2013-04-12 16:55:45 -04:00
|
|
|
/*
|
|
|
|
* virtpm.c: TPM support
|
|
|
|
*
|
|
|
|
* Copyright (C) 2013 IBM Corporation
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library. If not, see
|
|
|
|
* <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
2013-04-03 12:36:23 +02:00
|
|
|
#include "virstring.h"
|
2013-04-12 16:55:45 -04:00
|
|
|
#include "virerror.h"
|
2015-11-17 19:44:13 -05:00
|
|
|
#include "viralloc.h"
|
|
|
|
#include "virfile.h"
|
2013-04-12 16:55:45 -04:00
|
|
|
#include "virtpm.h"
|
2019-07-25 14:22:05 -04:00
|
|
|
#include "vircommand.h"
|
|
|
|
#include "virbitmap.h"
|
|
|
|
#include "virjson.h"
|
|
|
|
#include "virlog.h"
|
2021-01-06 12:56:11 +01:00
|
|
|
#include "virthread.h"
|
2013-04-12 16:55:45 -04:00
|
|
|
|
2019-07-25 14:22:05 -04:00
|
|
|
#define VIR_FROM_THIS VIR_FROM_TPM
|
|
|
|
|
|
|
|
VIR_LOG_INIT("util.tpm");
|
|
|
|
|
|
|
|
VIR_ENUM_IMPL(virTPMSwtpmFeature,
|
|
|
|
VIR_TPM_SWTPM_FEATURE_LAST,
|
|
|
|
"cmdarg-pwd-fd",
|
|
|
|
);
|
|
|
|
|
|
|
|
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
|
|
|
|
VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
|
|
|
|
"cmdarg-pwdfile-fd",
|
|
|
|
);
|
2013-04-12 16:55:45 -04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* virTPMCreateCancelPath:
|
|
|
|
* @devpath: Path to the TPM device
|
|
|
|
*
|
|
|
|
* Create the cancel path given the path to the TPM device
|
|
|
|
*/
|
|
|
|
char *
|
|
|
|
virTPMCreateCancelPath(const char *devpath)
|
|
|
|
{
|
|
|
|
char *path = NULL;
|
|
|
|
const char *dev;
|
2015-11-17 19:44:13 -05:00
|
|
|
const char *prefix[] = {"misc/", "tpm/"};
|
|
|
|
size_t i;
|
2019-10-22 15:26:14 +02:00
|
|
|
if (!devpath) {
|
2013-04-12 16:55:45 -04:00
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
|
_("Missing TPM device path"));
|
2019-10-22 15:26:14 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(dev = strrchr(devpath, '/'))) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("TPM device path %s is invalid"), devpath);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
dev++;
|
|
|
|
for (i = 0; i < G_N_ELEMENTS(prefix); i++) {
|
|
|
|
path = g_strdup_printf("/sys/class/%s%s/device/cancel", prefix[i],
|
|
|
|
dev);
|
|
|
|
|
|
|
|
if (virFileExists(path))
|
|
|
|
break;
|
|
|
|
|
|
|
|
VIR_FREE(path);
|
2013-04-12 16:55:45 -04:00
|
|
|
}
|
2019-10-22 15:26:14 +02:00
|
|
|
if (!path)
|
|
|
|
path = g_strdup("/dev/null");
|
2013-04-12 16:55:45 -04:00
|
|
|
|
|
|
|
return path;
|
|
|
|
}
|
2019-07-25 14:22:02 -04:00
|
|
|
|
|
|
|
/*
|
2019-07-25 14:22:05 -04:00
|
|
|
* executables for the swtpm; to be found on the host along with
|
2020-07-09 12:42:21 +08:00
|
|
|
* capabilities bitmap
|
2019-07-25 14:22:02 -04:00
|
|
|
*/
|
|
|
|
static virMutex swtpm_tools_lock = VIR_MUTEX_INITIALIZER;
|
|
|
|
static char *swtpm_path;
|
2019-07-25 14:22:04 -04:00
|
|
|
static struct stat swtpm_stat;
|
2019-07-25 14:22:05 -04:00
|
|
|
