Use the IBM TSS to implement the functions as an alternative to the
command line tools.
The algorithm_string_to_algid() function supports only the digest
algorithms in use. The table has place holders for other algorithms
as they are needed and the C strings are defined.
The table can also be used for an algorithm ID to string function if
it's ever needed.
When using the IBM TSS, link in its library.
Signed-off-by: Ken Goldman <kgoldman@us.ibm.com>
[zohar@linux.ibm.com: updated configure.ac, replaced license with SPDX,
added comment before TSS_Delete and modified rc1 testing.]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Updated both the release and library (ABI change) versions. See the
"Changelog" for a list of the new features, bug fixes, and code cleanup.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
instead of checking in build time as it's runtime dependency.
Also log when tsspcrread not found to make debugging easier.
We search for tsspcrread unless there is tss2-esys with Esys_PCR_Read(),
thus pcr_none.c was dropped as unneeded.
file_exist(), tst_get_path() and MIN() taken from LTP project.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
[zohar@linux.ibm.com: added USE_FPRINTF definitions]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This patch makes it possible to use the Intel TSS2 for getting
PCR values from the SHA1/SHA256 banks on a TPM2.
It is somewhat naive as it doesn't use the multi-PCR selection
that TSS2 is capable of, that is for a future patch.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
[zohar@linux.ibm.com: added missing "stdint.h" in pcr_tsspcrread.c]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Updated both the release and library (ABI change) versions. See the
"Changelog" for a short list of the new features, bug fixes, and code
cleanup.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Include hash-info.gen into tarball and call it from the sourcedir to fix
out-of-tree build (and thus 'make distcheck').
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning
about deprecated variable usage.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
There is no need to link to full libssl. evmctl uses functions from
libcrypto, so let's link only against that library.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
If configured with "--with-kernel-headers=PATH" try to extract hash
algorithms from "hash_info.h" from the kernel source tree or
kernel-headers package located in the specified path. (Otherwise, it
will be tried to get from the installed kernel.)
This also introduces two algorithm lists, one is built-in and another is
from the kernel source. (They should never contain conflicting algorithm
IDs by their append-only nature.) If the digest is not found in the
built-in list it will be searched in the list from kernel's
"hash_info.h".
This patch will allow evmctl to be just recompiled to work with digest
algorithms introduced in the newer kernels.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
evmctl provides signing support for IMA/EVM.
Functionality includes signing of file content (IMA), file metadata (EVM),
importing public keys into kernel keyring.
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
