From ab5dee2ae5db3c4b46c135e276dc473aaa10e345 Mon Sep 17 00:00:00 2001 From: Brandon Weeks Date: Fri, 8 Sep 2023 10:33:41 -0700 Subject: [PATCH 1/4] ci: don't install OpenSSL 1.1 on macOS (#350) GitHub actions runner macos-13 version 20230801.2 appears to include this by default, causing a link failure. https://github.com/actions/runner-images/commit/da18545f2f92c7f0231f738634544006514fd702 --- .github/workflows/test.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 06e0d73..7a7a986 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -53,10 +53,6 @@ jobs: - name: Checkout code uses: actions/checkout@v2 # See https://github.com/google/go-tpm-tools#macos-dev - - name: Install openssl - run: brew install openssl@1.1 - - name: Link openssl - run: sudo ln -s $(brew --prefix openssl@1.1)/include/openssl /usr/local/include - name: Test run: C_INCLUDE_PATH="$(brew --prefix openssl@1.1)/include" LIBRARY_PATH="$(brew --prefix openssl@1.1)/lib" go test ./... test-windows: From 3c84bff65eaa80f1d59434d1ce822568adf0b5df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Sep 2023 17:42:41 +0000 Subject: [PATCH 2/4] Bump golang.org/x/sys from 0.9.0 to 0.12.0 (#348) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.9.0 to 0.12.0. - [Commits](https://github.com/golang/sys/compare/v0.9.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 5f4feb8..8737a96 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/google/go-tpm v0.9.0 github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba github.com/google/go-tspi v0.3.0 - golang.org/x/sys v0.9.0 + golang.org/x/sys v0.12.0 ) require ( diff --git a/go.sum b/go.sum index 906fe7b..e073c53 100644 --- a/go.sum +++ b/go.sum @@ -304,12 +304,8 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-sev-guest v0.6.1 h1:NajHkAaLqN9/aW7bCFSUplUMtDgk2+HcN7jC2btFtk0= -github.com/google/go-tpm v0.3.4-0.20230613064043-511507721cb1 h1:wGP91a6fiYbZhKlGcQD25K8XwXzoG4yHAEIjtpeV2QA= -github.com/google/go-tpm v0.3.4-0.20230613064043-511507721cb1/go.mod h1:Yj9bYgsIKoza8oMlxZqvqgUIDKFaExnuLaDdOtFCwG4= github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk= github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU= -github.com/google/go-tpm-tools v0.3.12 h1:hpWglH4RaZnGVbgOK3IThI5K++jnFvjQ94EIN34xrUU= -github.com/google/go-tpm-tools v0.3.12/go.mod h1:2OtmyPGPuaWWIOjr+IDhNQb6t5njjbSmZtzc350Q6Ro= github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba h1:qJEJcuLzH5KDR0gKc0zcktin6KSAwL7+jWKBYceddTc= github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba/go.mod h1:EFYHy8/1y2KfgTAsx7Luu7NGhoxtuVHnNo8jE7FikKc= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= @@ -946,8 +942,8 @@ golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 42c11fc1520b3f8251a936e19282e31e6a9aff7c Mon Sep 17 00:00:00 2001 From: Damien Miller <35793251+djm-google@users.noreply.github.com> Date: Sat, 9 Sep 2023 03:46:44 +1000 Subject: [PATCH 3/4] Fix typo (#349) --- attest/attest-tool/attest-tool.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/attest/attest-tool/attest-tool.go b/attest/attest-tool/attest-tool.go index fa00e88..2e192fa 100644 --- a/attest/attest-tool/attest-tool.go +++ b/attest/attest-tool/attest-tool.go @@ -140,7 +140,7 @@ func runCommand(tpm *attest.TPM) error { fmt.Printf("Version: %d\n", info.Version) fmt.Printf("Interface: %d\n", info.Interface) fmt.Printf("VendorInfo: %x\n", info.VendorInfo) - fmt.Printf("Manufactorer: %v\n", info.Manufacturer) + fmt.Printf("Manufacturer: %v\n", info.Manufacturer) case "make-ak", "make-aik": k, err := tpm.NewAK(nil) From 3d71f101b13cd89d002d2a145af9204ff67a85c7 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Fri, 8 Sep 2023 20:23:49 +0200 Subject: [PATCH 4/4] Fix Intel EK certificate URLs on Linux (#347) --- attest/wrapped_tpm20.go | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/attest/wrapped_tpm20.go b/attest/wrapped_tpm20.go index f7a3cac..03ede64 100644 --- a/attest/wrapped_tpm20.go +++ b/attest/wrapped_tpm20.go @@ -212,13 +212,24 @@ func (t *wrappedTPM20) eks() ([]EK, error) { if pub.RSAParameters == nil { return nil, errors.New("ECC EK not yet supported") } + + i, err := t.info() + if err != nil { + return nil, fmt.Errorf("Retrieving TPM info failed: %v", err) + } + ekPub := &rsa.PublicKey{ + E: int(pub.RSAParameters.Exponent()), + N: pub.RSAParameters.Modulus(), + } + var certificateURL string + if i.Manufacturer.String() == manufacturerIntel { + certificateURL = intelEKURL(ekPub) + } return []EK{ { - Public: &rsa.PublicKey{ - E: int(pub.RSAParameters.Exponent()), - N: pub.RSAParameters.Modulus(), - }, - handle: commonRSAEkEquivalentHandle, + Public: ekPub, + CertificateURL: certificateURL, + handle: commonRSAEkEquivalentHandle, }, }, nil }