static virBitmapPtr swtpm_caps;
|
2019-07-25 14:22:04 -04:00
|
|
|
|
2019-07-25 14:22:02 -04:00
|
|
|
static char *swtpm_setup;
|
2019-07-25 14:22:04 -04:00
|
|
|
static struct stat swtpm_setup_stat;
|
2019-07-25 14:22:05 -04:00
|
|
|
static virBitmapPtr swtpm_setup_caps;
|
2019-07-25 14:22:04 -04:00
|
|
|
|
2019-07-25 14:22:02 -04:00
|
|
|
static char *swtpm_ioctl;
|
2019-07-25 14:22:04 -04:00
|
|
|
static struct stat swtpm_ioctl_stat;
|
2019-07-25 14:22:02 -04:00
|
|
|
|
2019-07-25 14:22:05 -04:00
|
|
|
typedef int (*TypeFromStringFn)(const char *);
|
|
|
|
|
2019-07-25 14:22:02 -04:00
|
|
|
char *
|
|
|
|
virTPMGetSwtpm(void)
|
|
|
|
{
|
|
|
|
char *s;
|
|
|
|
|
|
|
|
if (!swtpm_path && virTPMEmulatorInit() < 0)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
virMutexLock(&swtpm_tools_lock);
|
2019-10-18 13:27:03 +02:00
|
|
|
s = g_strdup(swtpm_path);
|
2019-07-25 14:22:02 -04:00
|
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
|
|
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virTPMGetSwtpmSetup(void)
|
|
|
|
{
|
|
|
|
char *s;
|
|
|
|
|
|
|
|
if (!swtpm_setup && virTPMEmulatorInit() < 0)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
virMutexLock(&swtpm_tools_lock);
|
2019-10-18 13:27:03 +02:00
|
|
|
s = g_strdup(swtpm_setup);
|
2019-07-25 14:22:02 -04:00
|
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
|
|
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
virTPMGetSwtpmIoctl(void)
|
|
|
|
{
|
|
|
|
char *s;
|
|
|
|
|
|
|
|
if (!swtpm_ioctl && virTPMEmulatorInit() < 0)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
virMutexLock(&swtpm_tools_lock);
|
2019-10-18 13:27:03 +02:00
|
|
|
s = g_strdup(swtpm_ioctl);
|
2019-07-25 14:22:02 -04:00
|
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
|
|
|
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2019-07-25 14:22:05 -04:00
|
|
|
/* virTPMExecGetCaps
|
|
|
|
*
|
|
|
|
* Execute the prepared command and parse the returned JSON object
|
|
|
|
* to get the capabilities supported by the executable.
|
|
|
|
* A JSON object like this is expected:
|
|
|
|
*
|
|
|
|
* {
|
|
|
|
* "type": "swtpm",
|
|
|
|
* "features": [
|
|
|
|
* "cmdarg-seccomp",
|
|
|
|
* "cmdarg-key-fd",
|
|
|
|
* "cmdarg-pwd-fd"
|
|
|
|
* ]
|
|
|
|
* }
|
|
|
|
*/
|
|
|
|
static virBitmapPtr
|
|
|
|
virTPMExecGetCaps(virCommandPtr cmd,
|
|
|
|
TypeFromStringFn typeFromStringFn)
|
|
|
|
{
|
|
|
|
int exitstatus;
|
|
|
|
virBitmapPtr bitmap;
|
2019-10-15 15:16:31 +02:00
|
|
|
g_autofree char *outbuf = NULL;
|
2019-10-15 14:47:50 +02:00
|
|
|
g_autoptr(virJSONValue) json = NULL;
|
2019-07-25 14:22:05 -04:00
|
|
|
virJSONValuePtr featureList;
|
|
|
|
virJSONValuePtr item;
|
|
|
|
size_t idx;
|
|
|
|
const char *str;
|
|
|
|
int typ;
|
|
|
|
|
|
|
|
virCommandSetOutputBuffer(cmd, &outbuf);
|
|
|
|
if (virCommandRun(cmd, &exitstatus) < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2020-10-01 17:02:16 +02:00
|
|
|
bitmap = virBitmapNew(0);
|
2019-07-25 14:22:05 -04:00
|
|
|
|
|
|
|
/* older version does not support --print-capabilties -- that's fine */
|
|
|
|
if (exitstatus != 0) {
|
|
|
|
VIR_DEBUG("Found swtpm that doesn't support --print-capabilities");
|
|
|
|
return bitmap;
|
|
|
|
}
|
|
|
|
|
|
|
|
json = virJSONValueFromString(outbuf);
|
|
|
|
if (!json)
|
|
|
|
goto error_bad_json;
|
|
|
|
|
|
|
|
featureList = virJSONValueObjectGetArray(json, "features");
|
|
|
|
if (!featureList)
|
|
|
|
goto error_bad_json;
|
|
|
|
|
|
|
|
if (!virJSONValueIsArray(featureList))
|
|
|
|
goto error_bad_json;
|
|
|
|
|
|
|
|
for (idx = 0; idx < virJSONValueArraySize(featureList); idx++) {
|
|
|
|
item = virJSONValueArrayGet(featureList, idx);
|
|
|
|
if (!item)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
str = virJSONValueGetString(item);
|
|
|
|
if (!str)
|
|
|
|
goto error_bad_json;
|
|
|
|
typ = typeFromStringFn(str);
|
|
|
|
if (typ < 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (virBitmapSetBitExpand(bitmap, typ) < 0)
|
2020-01-06 18:57:45 -03:00
|
|
|
return bitmap;
|
2019-07-25 14:22:05 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
return bitmap;
|
|
|
|
|
|
|
|
error_bad_json:
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("Unexpected JSON format: %s"), outbuf);
|
2020-01-06 18:57:45 -03:00
|
|
|
return bitmap;
|
2019-07-25 14:22:05 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
static virBitmapPtr
|
|
|
|
virTPMGetCaps(TypeFromStringFn typeFromStringFn,
|
|
|
|
const char *exec, const char *param1)
|
|
|
|
{
|
2019-10-15 14:47:50 +02:00
|
|
|
g_autoptr(virCommand) cmd = NULL;
|
2019-07-25 14:22:05 -04:00
|
|
|
|
|
|
|
if (!(cmd = virCommandNew(exec)))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (param1)
|
|
|
|
virCommandAddArg(cmd, param1);
|
|
|
|
virCommandAddArg(cmd, "--print-capabilities");
|
|
|
|
virCommandClearCaps(cmd);
|
|
|
|
|
|
|
|
return virTPMExecGetCaps(cmd, typeFromStringFn);
|
|
|
|
}
|
|
|
|
|
2019-07-25 14:22:02 -04:00
|
|
|
/*
|
|
|
|
* virTPMEmulatorInit
|
|
|
|
*
|
|
|
|
* Initialize the Emulator functions by searching for necessary
|
|
|
|
* executables that we will use to start and setup the swtpm
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
virTPMEmulatorInit(void)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
2019-07-25 14:22:03 -04:00
|
|
|
static const struct {
|
|
|
|
const char *name;
|
|
|
|
char **path;
|
2019-07-25 14:22:04 -04:00
|
|
|
struct stat *stat;
|
2019-07-25 14:22:05 -04:00
|
|
|
const char *parm;
|
|
|
|
virBitmapPtr *caps;
|
|
|
|
TypeFromStringFn typeFromStringFn;
|
2019-07-25 14:22:03 -04:00
|
|
|
} prgs[] = {
|
|
|
|
{
|
|
|
|
.name = "swtpm",
|
|
|
|
.path = &swtpm_path,
|
2019-07-25 14:22:04 -04:00
|
|
|
.stat = &swtpm_stat,
|
2019-07-25 14:22:05 -04:00
|
|
|
.parm = "socket",
|
|
|
|
.caps = &swtpm_caps,
|
|
|
|
.typeFromStringFn = virTPMSwtpmFeatureTypeFromString,
