From 16e648e98f62a179f53d7297b5258bd92456f57a Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 30 Aug 2024 14:31:10 -0400 Subject: [PATCH] tpm2: Implement TPMLIB_WasManufactured API call Implement TPMLIB_WasManufactured API call for a TPM 2 so that callers can detect whether a TPM 2 instance was newly created and therefore the profile that was set was also applied. Signed-off-by: Stefan Berger --- include/libtpms/tpm_library.h | 2 ++ include/libtpms/tpm_library.h.in | 2 ++ man/man3/Makefile.am | 2 ++ man/man3/TPMLIB_WasManufactured.pod | 33 +++++++++++++++++++++++++++++ src/libtpms.syms | 1 + src/tpm_library.c | 5 +++++ src/tpm_library_intern.h | 1 + src/tpm_tpm12_interface.c | 6 ++++++ src/tpm_tpm2_interface.c | 10 +++++++++ 9 files changed, 62 insertions(+) create mode 100644 man/man3/TPMLIB_WasManufactured.pod diff --git a/include/libtpms/tpm_library.h b/include/libtpms/tpm_library.h index d9444af48..e556cb2a8 100644 --- a/include/libtpms/tpm_library.h +++ b/include/libtpms/tpm_library.h @@ -172,6 +172,8 @@ TPM_RESULT TPMLIB_GetState(enum TPMLIB_StateType st, TPM_RESULT TPMLIB_SetProfile(const char *profile); +TPM_BOOL TPMLIB_WasManufactured(void); + #ifdef __cplusplus } #endif diff --git a/include/libtpms/tpm_library.h.in b/include/libtpms/tpm_library.h.in index 07c9b1dae..e3f4610a3 100644 --- a/include/libtpms/tpm_library.h.in +++ b/include/libtpms/tpm_library.h.in @@ -172,6 +172,8 @@ TPM_RESULT TPMLIB_GetState(enum TPMLIB_StateType st, TPM_RESULT TPMLIB_SetProfile(const char *profile); +TPM_BOOL TPMLIB_WasManufactured(void); + #ifdef __cplusplus } #endif diff --git a/man/man3/Makefile.am b/man/man3/Makefile.am index b3615f500..8869a6478 100644 --- a/man/man3/Makefile.am +++ b/man/man3/Makefile.am @@ -23,6 +23,7 @@ man3_PODS = \ TPMLIB_SetState.pod \ TPMLIB_ValidateState.pod \ TPMLIB_VolatileAll_Store.pod \ + TPMLIB_WasManufactured.pod \ TPM_Malloc.pod man3_MANS = \ @@ -54,6 +55,7 @@ man3_MANS_generated = \ TPMLIB_RegisterCallbacks.3 \ TPMLIB_ValidateState.3 \ TPMLIB_VolatileAll_Store.3 \ + TPMLIB_WasManufactured.3 \ TPM_Malloc.3 man3_MANS += $(man3_MANS_generated) diff --git a/man/man3/TPMLIB_WasManufactured.pod b/man/man3/TPMLIB_WasManufactured.pod new file mode 100644 index 000000000..27e32570c --- /dev/null +++ b/man/man3/TPMLIB_WasManufactured.pod @@ -0,0 +1,33 @@ +=head1 NAME + +TPMLIB_WasManufactured - Check whether a new instance was created + +=head1 LIBRARY + +TPM library (libtpms, -ltpms) + +=head1 SYNOPSIS + +B<#include > + +B<#include > + +B<#include > + +B + +=head1 DESCRIPTION + +B is used to check whether a new TPM instance was +created using B rather than an already existing one was +restarted. This function will only return a valid result if it is called after +B. + +This function only applies to a TPM 2 and for a TPM 1.2 it will always +return I. + +=head1 SEE ALSO + +B, B(3) + +=cut diff --git a/src/libtpms.syms b/src/libtpms.syms index 649058957..1f965a87c 100644 --- a/src/libtpms.syms +++ b/src/libtpms.syms @@ -41,6 +41,7 @@ LIBTPMS_0.6.0 { LIBTPMS_0.10.0 { global: TPMLIB_SetProfile; + TPMLIB_WasManufactured; local: *; } LIBTPMS_0.6.0; diff --git a/src/tpm_library.c b/src/tpm_library.c index 5a1639942..c5c7d9c03 100644 --- a/src/tpm_library.c +++ b/src/tpm_library.c @@ -272,6 +272,11 @@ TPM_RESULT TPMLIB_SetProfile(const char *profile) return tpm_iface[tpmvers_choice]->SetProfile(profile); } +TPM_BOOL TPMLIB_WasManufactured(void) +{ + return tpm_iface[tpmvers_choice]->WasManufactured(); +} + static struct libtpms_callbacks libtpms_cbs; struct libtpms_callbacks *TPMLIB_GetCallbacks(void) diff --git a/src/tpm_library_intern.h b/src/tpm_library_intern.h index 83b31ece9..c1bc6ca7b 100644 --- a/src/tpm_library_intern.h +++ b/src/tpm_library_intern.h @@ -84,6 +84,7 @@ struct tpm_interface { TPM_RESULT (*GetState)(enum TPMLIB_StateType st, unsigned char **buffer, uint32_t *buflen); TPM_RESULT (*SetProfile)(const char *profile); + TPM_BOOL (*WasManufactured)(void); }; extern const struct tpm_interface DisabledInterface; diff --git a/src/tpm_tpm12_interface.c b/src/tpm_tpm12_interface.c index 3dd7b4457..45a8b585d 100644 --- a/src/tpm_tpm12_interface.c +++ b/src/tpm_tpm12_interface.c @@ -515,6 +515,11 @@ static TPM_RESULT TPM12_SetProfile(const char *profile) return TPM_FAIL; } +static TPM_BOOL TPM12_WasManufactured(void) +{ + return FALSE; +} + const struct tpm_interface TPM12Interface = { .MainInit = TPM12_MainInit, .Terminate = TPM12_Terminate, @@ -533,4 +538,5 @@ const struct tpm_interface TPM12Interface = { .SetState = TPM12_SetState, .GetState = TPM12_GetState, .SetProfile = TPM12_SetProfile, + .WasManufactured = TPM12_WasManufactured, }; diff --git a/src/tpm_tpm2_interface.c b/src/tpm_tpm2_interface.c index 786e09fa3..f3b4330d7 100644 --- a/src/tpm_tpm2_interface.c +++ b/src/tpm_tpm2_interface.c @@ -70,6 +70,7 @@ extern BOOL g_inFailureMode; static BOOL reportedFailureCommand; static char *g_profile; +static TPM_BOOL g_wasManufactured; /* * Check whether the main NVRAM file exists. Return TRUE if it doesn, FALSE otherwise @@ -108,6 +109,7 @@ static TPM_RESULT TPM2_MainInit(void) g_inFailureMode = FALSE; reportedFailureCommand = FALSE; + g_wasManufactured = FALSE; #ifdef TPM_LIBTPMS_CALLBACKS struct libtpms_callbacks *cbs = TPMLIB_GetCallbacks(); @@ -141,6 +143,8 @@ static TPM_RESULT TPM2_MainInit(void) TPMLIB_LogTPM2Error("%s: TPM_Manufacture(TRUE) failed or TPM in " "failure mode\n", __func__); reportedFailureCommand = TRUE; + } else { + g_wasManufactured = TRUE; } } } else if (!has_nvram_loaddata_callback) { @@ -831,6 +835,11 @@ static TPM_RESULT TPM2_SetProfile(const char *profile) return TPM_SUCCESS; } +static TPM_BOOL TPM2_WasManufactured(void) +{ + return g_wasManufactured; +} + const struct tpm_interface TPM2Interface = { .MainInit = TPM2_MainInit, .Terminate = TPM2_Terminate, @@ -849,4 +858,5 @@ const struct tpm_interface TPM2Interface = { .SetState = TPM2_SetState, .GetState = TPM2_GetState, .SetProfile = TPM2_SetProfile, + .WasManufactured = TPM2_WasManufactured, };