Merge pull request #23122 from poettering/creds-has-tpm2

tpm2: beef up tpm2 support checks
author: Lennart Poettering <lennart@poettering.net> 2022-04-20 23:18:02 +0200
committer: GitHub <noreply@github.com> 2022-04-20 23:18:02 +0200
commit: 231a1caf5e906e44640f11e8cf22e9d3b5844dc6 (patch)
tree: 59945e4a46926e024a1e21b0ac8d56b7ae134cf5 /src/creds
parent: ebf3ee410536d9f9a1cab513538fdbc596c47908 (diff)
parent: eb81249e8a311e78310acbe92245c2ec8d72370c (diff)
download: systemd-231a1caf5e906e44640f11e8cf22e9d3b5844dc6.tar.gz
1 files changed, 44 insertions, 7 deletions
diff --git a/src/creds/creds.c b/src/creds/creds.c
index c5a1dc506c..92aedc903f 100644
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -48,6 +48,7 @@ static bool arg_name_any = false;
 static usec_t arg_timestamp = USEC_INFINITY;
 static usec_t arg_not_after = USEC_INFINITY;
 static bool arg_pretty = false;
+static bool arg_quiet = false;
 
 static const char* transcode_mode_table[_TRANSCODE_MAX] = {
         [TRANSCODE_OFF] = "off",
@@ -525,6 +526,34 @@ static int verb_setup(int argc, char **argv, void *userdata) {
         return EXIT_SUCCESS;
 }
 
+static int verb_has_tpm2(int argc, char **argv, void *userdata) {
+        Tpm2Support s;
+
+        s = tpm2_support();
+
+        if (!arg_quiet) {
+                if (s == TPM2_SUPPORT_FULL)
+                        puts("yes");
+                else if (s == TPM2_SUPPORT_NONE)
+                        puts("no");
+                else
+                        puts("partial");
+
+                printf("%sfirmware\n"
+                       "%sdriver\n"
+                       "%ssystem\n",
+                       plus_minus(s & TPM2_SUPPORT_FIRMWARE),
+                       plus_minus(s & TPM2_SUPPORT_DRIVER),
+                       plus_minus(s & TPM2_SUPPORT_SYSTEM));
+        }
+
+        /* Return inverted bit flags. So that TPM2_SUPPORT_FULL becomes EXIT_SUCCESS and the other values
+         * become some reasonable values 1…7. i.e. the flags we return here tell what is missing rather than
+         * what is there, acknowledging the fact that for process exit statusses it is customary to return
+         * zero (EXIT_FAILURE) when all is good, instead of all being bad. */
+        return ~s & TPM2_SUPPORT_FULL;
+}
+
 static int verb_help(int argc, char **argv, void *userdata) {
         _cleanup_free_ char *link = NULL;
         int r;
@@ -543,6 +572,7 @@ static int verb_help(int argc, char **argv, void *userdata) {
                "                          ciphertext credential file\n"
                "  decrypt INPUT [OUTPUT]  Decrypt ciphertext credential file and write to\n"
                "                          plaintext credential file\n"
+               "  has-tpm2                Report whether TPM2 support is available\n"
                "  -h --help               Show this help\n"
                "     --version            Show package version\n"
                "\n%3$sOptions:%4$s\n"
@@ -568,6 +598,7 @@ static int verb_help(int argc, char **argv, void *userdata) {
                "                          Pick TPM2 device\n"
                "     --tpm2-pcrs=PCR1+PCR2+PCR3+…\n"
                "                          Specify TPM2 PCRs to seal against\n"
+               "  -q --quiet              Suppress output for 'has-tpm2' verb\n"
                "\nSee the %2$s for details.\n"
                , program_invocation_short_name
                , link
@@ -612,6 +643,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "name",        required_argument, NULL, ARG_NAME        },
                 { "timestamp",   required_argument, NULL, ARG_TIMESTAMP   },
                 { "not-after",   required_argument, NULL, ARG_NOT_AFTER   },
+                { "quiet",       no_argument,       NULL, 'q'             },
                 {}
         };
 
@@ -620,7 +652,7 @@ static int parse_argv(int argc, char *argv[]) {
         assert(argc >= 0);
         assert(argv);
 
-        while ((c = getopt_long(argc, argv, "hHTp", options, NULL)) >= 0) {
+        while ((c = getopt_long(argc, argv, "hHTpq", options, NULL)) >= 0) {
 
                 switch (c) {
 
@@ -761,6 +793,10 @@ static int parse_argv(int argc, char *argv[]) {
 
                         break;
 
+                case 'q':
+                        arg_quiet = true;
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -778,12 +814,13 @@ static int parse_argv(int argc, char *argv[]) {
 static int creds_main(int argc, char *argv[]) {
 
         static const Verb verbs[] = {
-                { "list",    VERB_ANY, 1,        VERB_DEFAULT, verb_list    },
-                { "cat",     2,        VERB_ANY, 0,            verb_cat     },
-                { "encrypt", 3,        3,        0,            verb_encrypt },
-                { "decrypt", 2,        3,        0,            verb_decrypt },
-                { "setup",   VERB_ANY, 1,        0,            verb_setup   },
-                { "help",    VERB_ANY, 1,        0,            verb_help    },
+                { "list",     VERB_ANY, 1,        VERB_DEFAULT, verb_list     },
+                { "cat",      2,        VERB_ANY, 0,            verb_cat      },
+                { "encrypt",  3,        3,        0,            verb_encrypt  },
+                { "decrypt",  2,        3,        0,            verb_decrypt  },
+                { "setup",    VERB_ANY, 1,        0,            verb_setup    },
+                { "help",     VERB_ANY, 1,        0,            verb_help     },
+                { "has-tpm2", VERB_ANY, 1,        0,            verb_has_tpm2 },
                 {}
         };
author	Lennart Poettering <lennart@poettering.net>	2022-04-20 23:18:02 +0200
committer	GitHub <noreply@github.com>	2022-04-20 23:18:02 +0200
commit	231a1caf5e906e44640f11e8cf22e9d3b5844dc6 (patch)
tree	59945e4a46926e024a1e21b0ac8d56b7ae134cf5 /src/creds
parent	ebf3ee410536d9f9a1cab513538fdbc596c47908 (diff)
parent	eb81249e8a311e78310acbe92245c2ec8d72370c (diff)
download	systemd-231a1caf5e906e44640f11e8cf22e9d3b5844dc6.tar.gz