1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
10 #include "openssl-util.h"
14 typedef enum TPM2Flags
{
15 TPM2_FLAGS_USE_PIN
= 1 << 0,
18 /* As per https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf a
19 * TPM2 on a Client PC must have at least 24 PCRs. This hardcodes our expectation of 24. */
20 #define TPM2_PCRS_MAX 24U
21 #define TPM2_PCRS_MASK ((UINT32_C(1) << TPM2_PCRS_MAX) - 1)
23 static inline bool TPM2_PCR_INDEX_VALID(unsigned pcr
) {
24 return pcr
< TPM2_PCRS_MAX
;
26 static inline bool TPM2_PCR_MASK_VALID(uint32_t pcr_mask
) {
27 return pcr_mask
<= TPM2_PCRS_MASK
;
30 #define FOREACH_PCR_IN_MASK(pcr, mask) BIT_FOREACH(pcr, mask)
34 #include <tss2/tss2_esys.h>
35 #include <tss2/tss2_mu.h>
36 #include <tss2/tss2_rc.h>
38 int dlopen_tpm2(void);
44 TSS2_TCTI_CONTEXT
*tcti_context
;
45 ESYS_CONTEXT
*esys_context
;
47 /* Some selected cached capabilities of the TPM */
48 TPMS_ALG_PROPERTY
*capability_algorithms
;
49 size_t n_capability_algorithms
;
50 TPMA_CC
*capability_commands
;
51 size_t n_capability_commands
;
52 TPML_PCR_SELECTION capability_pcrs
;
55 int tpm2_context_new(const char *device
, Tpm2Context
**ret_context
);
56 Tpm2Context
*tpm2_context_ref(Tpm2Context
*context
);
57 Tpm2Context
*tpm2_context_unref(Tpm2Context
*context
);
58 DEFINE_TRIVIAL_CLEANUP_FUNC(Tpm2Context
*, tpm2_context_unref
);
61 Tpm2Context
*tpm2_context
;
67 #define _tpm2_handle(c, h) { .tpm2_context = (c), .esys_handle = (h), }
68 static const Tpm2Handle TPM2_HANDLE_NONE
= _tpm2_handle(NULL
, ESYS_TR_NONE
);
70 int tpm2_handle_new(Tpm2Context
*context
, Tpm2Handle
**ret_handle
);
71 Tpm2Handle
*tpm2_handle_free(Tpm2Handle
*handle
);
72 DEFINE_TRIVIAL_CLEANUP_FUNC(Tpm2Handle
*, tpm2_handle_free
);
80 #define TPM2_PCR_VALUE_MAKE(i, h, v) (Tpm2PCRValue) { .index = (i), .hash = (h), .value = ((TPM2B_DIGEST) v), }
81 bool TPM2_PCR_VALUE_VALID(const Tpm2PCRValue
*pcr_value
);
82 int tpm2_pcr_value_from_string(const char *arg
, Tpm2PCRValue
*ret_pcr_value
);
83 char *tpm2_pcr_value_to_string(const Tpm2PCRValue
*pcr_value
);
85 bool TPM2_PCR_VALUES_VALID(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
);
86 void tpm2_sort_pcr_values(Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
);
87 int tpm2_pcr_values_from_mask(uint32_t mask
, TPMI_ALG_HASH hash
, Tpm2PCRValue
**ret_pcr_values
, size_t *ret_n_pcr_values
);
88 int tpm2_pcr_values_to_mask(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
, TPMI_ALG_HASH hash
, uint32_t *ret_mask
);
89 int tpm2_pcr_values_from_string(const char *arg
, Tpm2PCRValue
**ret_pcr_values
, size_t *ret_n_pcr_values
);
90 char *tpm2_pcr_values_to_string(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
);
91 int tpm2_pcr_values_hash_count(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
, size_t *ret_count
);
92 int tpm2_tpml_pcr_selection_from_pcr_values(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
, TPML_PCR_SELECTION
*ret_selection
, TPM2B_DIGEST
**ret_values
, size_t *ret_n_values
);
94 int tpm2_create_primary(Tpm2Context
*c
, const Tpm2Handle
*session
, const TPM2B_PUBLIC
*template, const TPM2B_SENSITIVE_CREATE
*sensitive
, TPM2B_PUBLIC
**ret_public
, Tpm2Handle
**ret_handle
);
95 int tpm2_create(Tpm2Context
*c
, const Tpm2Handle
*parent
, const Tpm2Handle
*session
, const TPMT_PUBLIC
*template, const TPMS_SENSITIVE_CREATE
*sensitive
, TPM2B_PUBLIC
**ret_public
, TPM2B_PRIVATE
**ret_private
);
96 int tpm2_create_loaded(Tpm2Context
*c
, const Tpm2Handle
*parent
, const Tpm2Handle
*session
, const TPMT_PUBLIC
*template, const TPMS_SENSITIVE_CREATE
*sensitive
, TPM2B_PUBLIC
**ret_public
, TPM2B_PRIVATE
**ret_private
, Tpm2Handle
**ret_handle
);
98 bool tpm2_supports_alg(Tpm2Context
*c
, TPM2_ALG_ID alg
);
99 bool tpm2_supports_command(Tpm2Context
*c
, TPM2_CC command
);
101 bool tpm2_test_parms(Tpm2Context
*c
, TPMI_ALG_PUBLIC alg
, const TPMU_PUBLIC_PARMS
*parms
);
103 int tpm2_get_good_pcr_banks(Tpm2Context
*c
, uint32_t pcr_mask
, TPMI_ALG_HASH
**ret_banks
);
104 int tpm2_get_good_pcr_banks_strv(Tpm2Context
*c
, uint32_t pcr_mask
, char ***ret
);
105 int tpm2_get_best_pcr_bank(Tpm2Context
*c
, uint32_t pcr_mask
, TPMI_ALG_HASH
*ret
);
107 int tpm2_extend_bytes(Tpm2Context
*c
, char **banks
, unsigned pcr_index
, const void *data
, size_t data_size
, const void *secret
, size_t secret_size
);
109 uint32_t tpm2_tpms_pcr_selection_to_mask(const TPMS_PCR_SELECTION
*s
);
110 void tpm2_tpms_pcr_selection_from_mask(uint32_t mask
, TPMI_ALG_HASH hash
, TPMS_PCR_SELECTION
*ret
);
111 bool tpm2_tpms_pcr_selection_has_mask(const TPMS_PCR_SELECTION
*s
, uint32_t mask
);
112 void tpm2_tpms_pcr_selection_add_mask(TPMS_PCR_SELECTION
*s
, uint32_t mask
);
113 void tpm2_tpms_pcr_selection_sub_mask(TPMS_PCR_SELECTION
*s
, uint32_t mask
);
114 void tpm2_tpms_pcr_selection_add(TPMS_PCR_SELECTION
*a
, const TPMS_PCR_SELECTION
*b
);
115 void tpm2_tpms_pcr_selection_sub(TPMS_PCR_SELECTION
*a
, const TPMS_PCR_SELECTION
*b
);
116 void tpm2_tpms_pcr_selection_move(TPMS_PCR_SELECTION
*a
, TPMS_PCR_SELECTION
*b
);
117 char *tpm2_tpms_pcr_selection_to_string(const TPMS_PCR_SELECTION
*s
);
118 size_t tpm2_tpms_pcr_selection_weight(const TPMS_PCR_SELECTION
*s
);
119 #define tpm2_tpms_pcr_selection_is_empty(s) (tpm2_tpms_pcr_selection_weight(s) == 0)
121 uint32_t tpm2_tpml_pcr_selection_to_mask(const TPML_PCR_SELECTION
*l
, TPMI_ALG_HASH hash
);
122 void tpm2_tpml_pcr_selection_from_mask(uint32_t mask
, TPMI_ALG_HASH hash
, TPML_PCR_SELECTION
*ret
);
123 bool tpm2_tpml_pcr_selection_has_mask(const TPML_PCR_SELECTION
*l
, TPMI_ALG_HASH hash
, uint32_t mask
);
124 void tpm2_tpml_pcr_selection_add_mask(TPML_PCR_SELECTION
*l
, TPMI_ALG_HASH hash
, uint32_t mask
);
125 void tpm2_tpml_pcr_selection_sub_mask(TPML_PCR_SELECTION
*l
, TPMI_ALG_HASH hash
, uint32_t mask
);
126 void tpm2_tpml_pcr_selection_add_tpms_pcr_selection(TPML_PCR_SELECTION
*l
, const TPMS_PCR_SELECTION
*s
);
127 void tpm2_tpml_pcr_selection_sub_tpms_pcr_selection(TPML_PCR_SELECTION
*l
, const TPMS_PCR_SELECTION
*s
);
128 void tpm2_tpml_pcr_selection_add(TPML_PCR_SELECTION
*a
, const TPML_PCR_SELECTION
*b
);
129 void tpm2_tpml_pcr_selection_sub(TPML_PCR_SELECTION
*a
, const TPML_PCR_SELECTION
*b
);
130 char *tpm2_tpml_pcr_selection_to_string(const TPML_PCR_SELECTION
*l
);
131 size_t tpm2_tpml_pcr_selection_weight(const TPML_PCR_SELECTION
*l
);
132 #define tpm2_tpml_pcr_selection_is_empty(l) (tpm2_tpml_pcr_selection_weight(l) == 0)
134 int tpm2_digest_many(TPMI_ALG_HASH alg
, TPM2B_DIGEST
*digest
, const struct iovec data
[], size_t count
, bool extend
);
135 static inline int tpm2_digest_buffer(TPMI_ALG_HASH alg
, TPM2B_DIGEST
*digest
, const void *data
, size_t len
, bool extend
) {
136 return tpm2_digest_many(alg
, digest
, &IOVEC_MAKE((void*) data
, len
), 1, extend
);
138 int tpm2_digest_many_digests(TPMI_ALG_HASH alg
, TPM2B_DIGEST
*digest
, const TPM2B_DIGEST data
[], size_t count
, bool extend
);
139 static inline int tpm2_digest_rehash(TPMI_ALG_HASH alg
, TPM2B_DIGEST
*digest
) {
140 return tpm2_digest_many(alg
, digest
, NULL
, 0, true);
142 static inline int tpm2_digest_init(TPMI_ALG_HASH alg
, TPM2B_DIGEST
*digest
) {
143 return tpm2_digest_many(alg
, digest
, NULL
, 0, false);
146 void tpm2_log_debug_tpml_pcr_selection(const TPML_PCR_SELECTION
*l
, const char *msg
);
147 void tpm2_log_debug_pcr_value(const Tpm2PCRValue
*pcr_value
, const char *msg
);
148 void tpm2_log_debug_buffer(const void *buffer
, size_t size
, const char *msg
);
149 void tpm2_log_debug_digest(const TPM2B_DIGEST
*digest
, const char *msg
);
150 void tpm2_log_debug_name(const TPM2B_NAME
*name
, const char *msg
);
152 int tpm2_pcr_read(Tpm2Context
*c
, const TPML_PCR_SELECTION
*pcr_selection
, Tpm2PCRValue
**ret_pcr_values
, size_t *ret_n_pcr_values
);
153 int tpm2_pcr_read_missing_values(Tpm2Context
*c
, Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
);
155 int tpm2_calculate_name(const TPMT_PUBLIC
*public, TPM2B_NAME
*ret_name
);
156 int tpm2_calculate_policy_auth_value(TPM2B_DIGEST
*digest
);
157 int tpm2_calculate_policy_authorize(const TPM2B_PUBLIC
*public, const TPM2B_DIGEST
*policy_ref
, TPM2B_DIGEST
*digest
);
158 int tpm2_calculate_policy_pcr(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
, TPM2B_DIGEST
*digest
);
159 int tpm2_calculate_sealing_policy(const Tpm2PCRValue
*pcr_values
, size_t n_pcr_values
, const TPM2B_PUBLIC
*public, bool use_pin
, TPM2B_DIGEST
*digest
);
161 int tpm2_seal(Tpm2Context
*c
, const TPM2B_DIGEST
*policy
, const char *pin
, void **ret_secret
, size_t *ret_secret_size
, void **ret_blob
, size_t *ret_blob_size
, uint16_t *ret_primary_alg
, void **ret_srk_buf
, size_t *ret_srk_buf_size
);
162 int tpm2_unseal(const char *device
, uint32_t hash_pcr_mask
, uint16_t pcr_bank
, const void *pubkey
, size_t pubkey_size
, uint32_t pubkey_pcr_mask
, JsonVariant
*signature
, const char *pin
, uint16_t primary_alg
, const void *blob
, size_t blob_size
, const void *policy_hash
, size_t policy_hash_size
, const void *srk_buf
, size_t srk_buf_size
, void **ret_secret
, size_t *ret_secret_size
);
165 int tpm2_tpm2b_public_to_openssl_pkey(const TPM2B_PUBLIC
*public, EVP_PKEY
**ret
);
166 int tpm2_tpm2b_public_from_openssl_pkey(const EVP_PKEY
*pkey
, TPM2B_PUBLIC
*ret
);
169 int tpm2_tpm2b_public_from_pem(const void *pem
, size_t pem_size
, TPM2B_PUBLIC
*ret
);
170 int tpm2_tpm2b_public_to_fingerprint(const TPM2B_PUBLIC
*public, void **ret_fingerprint
, size_t *ret_fingerprint_size
);
172 /* The tpm2-tss library has many structs that are simply a combination of an array (or object) and
173 * size. These macros allow easily initializing or assigning instances of such structs from an existing
174 * buffer/object and size, while also checking the size for safety with the struct buffer/object size. If the
175 * provided buffer/object is NULL, the resulting struct's buffer/object will be 0s. If the provided size is
176 * larger than the struct's buffer/object size, this results in assertion failure; to check the size, use one
177 * of the TPM2B_*_CHECK_SIZE() macros. */
178 #define TPM2B_AUTH_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_AUTH, buffer, size)
179 #define TPM2B_DATA_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_DATA, buffer, size)
180 #define TPM2B_DIGEST_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_DIGEST, buffer, size)
181 #define TPM2B_ECC_PARAMETER_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_ECC_PARAMETER, buffer, size)
182 #define TPM2B_ENCRYPTED_SECRET_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_ENCRYPTED_SECRET, secret, size)
183 #define TPM2B_MAX_BUFFER_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_MAX_BUFFER, buffer, size)
184 #define TPM2B_NAME_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_NAME, name, size)
185 #define TPM2B_PRIVATE_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_PRIVATE, buffer, size)
186 #define TPM2B_PRIVATE_KEY_RSA_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_PRIVATE_KEY_RSA, buffer, size)
187 #define TPM2B_PUBLIC_KEY_RSA_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_PUBLIC_KEY_RSA, buffer, size)
188 #define TPM2B_SENSITIVE_DATA_MAKE(b, s) TPM2B_BUF_SIZE_STRUCT_MAKE(b, s, TPM2B_SENSITIVE_DATA, buffer, size)
189 #define TPM2B_BUF_SIZE_STRUCT_MAKE(buf, size, struct_type, buffer_field, size_field) \
190 _TPM2B_BUF_SIZE_STRUCT_MAKE(buf, size, UNIQ, struct_type, buffer_field, size_field)
191 #define _TPM2B_BUF_SIZE_STRUCT_MAKE(buf, size, uniq, struct_type, buffer_field, size_field) \
193 typeof(buf) UNIQ_T(BUF, uniq) = (buf); \
194 typeof(size) UNIQ_T(SIZE, uniq) = (size); \
195 struct_type UNIQ_T(STRUCT, uniq) = { .size_field = UNIQ_T(SIZE, uniq), }; \
196 assert(sizeof(UNIQ_T(STRUCT, uniq).buffer_field) >= (size_t) UNIQ_T(SIZE, uniq)); \
197 if (UNIQ_T(BUF, uniq)) \
198 memcpy(UNIQ_T(STRUCT, uniq).buffer_field, UNIQ_T(BUF, uniq), UNIQ_T(SIZE, uniq)); \
199 UNIQ_T(STRUCT, uniq); \
202 /* Check if the size will fit in the TPM2B struct buffer. Returns 0 if the size will fit, otherwise this logs
203 * a debug message and returns < 0. */
204 #define TPM2B_AUTH_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_AUTH, buffer)
205 #define TPM2B_DATA_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_DATA, buffer)
206 #define TPM2B_DIGEST_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_DIGEST, buffer)
207 #define TPM2B_ECC_PARAMETER_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_ECC_PARAMETER, buffer)
208 #define TPM2B_ENCRYPTED_SECRET_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_ENCRYPTED_SECRET, buffer)
209 #define TPM2B_MAX_BUFFER_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_MAX_BUFFER, buffer)
210 #define TPM2B_NAME_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_NAME, name)
211 #define TPM2B_PRIVATE_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_PRIVATE, buffer)
212 #define TPM2B_PRIVATE_KEY_RSA_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_PRIVATE_KEY_RSA, buffer)
213 #define TPM2B_PUBLIC_KEY_RSA_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_PUBLIC_KEY_RSA, buffer)
214 #define TPM2B_SENSITIVE_DATA_CHECK_SIZE(s) TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(s, TPM2B_SENSITIVE_DATA, buffer)
215 #define TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(size, struct_type, buffer_field) \
216 _TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(size, UNIQ, struct_type, buffer_field)
217 #define _TPM2B_BUF_SIZE_STRUCT_CHECK_SIZE(size, uniq, struct_type, buffer_field) \
219 size_t UNIQ_T(SIZE, uniq) = (size_t) (size); \
220 size_t UNIQ_T(BUFSIZE, uniq) = sizeof_field(struct_type, buffer_field); \
221 UNIQ_T(BUFSIZE, uniq) < UNIQ_T(SIZE, uniq) ? \
222 log_debug_errno(SYNTHETIC_ERRNO(EINVAL), \
223 "Size %zu larger than " #struct_type " buffer size %zu.", \
224 UNIQ_T(SIZE, uniq), UNIQ_T(BUFSIZE, uniq)) : \
228 #else /* HAVE_TPM2 */
229 typedef struct {} Tpm2Context
;
230 typedef struct {} Tpm2Handle
;
231 typedef struct {} Tpm2PCRValue
;
233 #define TPM2_PCR_VALUE_MAKE(i, h, v) (Tpm2PCRValue) {}
234 #endif /* HAVE_TPM2 */
236 int tpm2_list_devices(void);
237 int tpm2_find_device_auto(int log_level
, char **ret
);
239 int tpm2_make_pcr_json_array(uint32_t pcr_mask
, JsonVariant
**ret
);
240 int tpm2_parse_pcr_json_array(JsonVariant
*v
, uint32_t *ret
);
242 int tpm2_make_luks2_json(int keyslot
, uint32_t hash_pcr_mask
, uint16_t pcr_bank
, const void *pubkey
, size_t pubkey_size
, uint32_t pubkey_pcr_mask
, uint16_t primary_alg
, const void *blob
, size_t blob_size
, const void *policy_hash
, size_t policy_hash_size
, const void *salt
, size_t salt_size
, const void *srk_buf
, size_t srk_buf_size
, TPM2Flags flags
, JsonVariant
**ret
);
243 int tpm2_parse_luks2_json(JsonVariant
*v
, int *ret_keyslot
, uint32_t *ret_hash_pcr_mask
, uint16_t *ret_pcr_bank
, void **ret_pubkey
, size_t *ret_pubkey_size
, uint32_t *ret_pubkey_pcr_mask
