List view
### Fixed - Fix handling of test result TPM2_RC_NEEDS_TEST in tpm2_gettestresult. - Fix wrong output of BlobDescription for EV_EFI_PLATFORM_FIRMWARE_BLOB2 for tpm2_eventlog. - Fix tpm_getrandom --force parameter now does not require an argument. - tpm2_eventlog: parse vendor_db as EFI_SIGNATURE_DATA - tpm2_clockrateadjust: Fix segfault if no rate adjust specifier was used. - tpm2_policy: Do not overflow list of policy digests. ### Added - tpm2_getekcertificate: Provide option -u for certificates stored in NV ram. - tpm2_loadexternal: Add option rsa_exponent_zero. - tpm2_quote/checkquote: Add new serialization format -F marshaled. - tpm2_certify: Parameter qualifying-data added. - Session support is added for the commands: tpm2_pcrextend, tpm2_event, and tpm2_pcrread. - tpm2_getekcertificate: add option --x509-trunc - tpm2_createek: Add high range templates for rsa20248 and eccp256.
No due date•1/1 issues closed## Fixes: - tpm2_createpolicy: flush session for trial policy
Overdue by 6 month(s)•Due by April 30, 2025•1/8 issues closedcpHash calculation requires: 1. A tcti context because we use SAPI to get cpBuffer and other required information. 2. We also load the authorization and objects, meaning, if we need object name we require such object to exist on the TPM. Both of the above aren't mandatory and cpHash can be calculated without going out to the TPM. This change has to apply to all the tools. An example implementation has been merged here: https://github.com/tpm2-software/tpm2-tools/pull/2783 Some additional information: 1. To specify NV index names in NV tools there will be a new option to --name,-n 2. As for other tools, the -c,-C,etc. options for specifying the object context is used to specify the name of the object. This because in context of calculating cpHash "object contexts" option should specify the name of the object to be factored in the cpHash calculation. 3. It should also be noted that there isn't a tool at the moment to calculate the name of a transient or NV object based on input attributes. This will be a useful addition in the future.
No due date•2/2 issues closedTip: It may be easier to restructure the code to a common layout prior.
No due dateTip: It may be easier to restructure the code to a common layout prior.
No due date•20/95 issues closed```C #include <STANDARD> #include "LIBRARRY" //alphabetical typedef struct TOOL_ctx TOOL_ctx #define MAX_SESSIONS 3 #define MAX_AUX_SESSIONS //tool specific struct TOOL_ctx { /* * Inputs */ /* * Outputs */ /* * Parameter hashes */ const char *cp_hash_path; TPM2B_DIGEST cp_hash; const char *rp_hash_path; TPM2B_DIGEST rp_hash; bool is_command_dispatch; TPMI_ALG_HASH parameter_hash_algorithm; /* * Aux sessions */ uint8_t aux_session_cnt; tpm2_session *aux_session[MAX_AUX_SESSIONS]; const char *aux_session_path[MAX_AUX_SESSIONS]; ESYS_TR aux_session_handle[MAX_AUX_SESSIONS]; } static tool_rc process_output(ESYS_CONTEXT *ectx) { /* * 1. Outputs that do not require TPM2_CC_<command> dispatch */ /* * 2. Outputs generated after TPM2_CC_<command> dispatch */ } static tool_rc process_inputs(ESYS_CONTEXT *ectx) { /* * 1. Object and auth initializations */ /* * 1.a Add the new-auth values to be set for the object. */ /* * 1.b Add object names and their auth sessions */ /* * 2. Restore auxiliary sessions */ /* * 3. Command specific initializations dependent on loaded objects */ /* * 4. Configuration for calculating the pHash */ /* * 4.a Determine pHash length and alg */ /* * 4.b Determine if TPM2_CC_<command> is to be dispatched * !rphash && !cphash [Y] * !rphash && cphash [N] * rphash && !cphash [Y] * rphash && cphash [Y] */ } static tool_rc check_options(void) { } static bool on_option(char key, char *value) { } static bool tpm2_tool_onstart(tpm2_options **opts) { } static tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { /* * 1. Process options */ tool_rc rc = check_options(); if (rc != tool_rc_success) { return rc; } /* * 2. Process inputs */ rc = process_inputs(ectx); if (rc != tool_rc_success) { return rc; } /* * 3. TPM2_CC_<command> call */ rc = TOOL(ectx); if (rc != tool_rc_success) { return rc; } /* * 4. Process outputs */ return process_output(ectx); } static tool_rc tpm2_tool_onstop(ESYS_CONTEXT *ectx) { UNUSED(ectx); /* * 1. Free objects */ /* * 2. Close authorization sessions */ tool_rc rc = tool_rc_success; tool_rc tmp_rc = tpm2_session_close(&TOOL_ctx.session); if (tmp_rc != tool_rc_success) { rc = tmp_rc; } /* * 3. Close auxiliary sessions */ size_t i = 0; for(i = 0; i < ctx.aux_session_cnt; i++) { if (ctx.aux_session_path[i]) { tmp_rc = tpm2_session_close(&ctx.aux_session[i]); if (tmp_rc != tool_rc_success) { rc = tmp_rc; } } } return rc; } // Register this tool with tpm2_tool.c TPM2_TOOL_REGISTER("TOOL", tpm2_tool_onstart, tpm2_tool_onrun, tpm2_tool_onstop, NULL)
No due date•60/95 issues closedReturn a flattened RC known as a "tool_rc" that can be standardized and directly consumed on the command line. Further #1193 #1521 and add support across the tools. Add to coding guideline. Ensure at every PR review.
No due date•3/4 issues closedFixes #708
No due date- No due date
Tip: It may be easier to restructure the code to a common layout prior.
No due date•20/95 issues closedRemaining Esys command tools to implement
No due date•0/5 issues closed