The patches are modified,please review. If they are ok,please apply them timely,
Thank you! Regards Xiaokai -----Original Message----- From: Kent Yoder [mailto:[email protected]] Sent: Wednesday, February 06, 2013 7:25 AM To: Wang, Xiaokai Cc: [email protected] Subject: Re: [TrouSerS-tech] patches about tpm_nvinfo and tpm_nvdefine commands Hi Xiaokai, On Mon, Jan 21, 2013 at 1:57 AM, Wang, Xiaokai <[email protected]> wrote: > Hi all, > > > > I make two patches about tpm-tools enhancement,one is info.patch that > adds a > > function displaying TPM_PERMANT_FLAGS requiring permissions(ownerpassword). > > After applying info.patch and recompiling sourcecode,you can use > "tpm_nvinfo -f > > ownerpssword" showing that. For info.patch, the output looks good, but instead of "-f <ownerpassword>" we should match the other commands. Please leave -f as the command arg (maybe add "--flags" as the long version), but then add a separate argument for the owner's password, as is done in tpm_nvdefine, for example. > Another one,define.patch,adds two optional arguments "-W > localityselection -R > For define.patch, lets spell out the possible locality numbers in the help text, such as: TPM_LOC_ZERO=1 TPM_LOC_ONE=2 ... Also, please patch the man pages to update them with the new options. Thanks, Kent > localityselection " meaning when defining index you can select > 'read/write locality' > > > > The pathes are below and attach file,please review. > > If you think they are no problem, I hope you can apply them. > > > > > > /*************************info.patch > below******************************/ > > > > Add function that displays TPM_PERMANENT_FLAGS requiring > permission(ownerpassword) > > > > Signed-off-by:Xiaokai Wang <[email protected]> > > > > diff --git a/src/tpm_mgmt/tpm_nvinfo.c b/src/tpm_mgmt/tpm_nvinfo.c > > index 8964681..ee3e7d4 100644 > > --- a/src/tpm_mgmt/tpm_nvinfo.c > > +++ b/src/tpm_mgmt/tpm_nvinfo.c > > @@ -26,9 +26,12 @@ > > #include "tpm_utils.h" > > #include "tpm_nvcommon.h" > > +#define BUFFER_SIZE 1024 > > static BOOL nvindex_set; > > static unsigned int nvindex; > > +static const char *ownerpassword; > > +static int perm_flags; > > static BOOL list_only; > > TSS_HCONTEXT hContext = 0; > > @@ -51,6 +54,11 @@ static int parse(const int aOpt, const char *aArg) > > nvindex_set = FALSE; > > break; > > + case 'f': > > + ownerpassword = aArg; > > + perm_flags = 1; > > + break; > > + > > default: > > return -1; > > } > > @@ -64,6 +72,9 @@ static void help(const char* aCmd) > > logNVIndexCmdOption(); > > logCmdOption("-n, --list-only", > > _("Only list the defined NVRAM areas' indices.")); > > + > > + logCmdOption("-f, --ownerpassword", > > + _("displays TPM_PERMANENT_FLAGS")); > > } > > > > @@ -142,10 +153,155 @@ static void nvindexDisplay(TSS_HTPM hTpm, > UINT32 > nvindex) > > return; > > } > > +const char *bool_to_str(int b) > > +{ > > + return b ? "TRUE" : "FALSE"; > > +} > > + > > +void Decode_copy_UINT32(uint32_t *out,unsigned char **blob) > > +{ > > + *out = Decode_UINT32((BYTE *)*blob); > > + *blob += sizeof(*out); > > +} > > + > > +typedef struct { > > + uint32_t disable : 1; > > + uint32_t ownership : 1; > > + uint32_t deactivated : 1; > > + uint32_t readPubek : 1; > > + uint32_t disableOwnerClear : 1; > > + uint32_t allowMaintenance : 1; > > + uint32_t physicalPresenceLifetimeLock : 1; > > + uint32_t