Conversation
itsManjeet
force-pushed
the
tpm-device-support
branch
5 times, most recently
from
e48e3a9 to
a9a08ca
Compare
itsManjeet
force-pushed
the
tpm-device-support
branch
7 times, most recently
from
6cbc3d0 to
c817b16
Compare
itsManjeet
force-pushed
the
tpm-device-support
branch
3 times, most recently
from
f4bb295 to
b6df96f
Compare
itsManjeet
force-pushed
the
tpm-device-support
branch
3 times, most recently
from
4217e7e to
4a78fc6
Compare
itsManjeet
changed the title
|
It doesn’t have test cases for the TPM part; we need to set up TPM in GitHub Actions. Right now, I’m trying to get TPM working in the GitHub Actions workflow for SPDM-EMU at DMTF/spdm-emu#444 |
itsManjeet
force-pushed
the
tpm-device-support
branch
2 times, most recently
from
4669d6a to
42d062e
Compare
itsManjeet
force-pushed
the
tpm-device-support
branch
3 times, most recently
from
5a4b980 to
1f1fb6a
Compare
|
Hi, I’ve added some details in GitHub Discussion (#3286) describing how to test the TPM-backed SPDM support in libspdm via spdm-emu safely using software TPM. |
| #include "library/memlib.h" | ||
| #include "spdm_device_secret_lib_internal.h" | ||
| #include "internal/libspdm_common_lib.h" | ||
|
|
There was a problem hiding this comment.
why this file need change in TPM mode?
There was a problem hiding this comment.
Yes, it’s not strictly needed, but multiple unit tests depend on the global variables and functions exposed by these files. I reverted these files and reusing the existing ones from the sample device.
| #include "library/memlib.h" | ||
| #include "spdm_device_secret_lib_internal.h" | ||
| #include "internal/libspdm_common_lib.h" | ||
|
|
There was a problem hiding this comment.
why this file need change in TPM mode?
| * Copyright 2021-2022 DMTF. All rights reserved. | ||
| * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md | ||
| **/ | ||
|
|
There was a problem hiding this comment.
why this file need change in TPM mode?
| bool libspdm_tpm_device_init(); | ||
|
|
||
| bool libspdm_tpm_get_private_key(void *handle, void **context); | ||
|
|
||
| bool libspdm_tpm_get_public_key(void *handle, void **context); | ||
|
|
||
| bool libspdm_tpm_read_pcr(uint32_t hash_algo, uint32_t index, void *buffer, size_t *size); | ||
|
|
||
| bool libspdm_tpm_read_nv(uint32_t index, void **buffer, size_t *size); |
There was a problem hiding this comment.
I am not sure why we need it in HAL. It seems only internal used by spdm_device_secret_lib_tpm.
If libspdm does not consume those API, then it should NOT be in HAL.
There was a problem hiding this comment.
Ok, as discussed in the meeting, I have refactored the TPM API into spdm_crypt_ext_lib, guarded by the LIBSPDM_TPM_SUPPORT option.
itsManjeet
force-pushed
the
tpm-device-support
branch
6 times, most recently
from
abe5406 to
5630336
Compare
| ../spdm_device_secret_lib_sample/read_priv_key_raw_data.c | ||
| ../spdm_device_secret_lib_sample/read_priv_key_raw_data_pqc.c | ||
| read_pub_cert.c | ||
| ../spdm_device_secret_lib_sample/read_pub_cert_pqc.c |
There was a problem hiding this comment.
I am confused on the design.
Why we store traditional cert to TPM, but leave PQC cert to original file system?
itsManjeet
force-pushed
the
tpm-device-support
branch
from
5630336 to
9847cf6
Compare
Signed-off-by: Manjeet Singh <itsmanjeet1998@gmail.com>
itsManjeet
force-pushed
the
tpm-device-support
branch
from
9847cf6 to
0b46603
Compare
|
OK. The code looks good to me. May I know if you have validated that in spdm-emu, to ensure all test can still pass? |
Yes. The Github Action run passed successfully, and I have also updated the SPDM-EMU PR. Edited |
|
Fixed the issue. spdm-emu was not in sync with the latest libspdm changes, which caused the sample device CI to fail. |
2 participants
Add TPM 2.0 support in libspdm, enabling TPM-backed signing for the CHALLENGE_AUTH command. It also adds a sample_tpm device implementation to the spdm-emu codebase for testing and demonstrating TPM API usage. The sample device provides a reference implementation for integrating TPM operations within libspdm and serves as a foundation for further TPM feature development and validation.