security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

tpmd2: Add Support for the Intel TSS

Browse source 
* configure.ac: Check for Intel TSS.
* tpm2d/intel-tss.h: New.
* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.

--
The Intel TSS is somewhat of a moving target, so this wraps support
for this TSS into tpm2daemon.  Unfortunately this wrapper uses some
APIs that are only present in a relatively recent Intel TSS, so it
looks like it will only work with version 2.4.0 or higher.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

- Add header blurb; see previous patch.
- Add new file to the Makefile

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
James Bottomley via Gnupg-devel 2021-03-09 13:50:32 -08:00 committed by Werner Koch
parent 6a83fc073d
commit b9c560e3a4
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 713 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

29
configure.ac
View file

@ -1596,8 +1596,9 @@ AC_SUBST(W32SOCKLIBS)
_save_libs="$LIBS"
_save_cflags="$CFLAGS"
LIBS=""
AC_SEARCH_LIBS([TSS_Create], [tss ibmtss],have_libtss=yes,)
if test "$have_libtss" = yes; then
AC_SEARCH_LIBS([TSS_Create], [tss ibmtss],have_libtss=IBM,
AC_SEARCH_LIBS([Esys_Initialize], [tss2-esys],have_libtss=Intel))
if test "$have_libtss" = IBM; then
LIBTSS_CFLAGS="-DTPM_POSIX"
CFLAGS="$CFLAGS ${LIBTSS_CFLAGS}"
AC_CHECK_HEADER([tss2/tss.h],[AC_DEFINE(TSS_INCLUDE,tss2, [tss2 include location])], [
@ -1607,18 +1608,34 @@ if test "$have_libtss" = yes; then
])
])
LIBTSS_LIBS=$LIBS
AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
AC_SUBST(TSS_INCLUDE)
elif test "$have_libtss" = Intel; then
##
# Intel TSS has an API issue: Esys_TR_GetTpmHandle wasn't introduced
# until version 2.4.0.
#
# Note: the missing API is fairly serious and is also easily backportable
# so keep the check below as is intead of going by library version number.
##
AC_CHECK_LIB(tss2-esys, Esys_TR_GetTpmHandle, [], [
AC_MSG_WARN([Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)])
have_libtss=no
])
LIBTSS_LIBS="$LIBS -ltss2-mu -ltss2-rc -ltss2-tctildr"
AC_DEFINE(HAVE_INTEL_TSS, 1, [Defined if we have the Intel TSS])
fi
LIBS="$_save_libs"
CFLAGS="$_save_cflags"
if test "$have_libtss" != no; then
AC_DEFINE(HAVE_LIBTSS, 1, [Defined if we have TPM2 support library])
# look for a TPM emulator for testing
AC_PATH_PROG(TPMSERVER, tpm_server,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
AC_PATH_PROG(SWTPM, swtpm,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
AC_PATH_PROG(SWTPM_IOCTL, swtpm_ioctl,,/bin:/usr/bin:/usr/lib/ibmtss:/usr/libexec/ibmtss)
fi
LIBS="$_save_libs"
CFLAGS="$_save_cflags"
AC_SUBST(LIBTSS_LIBS)
AC_SUBST(LIBTSS_CFLAGS)
AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" = yes)
AM_CONDITIONAL(HAVE_LIBTSS, test "$have_libtss" != no)
AM_CONDITIONAL(TEST_LIBTSS, test -n "$TPMSERVER" -o -n "$SWTPM")
AC_SUBST(HAVE_LIBTSS)