From: Jason Andryuk Date: Thu, 6 May 2021 13:59:14 +0000 (-0400) Subject: vtpmmgr: Allow specifying srk_handle for TPM2 X-Git-Tag: archive/raspbian/4.16.0+51-g0941d6cb-1+rpi1~2^2~42^2~546 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3f1b5080d64d2b66a686133e9f24998a3609d1a3;p=xen.git vtpmmgr: Allow specifying srk_handle for TPM2 Bypass taking ownership of the TPM2 if an srk_handle is specified. This srk_handle must be usable with Null auth for the time being. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod index 875dcce508..3286954568 100644 --- a/docs/man/xen-vtpmmgr.7.pod +++ b/docs/man/xen-vtpmmgr.7.pod @@ -92,6 +92,13 @@ Valid arguments: =over 4 +=item srk_handle= + +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and +this allow specifying the parent handle for vtpmmgr to create its own +key under. Using this option bypasses vtpmmgr trying to take ownership +of the TPM. + =item owner_auth= =item srk_auth= diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 2d314d98e8..decf8e8b4d 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts) goto err_invalid; } } + else if(!strncmp(argv[i], "srk_handle=", 11)) { + if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) { + goto err_invalid; + } + } else if(!strncmp(argv[i], "tpmdriver=", 10)) { if(!strcmp(argv[i] + 10, "tpm_tis")) { opts->tpmdriver = TPMDRV_TPM_TIS; @@ -572,7 +577,11 @@ TPM_RESULT vtpmmgr2_create(void) { TPM_RESULT status = TPM_SUCCESS; - TPMTRYRETURN(tpm2_take_ownership()); + if ( vtpm_globals.srk_handle == 0 ) { + TPMTRYRETURN(tpm2_take_ownership()); + } else { + tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area); + } /* create SK */ TPM2_Create_Params_out out;