List view
### Fixed - tpm2_makecredential: fix wrong tcg ek templates - tpm2_checkquote: Fix memory leaks, malloced buffer not always freed - tpm2_checkquote: Fix missing error checking - tpm2_getekcertificate: Fix curl_easy_setopt type warnings - tpm2_makecredential: Fix usage of name parameter. - tpm2_quote/checkquote: Fix usage of little endian serialization. - tpm2_eventlog: parse vendor_db as EFI_SIGNATURE_DATA - tpm2_eventlog: Fix parsing on big-endian systems - tpm2_clockrateadjust: Fix segfault. - tpm2_policy: Do not overflow list of policy digests - tpm2_eventlog: Fix pretty print for efivar 39 - tpm2_encode: Fix setting emptyAuth in generated pem file. - tpm2_eventlog_yaml.c Fix output of BlobDescription. - tpm2_getrandom: Fix --force parameter - tpm2_getekcertificate: fix impl to prioritize low range certificate - Options: Add option to allow usage of password session. - tpm2_createpolicy: flush session for trial policy. - tpm2_evictcontrol.c: Fix segfault for output of handle ESYS_TR_NONE - pcr commands: Fix session leaks ### Added - tpm2_quote/checkquote: Add new serialization format is added (-F marshaled). - tpm2_loadexternal: Add option rsa_exponent_zero - tpm2_createek: Add high range templates for rsa20248 and eccp256 - tpm2_certify: Add parameter qualifying-data. - pcr commands: session support added. - tpm2_getekcertificate: add option --x509-trunc - tpm2_getekcertificate: Provide option -u for certs in NV ram. - tpm2_gettestresult: Fix handling of test result.
No due date### Fixed ### Added
No due date## Fixes: - tpm2_createpolicy: flush session for trial policy
Overdue by 8 month(s)•Due by April 30, 2025•1/8 issues closedcpHash calculation requires: 1. A tcti context because we use SAPI to get cpBuffer and other required information. 2. We also load the authorization and objects, meaning, if we need object name we require such object to exist on the TPM. Both of the above aren't mandatory and cpHash can be calculated without going out to the TPM. This change has to apply to all the tools. An example implementation has been merged here: https://github.com/tpm2-software/tpm2-tools/pull/2783 Some additional information: 1. To specify NV index names in NV tools there will be a new option to --name,-n 2. As for other tools, the -c,-C,etc. options for specifying the object context is used to specify the name of the object. This because in context of calculating cpHash "object contexts" option should specify the name of the object to be factored in the cpHash calculation. 3. It should also be noted that there isn't a tool at the moment to calculate the name of a transient or NV object based on input attributes. This will be a useful addition in the future.
No due date•2/2 issues closedTip: It may be easier to restructure the code to a common layout prior.
No due dateTip: It may be easier to restructure the code to a common layout prior.
No due date•20/95 issues closed```C #include <STANDARD> #include "LIBRARRY" //alphabetical typedef struct TOOL_ctx TOOL_ctx #define MAX_SESSIONS 3 #define MAX_AUX_SESSIONS //tool specific struct TOOL_ctx { /* * Inputs */ /* * Outputs */ /* * Parameter hashes */ const char *cp_hash_path; TPM2B_DIGEST cp_hash; const char *rp_hash_path; TPM2B_DIGEST rp_hash; bool is_command_dispatch; TPMI_ALG_HASH parameter_hash_algorithm; /* * Aux sessions */ uint8_t aux_session_cnt; tpm2_session *aux_session[MAX_AUX_SESSIONS]; const char *aux_session_path[MAX_AUX_SESSIONS]; ESYS_TR aux_session_handle[MAX_AUX_SESSIONS]; } static tool_rc process_output(ESYS_CONTEXT *ectx) { /* * 1. Outputs that do not require TPM2_CC_<command> dispatch */ /* * 2. Outputs generated after TPM2_CC_<command> dispatch */ } static tool_rc process_inputs(ESYS_CONTEXT *ectx) { /* * 1. Object and auth initializations */ /* * 1.a Add the new-auth values to be set for the object. */ /* * 1.b Add object names and their auth sessions */ /* * 2. Restore auxiliary sessions */ /* * 3. Command specific initializations dependent on loaded objects */ /* * 4. Configuration for calculating the pHash */ /* * 4.a Determine pHash length and alg */ /* * 4.b Determine if TPM2_CC_<command> is to be dispatched * !rphash && !cphash [Y] * !rphash && cphash [N] * rphash && !cphash [Y] * rphash && cphash [Y] */ } static tool_rc check_options(void) { } static bool on_option(char key, char *value) { } static bool tpm2_tool_onstart(tpm2_options **opts) { } static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { /* * 1. Process options */ tool_rc rc = check_options(); if (rc != tool_rc_success) { return rc; } /* * 2. Process inputs */ rc = process_inputs(ectx); if (rc != tool_rc_success) { return rc; } /* * 3. TPM2_CC_<command> call */ rc = TOOL(ectx); if (rc != tool_rc_success) { return rc; } /* * 4. Process outputs */ return process_output(ectx); } static tool_rc tpm2_tool_onstop(ESYS_CONTEXT *ectx) { UNUSED(ectx); /* * 1. Free objects */ /* * 2. Close authorization sessions */ tool_rc rc = tool_rc_success; tool_rc tmp_rc = tpm2_session_close(&TOOL_ctx.session); if (tmp_rc != tool_rc_success) { rc = tmp_rc; } /* * 3. Close auxiliary sessions */ size_t i = 0; for(i = 0; i < ctx.aux_session_cnt; i++) { if (ctx.aux_session_path[i]) { tmp_rc = tpm2_session_close(&ctx.aux_session[i]); if (tmp_rc != tool_rc_success) { rc = tmp_rc; } } } return rc; } // Register this tool with tpm2_tool.c TPM2_TOOL_REGISTER("TOOL", tpm2_tool_onstart, tpm2_tool_onrun, tpm2_tool_onstop, NULL)
No due date•60/95 issues closedReturn a flattened RC known as a "tool_rc" that can be standardized and directly consumed on the command line. Further #1193 #1521 and add support across the tools. Add to coding guideline. Ensure at every PR review.
No due date•3/4 issues closedFixes #708
No due date- No due date
Tip: It may be easier to restructure the code to a common layout prior.
No due date•20/95 issues closedRemaining Esys command tools to implement
No due date•0/5 issues closed