physicalPresenceHWEnable : 1; > > + uint32_t physicalPresenceCMDEnable : 1; > > + uint32_t CEKPUsed : 1; > > + uint32_t TPMpost : 1; > > + uint32_t TPMpostLock : 1; > > + uint32_t FIPS : 1; > > + uint32_t Operator : 1; > > + uint32_t enableRevokeEK : 1; > > + uint32_t nvLocked : 1; > > + uint32_t readSRKPub : 1; > > + uint32_t tpmEstablished : 1; > > + uint32_t maintenanceDone : 1; > > +} tpm_perm_flags_t; > > + > > +typedef struct { > > + uint32_t deactivated : 1; > > + uint32_t disableForceClear : 1; > > + uint32_t physicalPresence : 1; > > + uint32_t physicalPresenceLock : 1; > > + uint32_t bGlobalLock : 1; > > +} tpm_stclear_flags_t; > > + > > +TSS_RESULT > > +display_flags(void) > > +{ > > + TSS_HPOLICY htpmpolicy = 0; > > + TSS_HCONTEXT hcontext = 0; > > + TSS_HTPM htpm = 0; > > + > > + uint32_t i; > > + uint32_t subcap = 0; > > + uint32_t datasize = 0; > > + unsigned char *pbuf; > > + int opswd_len = -1; > > + tpm_perm_flags_t perm_flags; > > + tpm_stclear_flags_t stclear_flags; > > + > > + if (contextCreate(&hcontext) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (contextConnect(hcontext) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (contextGetTpm(hcontext, &htpm) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (policyGet(htpm, &htpmpolicy) != TSS_SUCCESS) > > + goto out_close; > > + if (opswd_len < 0) > > + opswd_len = strlen(ownerpassword); > > + if (policySetSecret(htpmpolicy, opswd_len, > > + (BYTE *)ownerpassword) != > + TSS_SUCCESS) > > + goto out_close; > > + > > + if (getCapability(htpm, TSS_TPMCAP_FLAG, 4, (unsigned char > *)&subcap, > > + &datasize, &pbuf) != TSS_SUCCESS) { > > + logMsg(_("error getting TPM_PERMANENT_FLAGS.\n")); > > + goto out_close; > > + } > > + > > + if (datasize != 2*sizeof(uint32_t)) { > > + logMsg(_("error getting TPM_PERMANENT_FLAGS.\n")); > > + goto out_close; > > + } > > + > > + if (pbuf == NULL) { > > + logMsg(_("error getting TPM_PERMANENT_FLAGS.\n")); > > + goto out_close; > > + } > > + > > + logMsg("The response data is:\n"); > > + for (i = 0; i < datasize; i++) { > > + logMsg("%02x ", pbuf[i]); > > + > > + if (i%16 == 15) > > + logMsg("\n"); > > + } > > + logMsg("\n"); > > + > > + Decode_copy_UINT32((uint32_t *)&perm_flags, &pbuf); > > + Decode_copy_UINT32((uint32_t *)&stclear_flags, &pbuf); > > + > > + logMsg("TPM_PERMANENT_FLAGS:\n"); > > + logMsg("\t disable: %s\n", bool_to_str(perm_flags.disable)); > > + logMsg("\t ownership: %s\n", > + bool_to_str(perm_flags.ownership)); > > + logMsg("\t deactivated: %s\n", > + bool_to_str(perm_flags.deactivated)); > > + logMsg("\t readPubek: %s\n", > + bool_to_str(perm_flags.readPubek)); > > + logMsg("\t disableOwnerClear: %s\n", > > + bool_to_str(perm_flags.disableOwnerClear)); > > + logMsg("\t allowMaintenance: %s\n", > > + bool_to_str(perm_flags.allowMaintenance)); > > + logMsg("\t physicalPresenceLifetimeLock: %s\n", > > + > + bool_to_str(perm_flags.physicalPresenceLifetimeLock)); > > + logMsg("\t physicalPresenceHWEnable: %s\n", > > + bool_to_str(perm_flags.physicalPresenceHWEnable)); > > + logMsg("\t physicalPresenceCMDEnable: %s\n", > > + bool_to_str(perm_flags.physicalPresenceCMDEnable)); > > + logMsg("\t CEKPUsed: %s\n", bool_to_str(perm_flags.CEKPUsed)); > > + logMsg("\t TPMpost: %s\n", bool_to_str(perm_flags.TPMpost)); > > + logMsg("\t TPMpostLock: %s\n", > + bool_to_str(perm_flags.TPMpostLock)); > > + logMsg("\t