|
2019-07-25 14:22:03 -04:00
|
|
|
},
|
|
|
|
{
|
|
|
|
.name = "swtpm_setup",
|
|
|
|
.path = &swtpm_setup,
|
2019-07-25 14:22:04 -04:00
|
|
|
.stat = &swtpm_setup_stat,
|
2019-07-25 14:22:05 -04:00
|
|
|
.caps = &swtpm_setup_caps,
|
|
|
|
.typeFromStringFn = virTPMSwtpmSetupFeatureTypeFromString,
|
2019-07-25 14:22:03 -04:00
|
|
|
},
|
|
|
|
{
|
|
|
|
.name = "swtpm_ioctl",
|
|
|
|
.path = &swtpm_ioctl,
|
2019-07-25 14:22:04 -04:00
|
|
|
.stat = &swtpm_ioctl_stat,
|
2019-07-25 14:22:02 -04:00
|
|
|
}
|
2019-07-25 14:22:03 -04:00
|
|
|
};
|
|
|
|
size_t i;
|
2019-07-25 14:22:02 -04:00
|
|
|
|
2019-07-25 14:22:03 -04:00
|
|
|
virMutexLock(&swtpm_tools_lock);
|
2019-07-25 14:22:02 -04:00
|
|
|
|
2019-10-15 13:55:26 +02:00
|
|
|
for (i = 0; i < G_N_ELEMENTS(prgs); i++) {
|
2019-10-15 15:16:31 +02:00
|
|
|
g_autofree char *path = NULL;
|
2019-07-25 14:22:03 -04:00
|
|
|
bool findit = *prgs[i].path == NULL;
|
2019-07-25 14:22:04 -04:00
|
|
|
struct stat statbuf;
|
|
|
|
|
|
|
|
if (!findit) {
|
|
|
|
/* has executables changed? */
|
|
|
|
if (stat(*prgs[i].path, &statbuf) < 0)
|
|
|
|
findit = true;
|
|
|
|
|
|
|
|
if (!findit &&
|
|
|
|
&statbuf.st_mtime != &prgs[i].stat->st_mtime)
|
|
|
|
findit = true;
|
|
|
|
}
|
2019-07-25 14:22:03 -04:00
|
|
|
|
|
|
|
if (findit) {
|
2020-06-11 10:26:19 +02:00
|
|
|
VIR_FREE(*prgs[i].path);
|
2019-07-25 14:22:04 -04:00
|
|
|
|
2019-07-25 14:22:03 -04:00
|
|
|
path = virFindFileInPath(prgs[i].name);
|
|
|
|
if (!path) {
|
|
|
|
virReportSystemError(ENOENT,
|
|
|
|
_("Unable to find '%s' binary in $PATH"),
|
|
|
|
prgs[i].name);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
if (!virFileIsExecutable(path)) {
|
|
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
|
|
_("%s is not an executable"),
|
|
|
|
path);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2019-07-25 14:22:04 -04:00
|
|
|
if (stat(path, prgs[i].stat) < 0) {
|
|
|
|
virReportSystemError(errno,
|
|
|
|
_("Could not stat %s"), path);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2019-07-25 14:22:03 -04:00
|
|
|
*prgs[i].path = path;
|
2019-07-25 14:22:05 -04:00
|
|
|
|
|
|
|
if (prgs[i].caps) {
|
|
|
|
*prgs[i].caps = virTPMGetCaps(prgs[i].typeFromStringFn,
|
|
|
|
path, prgs[i].parm);
|
|
|
|
path = NULL;
|
|
|
|
if (!*prgs[i].caps)
|
|
|
|
goto cleanup;
|
|
|
|
}
|
2019-07-25 14:22:04 -04:00
|
|
|
path = NULL;
|
2019-07-25 14:22:02 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2019-07-25 14:22:11 -04:00
|
|
|
|
|
|
|
bool
|
|
|
|
virTPMSwtpmCapsGet(unsigned int cap)
|
|
|
|
{
|
|
|
|
if (virTPMEmulatorInit() < 0)
|
|
|
|
return false;
|
|
|
|
return virBitmapIsBitSet(swtpm_caps, cap);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
virTPMSwtpmSetupCapsGet(unsigned int cap)
|
|
|
|
{
|
|
|
|
if (virTPMEmulatorInit() < 0)
|
|
|
|
return false;
|
|
|
|
return virBitmapIsBitSet(swtpm_setup_caps, cap);
|
|
|
|
}
|