libvirt/src/util/virtpm.c

/*
 * virtpm.c: TPM support
 *
 * Copyright (C) 2013 IBM Corporation
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library.  If not, see
 * <http://www.gnu.org/licenses/>.
 */

#include <config.h>

#include <sys/stat.h>

#include "virstring.h"
#include "virerror.h"
#include "viralloc.h"
#include "virfile.h"
#include "virtpm.h"

#define VIR_FROM_THIS VIR_FROM_NONE

/**
 * virTPMCreateCancelPath:
 * @devpath: Path to the TPM device
 *
 * Create the cancel path given the path to the TPM device
 */
char *
virTPMCreateCancelPath(const char *devpath)
{
    char *path = NULL;
    const char *dev;
    const char *prefix[] = {"misc/", "tpm/"};
    size_t i;

    if (devpath) {
        dev = strrchr(devpath, '/');
        if (dev) {
            dev++;
            for (i = 0; i < ARRAY_CARDINALITY(prefix); i++) {
                if (virAsprintf(&path, "/sys/class/%s%s/device/cancel",
                                prefix[i], dev) < 0)
                     goto cleanup;

                if (virFileExists(path))
                    break;

                VIR_FREE(path);
            }
            if (!path)
                ignore_value(VIR_STRDUP(path, "/dev/null"));
        } else {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("TPM device path %s is invalid"), devpath);
        }
    } else {
        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                       _("Missing TPM device path"));
    }

 cleanup:
    return path;
}

/*
 * executables for the swtpm; to be found on the host
 */
static virMutex swtpm_tools_lock = VIR_MUTEX_INITIALIZER;
static char *swtpm_path;
static char *swtpm_setup;
static char *swtpm_ioctl;

char *
virTPMGetSwtpm(void)
{
    char *s;

    if (!swtpm_path && virTPMEmulatorInit() < 0)
        return NULL;

    virMutexLock(&swtpm_tools_lock);
    ignore_value(VIR_STRDUP(s, swtpm_path));
    virMutexUnlock(&swtpm_tools_lock);

    return s;
}

char *
virTPMGetSwtpmSetup(void)
{
    char *s;

    if (!swtpm_setup && virTPMEmulatorInit() < 0)
        return NULL;

    virMutexLock(&swtpm_tools_lock);
    ignore_value(VIR_STRDUP(s, swtpm_setup));
    virMutexUnlock(&swtpm_tools_lock);

    return s;
}

char *
virTPMGetSwtpmIoctl(void)
{
    char *s;

    if (!swtpm_ioctl && virTPMEmulatorInit() < 0)
        return NULL;

    virMutexLock(&swtpm_tools_lock);
    ignore_value(VIR_STRDUP(s, swtpm_ioctl));
    virMutexUnlock(&swtpm_tools_lock);

    return s;
}

/*
 * virTPMEmulatorInit
 *
 * Initialize the Emulator functions by searching for necessary
 * executables that we will use to start and setup the swtpm
 */
int
virTPMEmulatorInit(void)
{
    int ret = -1;

    virMutexLock(&swtpm_tools_lock);

    if (!swtpm_path) {
        swtpm_path = virFindFileInPath("swtpm");
        if (!swtpm_path) {
            virReportSystemError(ENOENT, "%s",
                                 _("Unable to find 'swtpm' binary in $PATH"));
            goto cleanup;
        }
        if (!virFileIsExecutable(swtpm_path)) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("TPM emulator %s is not an executable"),
                           swtpm_path);
            VIR_FREE(swtpm_path);
            goto cleanup;
        }
    }

    if (!swtpm_setup) {
        swtpm_setup = virFindFileInPath("swtpm_setup");
        if (!swtpm_setup) {
            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                           _("Could not find 'swtpm_setup' in PATH"));
            goto cleanup;
        }
        if (!virFileIsExecutable(swtpm_setup)) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("'%s' is not an executable"),
                           swtpm_setup);
            VIR_FREE(swtpm_setup);
            goto cleanup;
        }
    }

