Migrate to official TPM ref code #440
Comments
|
As we discussed yesterday in the community call, I'll look into this issue in the next days in order to move our TPM to https://github.com/TrustedComputingGroup/TPM |
stefano-garzarella
added a commit
to stefano-garzarella/svsm
that referenced
this issue
Nov 12, 2024
Let's switch to the official TPM 2.0 Reference Implementation hosted in https://github.com/TrustedComputingGroup/TPM. We now use the 1.83 version, commit 97c2783 ("Trusted Computing Group (TCG) TPM Specification 1.83 Release reference code. (coconut-svsm#262)"). The main difference with the previous version is that `-DSIMULATION=NO` is no longer supported to disable the simulation code, but the use of `TpmConfiguration` is strongly recommended. This allows us to better configure our TPM. For now let's copy the upstream version of TpmConfiguration and disable some features to remove the simulation behaviour: $ diff -ru libtcgtpm/deps/tpm-20-ref/TPMCmd/TpmConfiguration libtcgtpm/deps/TpmConfiguration --- libtcgtpm/deps/tpm-20-ref/TPMCmd/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h 2024-11-12 15:16:57.087949276 +0100 +++ libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h 2024-11-12 16:09:35.144106758 +0100 @@ -49,12 +49,12 @@ // macros will make sure that it is set correctly. A simulated TPM would include a // Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard // ones in the Simulator project. -#define SIMULATION YES +#define SIMULATION NO // The CRYPTO_LIB_REPORTING switch allows the TPM to report its // crypto library implementation, e.g., at simulation startup. -#define CRYPTO_LIB_REPORTING YES +#define CRYPTO_LIB_REPORTING NO // If doing debug, can set the DRBG to print out the intermediate test values. // Before enabling this, make sure that the dbgDumpMemBlock() function @@ -92,7 +92,7 @@ // g_forceFailureMode flag in the TPM library while leaving the rest of the TPM // behavior alone. Useful for testing when the full set of options controlled by // SIMULATION may not be desired. -#define ALLOW_FORCE_FAILURE_MODE YES +#define ALLOW_FORCE_FAILURE_MODE NO //////////////////////////////////////////////////////////////// // Internal checks Fixes: coconut-svsm#440 Suggested-by: James E.J. Bottomley <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]>
stefano-garzarella
added a commit
to stefano-garzarella/svsm
that referenced
this issue
Nov 13, 2024
Let's switch to the official TPM 2.0 Reference Implementation hosted in https://github.com/TrustedComputingGroup/TPM. We now use the 1.83 version, commit 97c2783 ("Trusted Computing Group (TCG) TPM Specification 1.83 Release reference code. (coconut-svsm#262)"). The main difference with the previous version is that `-DSIMULATION=NO` is no longer supported to disable the simulation code, but the use of `TpmConfiguration` is strongly recommended. This allows us to better configure our TPM. For now let's copy the upstream version of TpmConfiguration and disable some features to remove the simulation behaviour: $ diff -ru libtcgtpm/deps/tpm-20-ref/TPMCmd/TpmConfiguration libtcgtpm/deps/TpmConfiguration --- libtcgtpm/deps/tpm-20-ref/TPMCmd/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h 2024-11-12 15:16:57.087949276 +0100 +++ libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h 2024-11-12 16:09:35.144106758 +0100 @@ -49,12 +49,12 @@ // macros will make sure that it is set correctly. A simulated TPM would include a // Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard // ones in the Simulator project. -#define SIMULATION YES +#define SIMULATION NO // The CRYPTO_LIB_REPORTING switch allows the TPM to report its // crypto library implementation, e.g., at simulation startup. -#define CRYPTO_LIB_REPORTING YES +#define CRYPTO_LIB_REPORTING NO // If doing debug, can set the DRBG to print out the intermediate test values. // Before enabling this, make sure that the dbgDumpMemBlock() function @@ -92,7 +92,7 @@ // g_forceFailureMode flag in the TPM library while leaving the rest of the TPM // behavior alone. Useful for testing when the full set of options controlled by // SIMULATION may not be desired. -#define ALLOW_FORCE_FAILURE_MODE YES +#define ALLOW_FORCE_FAILURE_MODE NO //////////////////////////////////////////////////////////////// // Internal checks Fixes: coconut-svsm#440 Suggested-by: James E.J. Bottomley <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current code is using https://github.com/coconut-svsm/svsm/tree/main/libmstpm/deps.
Feedback from James Bottomley [email protected]
==============
Just a note for the vTPM reference implementation which, I think,
applies to both you and the current SVSM-vTPM: the reference TPM
implementation has moved to
https://github.com/TrustedComputingGroup/TPM
And the one you list (https://github.com/microsoft/ms-tpm-20-ref) is
now a stale copy that isn't being kept up to date.
==============
The text was updated successfully, but these errors were encountered: