tpm2-abrmd sysvinit script with more recent kernels

flihp / meta-measured

openembedded meta layer containing recipes for TPM / TCG software

Other

20 stars 33 forks source link

tpm2-abrmd sysvinit script with more recent kernels #56

Closed twoerner closed 5 years ago

twoerner commented 6 years ago

Currently there are two kernels the rpi3 can use from OE:

linux-raspberrypi which is 4.9.65
linux-raspberrypi-dev which is 4.14.13

Under 4.9 there is only one tpm device node:

# ls -l /dev/tpm*
crw------- 1 tss tss 10, 224 Jan  1  1970 /dev/tpm0

Under 4.14 there are two:

# ls -l /dev/tpm*
crw------- 1 tss  tss   10,   224 Jan  1  1970 /dev/tpm0
crw------- 1 root root 243, 65536 Jan  1  1970 /dev/tpmrm0

Therefore the following script line: if [ ! -e /dev/tpm* ]

is perfectly fine in 4.9 but results in the error:

# /etc/init.d/tpm2-abrmd start
Starting TCG TSS2 Access Broker and Resource Management daemon: /etc/init.d/tpm2-abrmd: line 30: [: /dev/tpm0: binary operator expected
tpm2-abrmd.

under 4.14 and the user-space daemon doesn't get loaded.

twoerner commented 6 years ago

There are a couple ways this could be fixed. One possibility is to count the tpm devices and proceed if the number is greater than zero:

COUNT=$(ls /dev/tpm* | wc -l)

flihp commented 6 years ago

Currently the /dev/tpmrm0 device shouldn't be opened by the tpm2-abrmd. This node is connected to some kernel code that will eventually take over some functions of the tpm2-abrmd but it's not fully functional yet and there are still a lot of older kernels (the core of the in-kernel resource management code was added in 4.12). Eventually the plan is to have the tpm2-abrmd use the in-kernel resource management code and then fill in whatever gaps are in the kernel implementation in user space. Till then the tpm2-abrmd should only use /dev/tpm0.

So I think this is a no-op? Feel free to re-open this if I'm mistaken or if I misunderstood the issue.

flihp commented 6 years ago

I should probably copy / paste that last comment into the tpm2-abrmd README.md ...

flihp commented 6 years ago

https://github.com/intel/tpm2-abrmd/blob/master/README.md#tpm2-abrmd-vs-in-kernel-rm: Most of this is already in the docs for the tpm2-abrmd but I left out the critical detail of identifying the device nodes. No wounder you didn't find this. Sorry for the confusion.

twoerner commented 6 years ago

the

/etc/init.d/tpm2-abrmd start

script fails and the userspace daemon is not loaded/run

I don't think I have the authority to re-open, but it should be re-opened

flihp commented 6 years ago

Ah I see. So the issue is the second device node being present and causing the script to freak out. I misunderstood.