    if (!swtpm_ioctl) {
        swtpm_ioctl = virFindFileInPath("swtpm_ioctl");
        if (!swtpm_ioctl) {
            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                           _("Could not find swtpm_ioctl in PATH"));
            goto cleanup;
        }
        if (!virFileIsExecutable(swtpm_ioctl)) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("swtpm_ioctl program %s is not an executable"),
                           swtpm_ioctl);
            VIR_FREE(swtpm_ioctl);
            goto cleanup;
        }
    }

    ret = 0;

 cleanup:
    virMutexUnlock(&swtpm_tools_lock);

    return ret;
}
Helper functions for host TPM support Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com> 2013-04-12 20:55:45 +00:00			`/*`
			`* virtpm.c: TPM support`
			`*`
			`* Copyright (C) 2013 IBM Corporation`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU Lesser General Public`
			`* License as published by the Free Software Foundation; either`
			`* version 2.1 of the License, or (at your option) any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* Lesser General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Lesser General Public`
			`* License along with this library. If not, see`
			`* <http://www.gnu.org/licenses/>.`
			`*/`

			`#include <config.h>`

			`#include <sys/stat.h>`

virutil: Move string related functions to virstring.c The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both. 2013-04-03 10:36:23 +00:00			`#include "virstring.h"`
Helper functions for host TPM support Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com> 2013-04-12 20:55:45 +00:00			`#include "virerror.h"`
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> 2015-11-18 00:44:13 +00:00			`#include "viralloc.h"`
			`#include "virfile.h"`
Helper functions for host TPM support Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com> 2013-04-12 20:55:45 +00:00			`#include "virtpm.h"`

			`#define VIR_FROM_THIS VIR_FROM_NONE`

			`/**`
			`* virTPMCreateCancelPath:`
			`* @devpath: Path to the TPM device`
			`*`
			`* Create the cancel path given the path to the TPM device`
			`*/`
			`char *`
			`virTPMCreateCancelPath(const char *devpath)`
			`{`
			`char *path = NULL;`
			`const char *dev;`
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> 2015-11-18 00:44:13 +00:00			`const char *prefix[] = {"misc/", "tpm/"};`
			`size_t i;`
Helper functions for host TPM support Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com> 2013-04-12 20:55:45 +00:00
			`if (devpath) {`
			`dev = strrchr(devpath, '/');`
			`if (dev) {`
			`dev++;`
tpm: adapt sysfs cancel path for new TPM driver This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> 2015-11-18 00:44:13 +00:00			`for (i = 0; i < ARRAY_CARDINALITY(prefix); i++) {`
			`if (virAsprintf(&path, "/sys/class/%s%s/device/cancel",`
			`prefix[i], dev) < 0)`
			`goto cleanup;`

			`if (virFileExists(path))`
			`break;`

			`VIR_FREE(path);`
			`}`
			`if (!path)`
tpm: Use /dev/null for cancel path if none was found TPM 2 does not implement sysfs files for cancellation of commands. We therefore use /dev/null for the cancel path passed to QEMU. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: Javier Martinez Canillas <javierm@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Jiri Denemark <jdenemar@redhat.com> 2017-06-29 18:01:11 +00:00			`ignore_value(VIR_STRDUP(path, "/dev/null"));`
Helper functions for host TPM support Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com> 2013-04-12 20:55:45 +00:00			`} else {`
			`virReportError(VIR_ERR_INTERNAL_ERROR,`
			`_("TPM device path %s is invalid"), devpath);`
			`}`
			`} else {`
			`virReportError(VIR_ERR_INTERNAL_ERROR, "%s",`
			`_("Missing TPM device path"));`
			`}`

Indent top-level labels by one space in src/util/ 2014-03-25 06:53:22 +00:00			`cleanup:`
Helper functions for host TPM support Implement helper function to create the TPM's sysfs cancel file. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com> 2013-04-12 20:55:45 +00:00			`return path;`
			`}`
tpm: Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce a few functions to query the executables needed for virCommands. Add locking to protect the tool paths and return a copy of the tool paths to callers wanting to access them so that we can run the initialization function multiples time later on and detect when the executable gets updated. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> 2019-07-25 18:22:02 +00:00
			`/*`
			`* executables for the swtpm; to be found on the host`
			`*/`
			`static virMutex swtpm_tools_lock = VIR_MUTEX_INITIALIZER;`
			`static char *swtpm_path;`
			`static char *swtpm_setup;`
			`static char *swtpm_ioctl;`

			`char *`
			`virTPMGetSwtpm(void)`
			`{`
			`char *s;`

			`if (!swtpm_path && virTPMEmulatorInit() < 0)`
			`return NULL;`

			`virMutexLock(&swtpm_tools_lock);`
			`ignore_value(VIR_STRDUP(s, swtpm_path));`
			`virMutexUnlock(&swtpm_tools_lock);`

			`return s;`
			`}`

			`char *`
			`virTPMGetSwtpmSetup(void)`
			`{`
			`char *s;`

			`if (!swtpm_setup && virTPMEmulatorInit() < 0)`
			`return NULL;`

			`virMutexLock(&swtpm_tools_lock);`
			`ignore_value(VIR_STRDUP(s, swtpm_setup));`
			`virMutexUnlock(&swtpm_tools_lock);`

			`return s;`
			`}`

			`char *`
			`virTPMGetSwtpmIoctl(void)`
			`{`
			`char *s;`

			`if (!swtpm_ioctl && virTPMEmulatorInit() < 0)`
			`return NULL;`

			`virMutexLock(&swtpm_tools_lock);`
			`ignore_value(VIR_STRDUP(s, swtpm_ioctl));`
			`virMutexUnlock(&swtpm_tools_lock);`

			`return s;`
			`}`

			`/*`
			`* virTPMEmulatorInit`
			`*`
			`* Initialize the Emulator functions by searching for necessary`
			`* executables that we will use to start and setup the swtpm`
			`*/`
			`int`
			`virTPMEmulatorInit(void)`
			`{`
			`int ret = -1;`

			`virMutexLock(&swtpm_tools_lock);`

			`if (!swtpm_path) {`
			`swtpm_path = virFindFileInPath("swtpm");`
			`if (!swtpm_path) {`
			`virReportSystemError(ENOENT, "%s",`
			`_("Unable to find 'swtpm' binary in $PATH"));`
			`goto cleanup;`
			`}`
			`if (!virFileIsExecutable(swtpm_path)) {`
			`virReportError(VIR_ERR_INTERNAL_ERROR,`
			`_("TPM emulator %s is not an executable"),`
			`swtpm_path);`
			`VIR_FREE(swtpm_path);`
			`goto cleanup;`
			`}`
			`}`

			`if (!swtpm_setup) {`
			`swtpm_setup = virFindFileInPath("swtpm_setup");`
			`if (!swtpm_setup) {`
			`virReportError(VIR_ERR_INTERNAL_ERROR, "%s",`
			`_("Could not find 'swtpm_setup' in PATH"));`
			`goto cleanup;`
			`}`
			`if (!virFileIsExecutable(swtpm_setup)) {`
			`virReportError(VIR_ERR_INTERNAL_ERROR,`
			`_("'%s' is not an executable"),`
			`swtpm_setup);`
			`VIR_FREE(swtpm_setup);`
			`goto cleanup;`
			`}`
			`}`

			`if (!swtpm_ioctl) {`
			`swtpm_ioctl = virFindFileInPath("swtpm_ioctl");`
			`if (!swtpm_ioctl) {`
			`virReportError(VIR_ERR_INTERNAL_ERROR, "%s",`
			`_("Could not find swtpm_ioctl in PATH"));`
			`goto cleanup;`
			`}`
			`if (!virFileIsExecutable(swtpm_ioctl)) {`
			`virReportError(VIR_ERR_INTERNAL_ERROR,`
			`_("swtpm_ioctl program %s is not an executable"),`
			`swtpm_ioctl);`
			`VIR_FREE(swtpm_ioctl);`
			`goto cleanup;`
			`}`
			`}`

			`ret = 0;`

			`cleanup:`
			`virMutexUnlock(&swtpm_tools_lock);`

			`return ret;`
			`}`