Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for enumerating key handles #1

Merged
merged 5 commits into from
May 31, 2016
Merged

Support for enumerating key handles #1

merged 5 commits into from
May 31, 2016

Conversation

kevinawalsh
Copy link
Contributor

This is useful for debugging and is needed for graceful cleanup or recovery of TPM resources. Specifically, some TPMs seem to run out of key handles, causing LoadKey to fail, and the key handles persist even across reboots. Apparently, the only way to clear them short of resetting the TPM is to enumerate and explicitly unload old keys.

@kevinawalsh
support for enumerating key handles
b402dc0 
GetKeys will return a list of handles for currently-loaded TPM keys.
This is useful for debugging and is needed for graceful cleanup or
recovery of TPM resources.
@kevinawalsh
Merge branch 'master' of https://github.com/google/go-tpm
0dd805b 
Conflicts:
	tpm/tpm.go
@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@kevinawalsh
Copy link
Contributor Author

I signed it!

@googlebot
Copy link

CLAs look good, thanks!

tmroeder
tmroeder reviewed May 31, 2016
View reviewed changes
tpm/encoding.go
if n == 0 {
return nil, nil
}
h := make([]Handle, int(n))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that make accepts any integer type in its size argument, so I don't think you need to cast to int here.

tmroeder
tmroeder reviewed May 31, 2016
View reviewed changes
tpm/encoding.go
@@ -140,6 +140,25 @@ func packType(buf io.Writer, elts []interface{}) error {
return nil
}

func unpackKeyHandleList(b []byte) ([]Handle, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a test in encoding_test.go for the new encoding function.

@kevinawalsh
Copy link
Contributor Author

I think the latest commits address all of your concerns Tom.

@tmroeder tmroeder merged commit 9c05260 into google:master May 31, 2016
twitchy-jsonp pushed a commit that referenced this pull request Jul 23, 2020
@chrisfenner
Fix TPM 1.2 migration (#195)
d7806cc 
* Fix issue with TPM 1.2 migration auth (#1)

Fix some TPM 1.2-specific issues related to key migration and testing:

- A bug in CreateWrapKey that uses an incorrect key to encrypt a key's `migrationAuth` value
- Addition of `AuthorizeMigrationKey` and `CreateMigrationBlob` command functions to enable testing of migration auth bug fix
- A bug fix in TakeOwnership that prevented successful authorization of the command
- A session leak in a couple of TPM 1.2 tests (`TestOIAP` and `TestOSAP`)
- Improvements to the TPM 1.2 tests to allow execution on a TPM that needs to be started up
- Initial effort at documentation for running the TPM 1.2 tests against the IBM simulator

* Delete extraneous file
chrisfenner added a commit that referenced this pull request Feb 19, 2022
@chrisfenner
Introduce Direct TPM2 API (#266)
0b55c34 
* Introduce Direct TPM2 API

This commit introduces a new method of interacting with a TPM 2.0.
Instead of plumbing each TPM API into one or more Go functions, this
code defines structures for every TPM 2.0 command request and response.
These map 1:1 with the actual command parameters comprehended by the
TPM, so any invocation of any command is possible (once all the command
structures are written).

This commit introduces enough of the TPM 2.0 API surface to put together
some interesting end-to-end tests, mostly around sealing.

Another objective of the Direct API is to facilitate use of the TPM's
session-based command transport features (e.g., audit and encryption
sessions). See the test code for examples of how to easily use these
APIs to, e.g., set up an EK-salted session for session-encrypted unseal.

Change-Id: I1549dd596869d79ddd41ff3c5f9ffdadc9628ed4

* fix problems identified by go vet

* fix some more issues identified by go vet

* fix some more issues surfaced by vet

* fix more go vet issues

* one last round of go vet fixes

* Use subpackages and put the Execute function on the command types (#1)

* WIP: put stuff into subpackages to make the names nice

* use internal monolithic package to avoid cycles

* complete the tpm2 package

* fix test references to renamed types

* switch to command.Execute pattern

* fix some unkeyed field values detected by go vet

* stop panicking from Hash

* Draft implementation of Joe's embedded-reserved-field bitwise solution

* Turn command handles into an interface to avoid caller stuttering
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kevinawalsh @googlebot @tmroeder