FIPS: %s\n", bool_to_str(perm_flags.FIPS)); > > + logMsg("\t Operator: %s\n", bool_to_str(perm_flags.Operator)); > > + logMsg("\t enableRevokeEK: %s\n", > > + bool_to_str(perm_flags.enableRevokeEK)); > > + logMsg("\t nvLocked: %s\n", bool_to_str(perm_flags.nvLocked)); > > + logMsg("\t readSRKPub: %s\n", > + bool_to_str(perm_flags.readSRKPub)); > > + logMsg("\t tpmEstablished: %s\n", > > + bool_to_str(perm_flags.tpmEstablished)); > > + logMsg("\t maintenanceDone: %s\n", > > + bool_to_str(perm_flags.maintenanceDone)); > > + > > + logMsg("\nTPM_STCLEAR_FLAGS:\n"); > > + logMsg("\t deactivated: %s\n", > bool_to_str(stclear_flags.deactivated)); > > + logMsg("\t disableForceClear: %s\n", > > + bool_to_str(stclear_flags.disableForceClear)); > > + logMsg("\t physicalPresence: %s\n", > > + bool_to_str(stclear_flags.physicalPresence)); > > + logMsg("\t physicalPresenceLock: %s\n", > > + bool_to_str(stclear_flags.physicalPresenceLock)); > > + logMsg("\t bGlobalLock: %s\n", > bool_to_str(stclear_flags.bGlobalLock)); > > + > > + out_close: > > + contextClose(hcontext); > > + > > + return TSS_SUCCESS; > > +} > > int main(int argc, char **argv) > > { > > - TSS_HTPM hTpm; > > + TSS_HTPM hTpm = 0; > > UINT32 ulResultLen; > > BYTE *pResult = NULL; > > int iRc = -1; > > @@ -153,16 +309,29 @@ int main(int argc, char **argv) > > struct option hOpts[] = { > > {"index" , required_argument, NULL, 'i'}, > > {"list-only", no_argument, NULL, 'n'}, > > + {"ownpasswd", required_argument, NULL, 'f'}, > > {NULL , no_argument, NULL, 0}, > > }; > > initIntlSys(); > > if (genericOptHandler > > - (argc, argv, "i:o:n", hOpts, > > + (argc, argv, "i:o:f:n", hOpts, > > sizeof(hOpts) / sizeof(struct option), parse, > help) != > 0) > > goto out; > > + if (perm_flags) { > > + if (ownerpassword == NULL) { > > + logMsg(_("no passwd input!need ownerpassword > + to > display flags.\n")); > > + return iRc; > > + } else if (display_flags() != TSS_SUCCESS) > > + return iRc; > > + > > + iRc = 0; > > + > > + return iRc; > > + } > > + > > if (contextCreate(&hContext) != TSS_SUCCESS) > > goto out; > > > > /*************************define.patch > below******************************/ > > > > Add choice that read/write locality selection when defining nv index. > > > > Signed-off-by:Xiaokai Wang <[email protected]> > > > > diff --git a/src/tpm_mgmt/tpm_nvdefine.c b/src/tpm_mgmt/tpm_nvdefine.c > > index e2c748f..d5a89ef 100644 > > --- a/src/tpm_mgmt/tpm_nvdefine.c > > +++ b/src/tpm_mgmt/tpm_nvdefine.c > > @@ -27,6 +27,10 @@ > > #include "tpm_utils.h" > > #include "tpm_nvcommon.h" > > +static unsigned int r_loc_arg = 0; > > +static unsigned int w_loc_arg = 0; > > +static unsigned int r_loc_flag = 0; > > +static unsigned int w_loc_flag = 0; > > static unsigned int nvindex; > > static BOOL nvindex_set; > > static unsigned int nvperm; > > @@ -122,6 +126,20 @@ static int parse(const int aOpt, const char > *aArg) > > return -1; > > break; > > + case 'R': > > + if (parseHexOrDecimal(aArg, &r_loc_arg, 0, UINT_MAX, > > + "read localityValue") != 0) > > + return -1; > > + r_loc_flag = 1; > > + break; > > + > > + case 'W': > > + if (parseHexOrDecimal(aArg, &w_loc_arg, 0, UINT_MAX, > > + "write localityValue") != 0) > > + return -1; > > + w_loc_flag = 1; > > + break; > > + > > case 'f': > > filename = aArg; > > break; > > @@ -152,6 +170,11 @@ static void help(const char* aCmd) > > _("PCRs to seal the NVRAM area to for reading (use > multiple times)")); > > logCmdOption("-w, --wpcrs", > > _("PCRs to seal the NVRAM area to for writing (use > multiple times)")); > > + logCmdOption("-R, --rlv", > > + _("read locality value:uint8.there are 5 > localities:0~4.\n" > > + "\t\tfor example,locality value is 0x18 if > locality 3 or 4.")); > > + logCmdOption("-W, --wlv", > > + _("write locality value:uint8.the same as read > + locality > value.")); > > logCmdOption("-f, --filename", > > _("File containing PCR info for the NVRAM area")); > > @@ -252,6 +275,8 @@ int main(int argc, char **argv) > > {"rpcrs" , required_argument, NULL, 'r'}, > > {"wpcrs" , required_argument, NULL, 'w'}, > > {"filename" , required_argument, NULL, 'f'}, > > + {"rlv" , optional_argument, NULL, 'R'}, > > + {"wlv" , optional_argument, NULL, 'W'}, > > {"pwdo" , optional_argument, NULL, 'o'}, > > {"pwda" , optional_argument, NULL, 'a'}, > > {"use-unicode" , no_argument, NULL, 'u'}, > > @@ -266,7 +291,7 @@ int main(int argc, char **argv) > > initIntlSys(); > > if (genericOptHandler > > - (argc, argv, "i:s:p:o:a:r:w:f:yzu", hOpts, > > + (argc, argv, "i:s:p:o:a:r:w:R:W:f:yzu", hOpts, > > sizeof(hOpts) / sizeof(struct option), parse, > help) != > 0) > > goto out; > > @@ -451,13 +476,39 @@ int main(int argc, char **argv) > > goto out_close_obj; > > } > > - if (hPcrsRead) > > + if (r_loc_arg > 0x1f) { > > + logMsg(_("wrong read locality number!\n")); > > + goto out_close; > > + } > > + > > + if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, > + initFlag, > > + &hPcrsRead) != TSS_SUCCESS) > > + goto out_close; > > + > > + if (r_loc_flag == 1) { > > + if (pcrcompositeSetPcrLocality(hPcrsRead, r_loc_arg) > + != > TSS_SUCCESS) > > + goto out_close; > > + } else { > > if (pcrcompositeSetPcrLocality(hPcrsRead, > localityValue) != > TSS_SUCCESS) > > goto out_close; > > + } > > + > > + if (w_loc_arg > 0x1f) { > > + logMsg(_("wrong write locality number!\n")); > > + goto out_close; > > + } > > + > > + if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, > + initFlag, > > + &hPcrsWrite) != TSS_SUCCESS) > > + goto out_close; > > - if (hPcrsWrite) > > + if (w_loc_flag == 1) { > > + if (pcrcompositeSetPcrLocality(hPcrsWrite, w_loc_arg) > + != > TSS_SUCCESS) > > + goto out_close; > > + } else { > > if (pcrcompositeSetPcrLocality(hPcrsWrite, > localityValue) != > TSS_SUCCESS) > > goto out_close; > > + } > > if (NVDefineSpace(nvObject, hPcrsRead, hPcrsWrite) != > TSS_SUCCESS) > > goto out_close; > > > > Regards > > Xiaokai > > > > > ---------------------------------------------------------------------- > -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, > HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your > skills current with LearnDevNow - 3,200 step-by-step video tutorials > by Microsoft MVPs and experts. SALE $99.99 this month only -- learn > more at: > http://p.sf.net/sfu/learnmore_122412 > _______________________________________________ > TrouSerS-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-tech >
define.patch
Description: define.patch
man_define.8.patch
Description: man_define.8.patch
man_define.pod.patch
Description: man_define.pod.patch
info.patch
Description: info.patch
man_info.8.patch
Description: man_info.8.patch
man_info.pod.patch
Description: man_info.pod.patch
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
