qubes-linux-template-builder/scripts_debian/proxy/files/etc/xen/scripts/vtpm-impl

209 lines
5.8 KiB
Plaintext
Raw Normal View History

#!/bin/bash
# ===================================================================
#
# Copyright (c) 2005, Intel Corp.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
# OF THE POSSIBILITY OF SUCH DAMAGE.
# ===================================================================
# | SRC | TAG | CMD SIZE | ORD |mtype|strt
TPM_CMD_OPEN=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x01
TPM_CMD_RESM=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x02
TPM_CMD_CLOS=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x02
TPM_CMD_DELE=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x03
TPM_TYPE_PVM=\\x01
TPM_TYPE_HVM=\\x02
TPM_SUCCESS=00000000
TX_VTPM_MANAGER=/var/vtpm/fifos/from_console.fifo
RX_VTPM_MANAGER=/var/vtpm/fifos/to_console.fifo
VTPM_MIG=/usr/bin/vtpm_migrator
# -------------------- Helpers for binary streams -----------
function str_to_hex32() {
printf "%0.8x" $1
}
function hex32_to_bin() {
local inst=$(str_to_hex32 $1);
local n1=`echo $inst | sed 's/\(..\)....../\\\\x\1/'`
local n2=`echo $inst | sed 's/..\(..\)..../\\\\x\1/'`
local n3=`echo $inst | sed 's/....\(..\)../\\\\x\1/'`
local n4=`echo $inst | sed 's/......\(..\)/\\\\x\1/'`
echo "$n1$n2$n3$n4"
}
function vtpm_manager_cmd() {
local cmd=$1;
local inst=$2;
local inst_bin=$(hex32_to_bin $inst);
claim_lock vtpm_mgr
#send cmd to vtpm_manager
printf "$cmd$inst_bin" > $TX_VTPM_MANAGER
#recv response
set +e
local resp_hex=`dd skip=10 bs=1 count=4 if=$RX_VTPM_MANAGER 2> /dev/null | xxd -ps`
set -e
release_lock vtpm_mgr
#return whether the command was successful
if [ $resp_hex -ne $TPM_SUCCESS ]; then
vtpm_fatal_error=1
false
else
true
fi
}
# Helper to get vm type to pass to vtpm_manager open/resume
function vtpm_get_type() {
local inst=$(xenstore_read $XENBUS_PATH/frontend-id)
local vm=$(xenstore_read /local/domain/$inst/vm)
if [ "$vm" != "" ]; then
local ostype=$(xenstore-read $vm/image/ostype)
if [ "$ostype" == "hvm" ]; then
echo $TPM_TYPE_HVM;
else
echo $TPM_TYPE_PVM;
fi
fi
}
# ------------------ Command handlers -----------------
# Create new vtpm instance & set it up for use
function vtpm_create () {
# Creation is handled implicitly by the manager on first setup
# so just set it up for use
$(vtpm_start $1)
}
# Setup vtpm instance for use.
function vtpm_start() {
local vmtype=$(vtpm_get_type);
$(vtpm_manager_cmd $TPM_CMD_OPEN$vmtype $1)
}
function vtpm_resume() {
local vmtype=$(vtpm_get_type);
$(vtpm_manager_cmd $TPM_CMD_RESM$vmtype $1)
}
# Reset the vtpm AKA clear PCRs
function vtpm_reset() {
#not used by current implemenation
true
}
# Shutdown the vtpm while the vm is down
# This could be a suspend of shutdown
# we cannot distinquish, so save the state
# and decide on startup if we should keep is
function vtpm_suspend() {
$(vtpm_manager_cmd $TPM_CMD_CLOS $1)
}
function vtpm_delete() {
local inst=$1
if $(vtpm_manager_cmd $TPM_CMD_DELE $inst); then
rm -f /var/vtpm/vtpm_dm_$1.data
true
else
vtpm_fatal_error=1
false
fi
}
# Perform a migration step. This function differentiates between migration
# to the local host or to a remote machine.
# Parameters:
# 1st: destination host to migrate to
# 2nd: name of the domain to migrate
# 3rd: the migration step to perform
function vtpm_migrate() {
local instance res
instance=$(vtpmdb_find_instance $2)
if [ "$instance" == "" ]; then
log err "VTPM Migratoin failed. Unable to translation of domain name"
echo "Error: VTPM Migration failed while looking up instance number"
fi
case "$3" in
0)
#Incicate migration supported
echo "0"
;;
1)
# Get Public Key from Destination
# Call vtpm_manager's migration part 1
claim_lock vtpm_mgr
$VTPM_MIG $1 $2 $instance $3
release_lock vtpm_mgr
;;
2)
# Call manager's migration step 2 and send result to destination
# If successful remove from db
claim_lock vtpm_mgr
$VTPM_MIG $1 $2 $instance $3
release_lock vtpm_mgr
;;
3)
if `ps x | grep "$VTPM_MIG $1"`; then
log err "VTPM Migration failed to complete."
echo "Error: VTPM Migration failed to complete."
fi
;;
esac
}
function vtpm_migrate_recover() {
echo "Error: Recovery not supported yet"
}
function vtpm_migrate_local() {
echo "Error: local vTPM migration not supported"
}