github.com/01org/tpm2-tools/commit/06e2b6d94a2b258b5468910ce252e5...
Author: Javier Martinez Canillas <javierm(a)redhat.com>
Date: 2017-10-30 (Mon, 30 Oct 2017)
Changed paths:
M test/system/test_tpm2_pcrextend.sh
Log Message:
-----------
test: don't extend a PCR with more digest values than supported banks
The list of digest values used to extend a PCR are defined by passing a
TPML_DIGEST_VALUES to TPM2_PCR_Extend. By passing a list of values, the
PCR can be extended in all the supported banks on a single TPM2 command.
Since there's no check if the algorithm ID is different for each digest
used, different digest values could be passed for the same PCR bank so a
PCR will be extended multiple times for the same hash algorithm bank.
But this isn't the preferred way to use it, as explained in the TCG spec:
"While the semantics of this command allow multiple extends to a single
PCR bank, this is not the preferred use and the limit on the number of
entries in the list make this use somewhat impractical."
Also, the number of banks will vary depending of the hash algorithms that
are supported by each TPM2 chip, so the test shouldn't make assumption on
the maximum number of digests that could be used. Instead, it should only
attempt to extend the PCR for the banks that are known to be supported.
The test though, assumes that 3 hash digests could be passed since that's
what supported by the TPM2 simulator (sha1, sha256 and sha384). So change
the test to make sure that it will work on all TPM2 chips.
And also change the test to not attempt to extend the same PCR multiple
times for the same bank since the spec says that's not the preferred way
to use the TPM2_PCR_Extend command.
Finally, the test is checking that attempting to extend a PCR with more
digest values than supported banks will fail but there's no check for the
command exit status to make sure that it failed.
Signed-off-by: Javier Martinez Canillas <javierm(a)redhat.com>
3 years, 2 months
[01org/tpm2-tools] 049a42: tpm2_errata: implement a generic handling for erra...
by GitHub
Branch: refs/heads/master
Home: https://github.com/01org/tpm2-tools
Commit: 049a424dd85bc0c82d550b1824a589a0a6945022
https://github.com/01org/tpm2-tools/commit/049a424dd85bc0c82d550b1824a589...
Author: Jia Zhang <qianyue.zj(a)alibaba-inc.com>
Date: 2017-10-26 (Thu, 26 Oct 2017)
Changed paths:
M Makefile.am
A lib/tpm2_errata.c
A lib/tpm2_errata.h
M tools/tpm2_tool.c
Log Message:
-----------
tpm2_errata: implement a generic handling for errata
The TPM errata should be addressed and handled transparently by design.
In order to handle an errata, the errata info should be recorded in
tpm2_errata.[ch], and the tools need to query the errata handler with
a pre-defined errata index number and fixup handler.
During the initialization, the TPM spec and errata info will be
remembered and used to check the errata query issued by the callers.
If the errata is omitted, nothing would happen. In contrast, the log
records which errata is applied.
Signed-off-by: Jia Zhang <qianyue.zj(a)alibaba-inc.com>
Commit: 81b20dd81c22a1c95603a16d2778e8c65980b526
https://github.com/01org/tpm2-tools/commit/81b20dd81c22a1c95603a16d2778e8...
Author: Jia Zhang <qianyue.zj(a)alibaba-inc.com>
Date: 2017-10-26 (Thu, 26 Oct 2017)
Changed paths:
M tools/tpm2_create.c
M tools/tpm2_import.c
Log Message:
-----------
tpm2_create, tpm2_import: work around a spec 1.16 errata
TPM 2.0 spec 1.16 errata on decrypt and sign set for a symcipher.
Certain TPM 2.0 chip, e.g, Nationz Z32H320TC, and tpm2simulator
referring to TPM 2.0 spec 1.16 may have an errata, disallowing both
decrypt and sign set for a symcipher object, and in response to
RC_ATTRIBUTES.
This change partially resolves the issue #335 (Make sure that all
tests work on a real TPM hardware) for helping on it regard.
Signed-off-by: Jia Zhang <qianyue.zj(a)alibaba-inc.com>
Commit: 67aee61995fa91ceca7d4dc15c1481e523d03808
https://github.com/01org/tpm2-tools/commit/67aee61995fa91ceca7d4dc15c1481...
Author: Jia Zhang <qianyue.zj(a)alibaba-inc.com>
Date: 2017-10-26 (Thu, 26 Oct 2017)
Changed paths:
M test/system/test_helpers.sh
M test/system/test_tpm2_create.sh
M test/system/test_tpm2_encryptdecrypt.sh
M test/system/test_tpm2_quote.sh
Log Message:
-----------
test: clean up errata wrapper create_object()
This errata is already transparently handled in tools.
Signed-off-by: Jia Zhang <qianyue.zj(a)alibaba-inc.com>
Compare: https://github.com/01org/tpm2-tools/compare/41b14163d20e...67aee61995fa
3 years, 2 months