ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 21:17:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

tpmr: Capture TPM2 pcaps in qemu TPM2 boards

Browse Source 
tpm2-tools is able to log pcap files of TPM2 commands, which can be
inspected with wireshark.  Add CONFIG_TPM2_CAPTURE_PCAP to capture
these from the tpmr wrapper, and enable for qemu TPM2 boards.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This commit is contained in:
Jonathon Hall 2023-03-08 16:34:45 -05:00
parent 215ff2a397
commit 50daa904f9
No known key found for this signature in database
GPG Key ID: 1E9C3CA91AE25114
6 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config
View File

@ -63,6 +63,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
#TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
export CONFIG_TPM2_CAPTURE_PCAP=y
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

1
boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config
View File

@ -62,6 +62,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
#TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
export CONFIG_TPM2_CAPTURE_PCAP=y
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

1
boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config
View File

@ -63,6 +63,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
#TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
export CONFIG_TPM2_CAPTURE_PCAP=y
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

1
boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config
View File

@ -62,6 +62,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
#TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
export CONFIG_TPM2_CAPTURE_PCAP=y
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

8
initrd/bin/tpmr
View File

@ -14,6 +14,14 @@ PRIMARY_HANDLE_FILE="primary.handle"
# with different algorithms - we always use SHA-256, so they are 32 bytes.
PCR_SIZE=
# Export CONFIG_TPM2_CAPTURE_PCAP=y from your board config to capture tpm2 pcaps to
# /tmp/tpm0.pcap; Wireshark can inspect these. (This must be enabled at build
# time so the pcap TCTI driver is included.)
if [ -n "$CONFIG_TPM2_CAPTURE_PCAP" ]; then
export TPM2TOOLS_TCTI="pcap:device:/dev/tpmrm0"
export TCTI_PCAP_FILE="/tmp/tpm0.pcap"
fi
set -e -o pipefail
if [ -r "/tmp/config" ]; then
. /tmp/config

5
modules/tpm2-tss
View File

@ -37,4 +37,9 @@ tpm2-tss_libraries := \
src/tss2-tcti/.libs/libtss2-tctildr.so.0 \
src/tss2-tcti/.libs/libtss2-tcti-device.so.0 \
# The pcap TCTI driver is only included if enabled in the board config.
ifeq "$(CONFIG_TPM2_CAPTURE_PCAP)" "y"
tpm2-tss_libraries += src/tss2-tcti/.libs/libtss2-tcti-pcap.so.0
endif
tpm2-tss_depends := openssl $(musl_dep)