Add a tool for starting an auth session with the tpm. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Add a tool that can take an existing session and perform a policyPCR event. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Support tpm2_unseal using a session file. Signed-off-by: William Roberts <william.c.roberts@intel.com>

abrmd since version 1.2 has the ability to keep sessions alive for clients across IPC connections if clients mark them with a ContextSave call. Test that this works with tpm2_startauthsession, tpm2_policypcr and tpm2_unseal as expected. Since this test is tcti specific, add an option to enable tcti specific test scripts to test.sh. Update test.sh to use getopt which drops the long option support. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Enable the tcti specific tests for abrmd on the CI system. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Add tests for: - tpm2_session_save() - tpm2_session_restore() Signed-off-by: William Roberts <william.c.roberts@intel.com>

Commands using sessions should be chainable, so by default we want the session attribute "continue" bit set, so the tpm doesn't unload the session after a command invocation. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Add and test a session interface to Tss2_Sys_PolicyRestart Signed-off-by: William Roberts <william.c.roberts@intel.com>

Don't flush externally generated sessions passed via -S option. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Add a tool for restarting a policy session and add integration tests. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Support passing the session file to tpm2_flushcontext as a way to pass the handle to be flushed. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Add getters for tpm session type and test. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Trial sessions should not be used when authenticating for object use. Thus test that a session is a proper type and issue a friendly error to the user, rather than just an attribute error during the TPM call. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Now that the TPMS_AUTH_COMMAND_INIT sets the attribute bits to continue, there is no need to set it again, so just delete it. Signed-off-by: William Roberts <william.c.roberts@intel.com>

tpm2_session_get_session_handle() was way too long and repetitive. Rename to tpm2_session_get_handle() Signed-off-by: William Roberts <william.c.roberts@intel.com>

Signed-off-by: William Roberts <william.c.roberts@intel.com>

There is no point to having session saving in tpm2_createpolicy, as tpm2_createpolicy is designed for environments where sessions would be flushed on IPC disconnection with the RM. In the case the RM supports sessions accross clients connections, or direct TPM access is used, then the decomposed policy tools can be used. They were also unused in tests: * -e was never used * -S was used, but it's output was never chained to anything. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Signed-off-by: William Roberts <william.c.roberts@intel.com>

Update tpm2_evictcontrol to take a session file and swap out the arguments so -S is consistent. Old -S becomes -p and -i becomes -S for a session file. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Signed-off-by: William Roberts <william.c.roberts@intel.com>

Encryption with an RSA key requires no authentication to use the key, thus no command authorization array header is present. Therefore, -S makes no sense, and should be removed from the manpage. The tool never supported -S at any time, would issue an error if one tried. Signed-off-by: William Roberts <william.c.roberts@intel.com>

Signed-off-by: William Roberts <william.c.roberts@intel.com>

Commits on Jan 14, 2018