New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C init token support #378
Merged
williamcroberts
merged 9 commits into
tpm2-software:master
from
williamcroberts:C_InitToken-support
Jan 6, 2020
Merged
C init token support #378
williamcroberts
merged 9 commits into
tpm2-software:master
from
williamcroberts:C_InitToken-support
Jan 6, 2020
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Python < 3 is EOL, so stop supporting it. Also, new features in sqlite3 python bindings make db backups easier. Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
commented
Jan 2, 2020
williamcroberts
force-pushed
the
C_InitToken-support
branch
from
January 2, 2020 22:59
4e668cf
to
582eda1
Compare
Codecov Report
@@ Coverage Diff @@
## master #378 +/- ##
==========================================
- Coverage 75.17% 74.73% -0.45%
==========================================
Files 29 29
Lines 5157 5732 +575
==========================================
+ Hits 3877 4284 +407
- Misses 1280 1448 +168
Continue to review full report at Codecov.
|
williamcroberts
commented
Jan 3, 2020
williamcroberts
commented
Jan 3, 2020
SQLite3 bindings for python don't have the backup API implemented until Python 3.7. Make this the new minimum requirement for tpm2_ptool so we can use this feature. Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Support initializing a token from a potentially empty store. The code determines, based on a search logic how to proceed. If a store is found using the "store search logic", then any new tokens are created using the first primary object found. If no store is found, the TPM is queried to see if it has a primary SRK as documented in the provisioning guide: - https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf If it does, it uses that. If no primary SRK can be found, it creates one and persists it at the first persistent slot "TPM2_PERSISTENT_FIRST". This change also includes a DB Schema increment from version 1 to version 2. The update code creates a backup of the db using the sqlite3 backup API. This backup exists during the update/create process and is unlinked when done on success. The update/db creation code will refuse to run if the path is not unlinked. This way on failure, the user will be notified of the issue, and can manually restore via a cp if needed. During the initialization of the db, a file lock is created using the sqlite3db name plus the suffix of ".lock". This lock is used to coordinate multiple process access where the version could be checked and multiple processes try and update the DB. This could result in a time of check time of use issue around detecting and applying upgrade logic. TODO: - Update Container Image to Python 3.7+ - Test under ASAN Fixes: tpm2-software#364 Signed-off-by: William Roberts <william.c.roberts@intel.com>
No need for the matrix anymore either, so remove it. Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
ESAPI below versions 2.2.1 need to manually manage session flags. However, the PKG config check was setting MANAGE to 1. Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
The BUILDING.md doc is way out of date, update it. Signed-off-by: William Roberts <william.c.roberts@intel.com>
williamcroberts
force-pushed
the
C_InitToken-support
branch
from
January 3, 2020 18:10
582eda1
to
d3fd766
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Initial code for supporting C_InitToken, on 1 of three states:
This contains a schema bump and upgrades the DB
Backup your db
I would recommend, since this is the first upgrade schema code, to manually backup your db.
Backup instructions can be found here: