From: Yu Watanabe Date: Thu, 19 Sep 2024 10:16:12 +0000 (+0900) Subject: tpm2-util: show loaded libraries in 'systemd-analyze has-tpm2' X-Git-Tag: v257-rc1~361 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=82f2c33db55be46c52720813a77d3b1b3bf8d1a4;p=thirdparty%2Fsystemd.git tpm2-util: show loaded libraries in 'systemd-analyze has-tpm2' After 3b16e9f41983f697bc38c40bb8e7119c1bb4f7c8, even the libraries are documented in the man page, it is useful to mention which libraries are checked in the command output. Of course, the dependencies are kind of implementation detail, and may be changed in the future version, but that's especially why I think showing the library deps in the output is useful. systemd-analyze is a debugging tool, and already shows many internal states. I think there is nothing to prevent from showing the deps. Prompted by #34477. --- diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml index ce0e83c5440..4372ea8abfe 100644 --- a/man/systemd-analyze.xml +++ b/man/systemd-analyze.xml @@ -978,7 +978,10 @@ default ignore - - +driver +system +subsystem -+libraries ++libraries + +libtss2-esys.so.0 + +libtss2-rc.so.0 + +libtss2-mu.so.0 diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index a9f6620a67d..723e6b4190d 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -112,7 +112,7 @@ static DLSYM_PROTOTYPE(Tss2_MU_UINT32_Marshal) = NULL; static DLSYM_PROTOTYPE(Tss2_RC_Decode) = NULL; -int dlopen_tpm2(void) { +static int dlopen_tpm2_esys(void) { int r; ELF_NOTE_DLOPEN("tpm", @@ -171,17 +171,21 @@ int dlopen_tpm2(void) { if (r < 0) log_debug("libtss2-esys too old, does not include Esys_TR_GetTpmHandle."); + return 0; +} + +static int dlopen_tpm2_rc(void) { ELF_NOTE_DLOPEN("tpm", "Support for TPM", ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED, "libtss2-rc.so.0"); - r = dlopen_many_sym_or_warn( + return dlopen_many_sym_or_warn( &libtss2_rc_dl, "libtss2-rc.so.0", LOG_DEBUG, DLSYM_ARG(Tss2_RC_Decode)); - if (r < 0) - return r; +} +static int dlopen_tpm2_mu(void) { ELF_NOTE_DLOPEN("tpm", "Support for TPM", ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED, @@ -210,6 +214,24 @@ int dlopen_tpm2(void) { DLSYM_ARG(Tss2_MU_UINT32_Marshal)); } +int dlopen_tpm2(void) { + int r; + + r = dlopen_tpm2_esys(); + if (r < 0) + return r; + + r = dlopen_tpm2_rc(); + if (r < 0) + return r; + + r = dlopen_tpm2_mu(); + if (r < 0) + return r; + + return 0; +} + void Esys_Freep(void *p) { assert(p); @@ -7900,9 +7922,20 @@ Tpm2Support tpm2_support_full(Tpm2Support mask) { #if HAVE_TPM2 support |= TPM2_SUPPORT_SYSTEM; - if (FLAGS_SET(mask, TPM2_SUPPORT_LIBRARIES)) { - r = dlopen_tpm2(); + if ((mask & (TPM2_SUPPORT_LIBRARIES|TPM2_SUPPORT_LIBTSS2_ALL)) != 0) { + r = dlopen_tpm2_esys(); + if (r >= 0) + support |= TPM2_SUPPORT_LIBTSS2_ESYS; + + r = dlopen_tpm2_rc(); if (r >= 0) + support |= TPM2_SUPPORT_LIBTSS2_RC; + + r = dlopen_tpm2_mu(); + if (r >= 0) + support |= TPM2_SUPPORT_LIBTSS2_MU; + + if (FLAGS_SET(support, TPM2_SUPPORT_LIBTSS2_ALL)) support |= TPM2_SUPPORT_LIBRARIES; } #endif @@ -7910,8 +7943,8 @@ Tpm2Support tpm2_support_full(Tpm2Support mask) { return support & mask; } -static void print_field(const char *s, bool supported) { - printf("%s%s%s%s\n", supported ? ansi_green() : ansi_red(), plus_minus(supported), s, ansi_normal()); +static void print_field(const char *prefix, const char *s, bool supported) { + printf("%s%s%s%s%s\n", strempty(prefix), supported ? ansi_green() : ansi_red(), plus_minus(supported), s, ansi_normal()); } int verb_has_tpm2_generic(bool quiet) { @@ -7927,18 +7960,21 @@ int verb_has_tpm2_generic(bool quiet) { else printf("%spartial%s\n", ansi_yellow(), ansi_normal()); - print_field("firmware", FLAGS_SET(s, TPM2_SUPPORT_FIRMWARE)); - print_field("driver", FLAGS_SET(s, TPM2_SUPPORT_DRIVER)); - print_field("system", FLAGS_SET(s, TPM2_SUPPORT_SYSTEM)); - print_field("subsystem", FLAGS_SET(s, TPM2_SUPPORT_SUBSYSTEM)); - print_field("libraries", FLAGS_SET(s, TPM2_SUPPORT_LIBRARIES)); + print_field(NULL, "firmware", FLAGS_SET(s, TPM2_SUPPORT_FIRMWARE)); + print_field(NULL, "driver", FLAGS_SET(s, TPM2_SUPPORT_DRIVER)); + print_field(NULL, "system", FLAGS_SET(s, TPM2_SUPPORT_SYSTEM)); + print_field(NULL, "subsystem", FLAGS_SET(s, TPM2_SUPPORT_SUBSYSTEM)); + print_field(NULL, "libraries", FLAGS_SET(s, TPM2_SUPPORT_LIBRARIES)); + print_field(" ", "libtss2-esys.so.0", FLAGS_SET(s, TPM2_SUPPORT_LIBTSS2_ESYS)); + print_field(" ", "libtss2-rc.so.0", FLAGS_SET(s, TPM2_SUPPORT_LIBTSS2_RC)); + print_field(" ", "libtss2-mu.so.0", FLAGS_SET(s, TPM2_SUPPORT_LIBTSS2_MU)); } /* Return inverted bit flags. So that TPM2_SUPPORT_FULL becomes EXIT_SUCCESS and the other values * become some reasonable values 1…7. i.e. the flags we return here tell what is missing rather than * what is there, acknowledging the fact that for process exit statuses it is customary to return * zero (EXIT_FAILURE) when all is good, instead of all being bad. */ - return ~s & TPM2_SUPPORT_FULL; + return ~s & TPM2_SUPPORT_API; } #if HAVE_TPM2 diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index 0bd9c3d9d1b..b0ea2c9e5f7 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -452,13 +452,20 @@ typedef struct { typedef enum Tpm2Support { /* NOTE! The systemd-analyze has-tpm2 command returns these flags 1:1 as exit status. Hence these * flags are pretty much ABI! Hence, be extra careful when changing/extending these definitions. */ - TPM2_SUPPORT_NONE = 0, /* no support */ - TPM2_SUPPORT_FIRMWARE = 1 << 0, /* firmware reports TPM2 was used */ - TPM2_SUPPORT_DRIVER = 1 << 1, /* the kernel has a driver loaded for it */ - TPM2_SUPPORT_SYSTEM = 1 << 2, /* we support it ourselves */ - TPM2_SUPPORT_SUBSYSTEM = 1 << 3, /* the kernel has the tpm subsystem enabled */ - TPM2_SUPPORT_LIBRARIES = 1 << 4, /* we can dlopen the tpm2 libraries */ - TPM2_SUPPORT_FULL = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_LIBRARIES, + TPM2_SUPPORT_NONE = 0, /* no support */ + TPM2_SUPPORT_FIRMWARE = 1 << 0, /* firmware reports TPM2 was used */ + TPM2_SUPPORT_DRIVER = 1 << 1, /* the kernel has a driver loaded for it */ + TPM2_SUPPORT_SYSTEM = 1 << 2, /* we support it ourselves */ + TPM2_SUPPORT_SUBSYSTEM = 1 << 3, /* the kernel has the tpm subsystem enabled */ + TPM2_SUPPORT_LIBRARIES = 1 << 4, /* we can dlopen the tpm2 libraries */ + TPM2_SUPPORT_API = TPM2_SUPPORT_FIRMWARE|TPM2_SUPPORT_DRIVER|TPM2_SUPPORT_SYSTEM|TPM2_SUPPORT_SUBSYSTEM|TPM2_SUPPORT_LIBRARIES, + + /* Flags below are not returned by systemd-analyze has-tpm2 as exit status. */ + TPM2_SUPPORT_LIBTSS2_ESYS = 1 << 5, /* we can dlopen libtss2-esys.so.0 */ + TPM2_SUPPORT_LIBTSS2_RC = 1 << 6, /* we can dlopen libtss2-rc.so.0 */ + TPM2_SUPPORT_LIBTSS2_MU = 1 << 7, /* we can dlopen libtss2-mu.so.0 */ + TPM2_SUPPORT_LIBTSS2_ALL = TPM2_SUPPORT_LIBTSS2_ESYS|TPM2_SUPPORT_LIBTSS2_RC|TPM2_SUPPORT_LIBTSS2_MU, + TPM2_SUPPORT_FULL = TPM2_SUPPORT_API|TPM2_SUPPORT_LIBTSS2_ALL, } Tpm2Support; Tpm2Support tpm2_support_full(Tpm2Support mask);