, uint16_t *ret_primary_alg
, void **ret_blob
, size_t *ret_blob_size
, void **ret_policy_hash
, size_t *ret_policy_hash_size
, void **ret_salt
, size_t *ret_salt_size
, void **ret_srk_buf
, size_t *ret_srk_buf_size
, TPM2Flags
*ret_flags
);
245 /* Default to PCR 7 only */
246 #define TPM2_PCR_INDEX_DEFAULT (7)
247 #define TPM2_PCR_MASK_DEFAULT INDEX_TO_MASK(uint32_t, TPM2_PCR_INDEX_DEFAULT)
249 /* We want the helpers below to work also if TPM2 libs are not available, hence define these four defines if
250 * they are missing. */
251 #ifndef TPM2_ALG_SHA1
252 #define TPM2_ALG_SHA1 0x4
255 #ifndef TPM2_ALG_SHA256
256 #define TPM2_ALG_SHA256 0xB
259 #ifndef TPM2_ALG_SHA384
260 #define TPM2_ALG_SHA384 0xC
263 #ifndef TPM2_ALG_SHA512
264 #define TPM2_ALG_SHA512 0xD
268 #define TPM2_ALG_ECC 0x23
272 #define TPM2_ALG_RSA 0x1
275 int tpm2_hash_alg_to_size(uint16_t alg
);
277 const char *tpm2_hash_alg_to_string(uint16_t alg
) _const_
;
278 int tpm2_hash_alg_from_string(const char *alg
) _pure_
;
280 const char *tpm2_asym_alg_to_string(uint16_t alg
) _const_
;
281 int tpm2_asym_alg_from_string(const char *alg
) _pure_
;
283 char *tpm2_pcr_mask_to_string(uint32_t mask
);
286 uint32_t search_pcr_mask
;
288 const char *signature_path
;
289 } systemd_tpm2_plugin_params
;
291 typedef enum Tpm2Support
{
292 /* NOTE! The systemd-creds tool returns these flags 1:1 as exit status. Hence these flags are pretty
293 * much ABI! Hence, be extra careful when changing/extending these definitions. */
294 TPM2_SUPPORT_NONE
= 0, /* no support */
295 TPM2_SUPPORT_FIRMWARE
= 1 << 0, /* firmware reports TPM2 was used */
296 TPM2_SUPPORT_DRIVER
= 1 << 1, /* the kernel has a driver loaded for it */
297 TPM2_SUPPORT_SYSTEM
= 1 << 2, /* we support it ourselves */
298 TPM2_SUPPORT_SUBSYSTEM
= 1 << 3, /* the kernel has the tpm subsystem enabled */
299 TPM2_SUPPORT_LIBRARIES
= 1 << 4, /* we can dlopen the tpm2 libraries */
300 TPM2_SUPPORT_FULL
= TPM2_SUPPORT_FIRMWARE
|TPM2_SUPPORT_DRIVER
|TPM2_SUPPORT_SYSTEM
|TPM2_SUPPORT_SUBSYSTEM
|TPM2_SUPPORT_LIBRARIES
,
303 Tpm2Support
tpm2_support(void);
305 int tpm2_parse_pcr_argument(const char *arg
, Tpm2PCRValue
**ret_pcr_values
, size_t *ret_n_pcr_values
);
306 int tpm2_parse_pcr_argument_append(const char *arg
, Tpm2PCRValue
**ret_pcr_values
, size_t *ret_n_pcr_values
);
307 int tpm2_parse_pcr_argument_to_mask(const char *arg
, uint32_t *mask
);
309 int tpm2_load_pcr_signature(const char *path
, JsonVariant
**ret
);
310 int tpm2_load_pcr_public_key(const char *path
, void **ret_pubkey
, size_t *ret_pubkey_size
);
312 int tpm2_util_pbkdf2_hmac_sha256(const void *pass
,
316 uint8_t res
[static SHA256_DIGEST_SIZE
]);
319 /* Additional defines for the PCR index naming enum from "fundamental/tpm2-pcr.h" */
320 _TPM2_PCR_INDEX_MAX_DEFINED
= TPM2_PCRS_MAX
,
321 _TPM2_PCR_INDEX_INVALID
= -EINVAL
,
324 int tpm2_pcr_index_from_string(const char *s
) _pure_
;
325 const char *tpm2_pcr_index_to_string(int pcr
) _const_
;