qubes-linux-template-builder/scripts_debian/proxy/files/etc/xen/scripts/vtpm-impl

#!/bin/bash
# ===================================================================
# 
# Copyright (c) 2005, Intel Corp.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without 
# modification, are permitted provided that the following conditions 
# are met:
#
#   * Redistributions of source code must retain the above copyright 
#     notice, this list of conditions and the following disclaimer.
#   * Redistributions in binary form must reproduce the above 
#     copyright notice, this list of conditions and the following 
#     disclaimer in the documentation and/or other materials provided 
#     with the distribution.
#   * Neither the name of Intel Corporation nor the names of its 
#     contributors may be used to endorse or promote products derived
#     from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
# OF THE POSSIBILITY OF SUCH DAMAGE.
# ===================================================================

#            |        SRC        |    TAG  |      CMD SIZE     |        ORD       |mtype|strt
TPM_CMD_OPEN=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x01
TPM_CMD_RESM=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x02
TPM_CMD_CLOS=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x02
TPM_CMD_DELE=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x03

TPM_TYPE_PVM=\\x01
TPM_TYPE_HVM=\\x02

TPM_SUCCESS=00000000

TX_VTPM_MANAGER=/var/vtpm/fifos/from_console.fifo
RX_VTPM_MANAGER=/var/vtpm/fifos/to_console.fifo

VTPM_MIG=/usr/bin/vtpm_migrator

# -------------------- Helpers for binary streams -----------

function str_to_hex32() {
 printf "%0.8x" $1
}

function hex32_to_bin() {
 local inst=$(str_to_hex32 $1);
 
 local n1=`echo $inst | sed 's/\(..\)....../\\\\x\1/'`
 local n2=`echo $inst | sed 's/..\(..\)..../\\\\x\1/'`
 local n3=`echo $inst | sed 's/....\(..\)../\\\\x\1/'`
 local n4=`echo $inst | sed 's/......\(..\)/\\\\x\1/'`

 echo "$n1$n2$n3$n4"
}

function vtpm_manager_cmd() {
 local cmd=$1;
 local inst=$2;
 local inst_bin=$(hex32_to_bin $inst);

 claim_lock vtpm_mgr

 #send cmd to vtpm_manager
 printf "$cmd$inst_bin" > $TX_VTPM_MANAGER

 #recv response
 set +e
 local resp_hex=`dd skip=10 bs=1 count=4 if=$RX_VTPM_MANAGER 2> /dev/null | xxd -ps`
 set -e

 release_lock vtpm_mgr

 #return whether the command was successful
 if [ $resp_hex -ne $TPM_SUCCESS ]; then
   vtpm_fatal_error=1
   false
  else
   true
 fi
}

# Helper to get vm type to pass to vtpm_manager open/resume
function vtpm_get_type() {
 local inst=$(xenstore_read $XENBUS_PATH/frontend-id)
 local vm=$(xenstore_read /local/domain/$inst/vm)
 if [ "$vm" != "" ]; then
  local ostype=$(xenstore-read $vm/image/ostype)
  if [ "$ostype" == "hvm" ]; then
   echo $TPM_TYPE_HVM;
  else
   echo $TPM_TYPE_PVM;
  fi
 fi
}

# ------------------ Command handlers -----------------

# Create new vtpm instance & set it up for use
function vtpm_create () {
 # Creation is handled implicitly by the manager on first setup
 # so just set it up for use
 $(vtpm_start $1)
}

# Setup vtpm instance for use.
function vtpm_start() {
 local vmtype=$(vtpm_get_type);
 $(vtpm_manager_cmd $TPM_CMD_OPEN$vmtype $1)
}

function vtpm_resume() {
 local vmtype=$(vtpm_get_type);
 $(vtpm_manager_cmd $TPM_CMD_RESM$vmtype $1)
}

# Reset the vtpm AKA clear PCRs
function vtpm_reset() {
 #not used by current implemenation
 true
}

# Shutdown the vtpm while the vm is down
# This could be a suspend of shutdown
# we cannot distinquish, so save the state
# and decide on startup if we should keep is
function vtpm_suspend() {
 $(vtpm_manager_cmd $TPM_CMD_CLOS $1)
}


function vtpm_delete() {
 local inst=$1
 if $(vtpm_manager_cmd $TPM_CMD_DELE $inst); then
   rm -f /var/vtpm/vtpm_dm_$1.data
   true
 else 
   vtpm_fatal_error=1
   false
 fi
}

# Perform a migration step. This function differentiates between migration
# to the local host or to a remote machine.
# Parameters:
# 1st: destination host to migrate to
# 2nd: name of the domain to migrate
# 3rd: the migration step to perform
function vtpm_migrate() {
 local instance res

 instance=$(vtpmdb_find_instance $2)
 if [ "$instance" == "" ]; then
  log err "VTPM Migratoin failed. Unable to translation of domain name"
  echo "Error: VTPM Migration failed while looking up instance number"
 fi

 case "$3" in
  0)
   #Incicate migration supported
   echo "0" 
  ;;

  1)
   # Get Public Key from Destination
   # Call vtpm_manager's migration part 1
   claim_lock vtpm_mgr
   $VTPM_MIG $1 $2 $instance $3
   release_lock vtpm_mgr
  ;;

  2)
   # Call manager's migration step 2 and send result to destination
   # If successful remove from db
   claim_lock vtpm_mgr
   $VTPM_MIG $1 $2 $instance $3
   release_lock vtpm_mgr
  ;;

  3)
   if `ps x | grep "$VTPM_MIG $1"`; then
    log err "VTPM Migration failed to complete."
    echo "Error: VTPM Migration failed to complete."
   fi
  ;;
 esac
 
}


function vtpm_migrate_recover() {
 echo "Error: Recovery not supported yet" 
}

function vtpm_migrate_local() {
 echo "Error: local vTPM migration not supported"
}