diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c index 6ebaa9987..89e5d101d 100644 --- a/lib/tpm2_options.c +++ b/lib/tpm2_options.c @@ -434,44 +434,43 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv, * SAPI */ bool is_sapi = - (!tool_opts || !tool_opts->flags); + !tool_opts || !(tool_opts->flags & TPM2_OPTIONS_NO_SAPI); - /* - * NO_SAPI - */ - bool is_no_sapi = - (tool_opts && tool_opts->flags & TPM2_OPTIONS_NO_SAPI); - /* tool doesn't use sapi, skip tcti checks and continue */ - if (is_no_sapi) { + bool is_optional_sapi = + (tool_opts && (tool_opts->flags & TPM2_OPTIONS_OPTIONAL_SAPI)); + + /* tool doesn't REQUIRE the use sapi, skip tcti checks and continue */ + if (!is_sapi && !is_optional_sapi) { if (flags->tcti_none && !flags->quiet) { LOG_WARN("Tool does not use SAPI. Continuing with tcti=none"); } goto out; } - /* - * OPTIONAL_SAPI - */ - bool is_optional_sapi = - (tool_opts && tool_opts->flags & TPM2_OPTIONS_OPTIONAL_SAPI); + bool is_fake_tcti = (flags->tcti_none && tool_opts && + (tool_opts->flags & TPM2_OPTIONS_FAKE_TCTI)); /* - * Actions when tcti is "none" + * get the TCTI variable from the env if user didn't specify + * on command line. We cant' use flags->tcti_none until we + * check the env! */ bool is_tcti_from_env = - (!is_no_sapi && tcti_conf_option == 0); + ((is_sapi || is_optional_sapi) && !tcti_conf_option); if (is_tcti_from_env) { tcti_conf_option = tpm2_util_getenv(TPM2TOOLS_ENV_TCTI); + flags->tcti_none = !strcmp(tcti_conf_option, "none"); } - if (flags->tcti_none && is_sapi) { + /* A tool the needs a SAPI (and not a fake one) should fail */ + if (flags->tcti_none && !is_fake_tcti && !is_optional_sapi && is_sapi) { LOG_ERR("Requested no tcti, but tool requires TCTI."); rc = tpm2_option_code_err; goto out; } /* tool doesn't request a sapi, don't initialize one */ - if (flags->tcti_none && is_optional_sapi) { + if (flags->tcti_none && is_optional_sapi && !is_fake_tcti) { if (!flags->quiet) { LOG_WARN("Tool optionally uses SAPI. Continuing with tcti=none"); } @@ -491,9 +490,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv, .finalize = tcti_fake_finalize }; - bool is_optional_fake_tcti = (flags->tcti_none && tool_opts && - tool_opts->flags & TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); - if (is_optional_fake_tcti) { + if (is_fake_tcti) { if (!flags->quiet) { LOG_WARN("Tool optionally uses SAPI. Continuing with tcti=fake"); } diff --git a/lib/tpm2_options.h b/lib/tpm2_options.h index 666a0edc2..f678dc9a8 100644 --- a/lib/tpm2_options.h +++ b/lib/tpm2_options.h @@ -65,9 +65,9 @@ typedef bool (*tpm2_arg_handler)(int argc, char **argv); * TPM2_OPTIONS_NO_SAPI: * Skip SAPI initialization. Removes the "-T" common option. */ -#define TPM2_OPTIONS_NO_SAPI 0x1 -#define TPM2_OPTIONS_OPTIONAL_SAPI 0x2 -#define TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI 0x4 +#define TPM2_OPTIONS_NO_SAPI (1 << 0) +#define TPM2_OPTIONS_OPTIONAL_SAPI (1 << 1) +#define TPM2_OPTIONS_FAKE_TCTI (1 << 3) struct tpm2_options { struct { diff --git a/tools/tpm2_nvcertify.c b/tools/tpm2_nvcertify.c index 6b2cc3df3..72e604706 100644 --- a/tools/tpm2_nvcertify.c +++ b/tools/tpm2_nvcertify.c @@ -345,7 +345,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -535,7 +535,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:c:p:g:s:f:o:q:S:n:", ARRAY_LEN(topts), topts, - on_option, on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_option, on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvdefine.c b/tools/tpm2_nvdefine.c index 345e389db..8b654e81a 100644 --- a/tools/tpm2_nvdefine.c +++ b/tools/tpm2_nvdefine.c @@ -494,7 +494,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("S:C:s:a:P:p:L:g:", ARRAY_LEN(topts), topts, - on_option, on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_option, on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvextend.c b/tools/tpm2_nvextend.c index fcba07d6b..3cf14550a 100644 --- a/tools/tpm2_nvextend.c +++ b/tools/tpm2_nvextend.c @@ -282,7 +282,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("S:C:P:i:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvincrement.c b/tools/tpm2_nvincrement.c index ec4066b9f..c411fa672 100644 --- a/tools/tpm2_nvincrement.c +++ b/tools/tpm2_nvincrement.c @@ -201,7 +201,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -292,7 +292,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvread.c b/tools/tpm2_nvread.c index d330c4412..87b1be098 100644 --- a/tools/tpm2_nvread.c +++ b/tools/tpm2_nvread.c @@ -221,7 +221,7 @@ static tool_rc check_options(tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -361,7 +361,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:s:o:P:n:S:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); if (ctx.is_yaml) { ctx.offset = 0; diff --git a/tools/tpm2_nvreadlock.c b/tools/tpm2_nvreadlock.c index 5b2234ad3..387e6f383 100644 --- a/tools/tpm2_nvreadlock.c +++ b/tools/tpm2_nvreadlock.c @@ -186,7 +186,7 @@ static tool_rc check_options(tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -278,7 +278,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvreadpublic.c b/tools/tpm2_nvreadpublic.c index 42db19007..2a1b0c2ac 100644 --- a/tools/tpm2_nvreadpublic.c +++ b/tools/tpm2_nvreadpublic.c @@ -291,7 +291,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -381,7 +381,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("S:n:", ARRAY_LEN(topts), topts, on_option, on_arg, - TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + TPM2_OPTIONS_FAKE_TCTI); return *opts != 0; } diff --git a/tools/tpm2_nvsetbits.c b/tools/tpm2_nvsetbits.c index 8665b1648..841753a5b 100644 --- a/tools/tpm2_nvsetbits.c +++ b/tools/tpm2_nvsetbits.c @@ -283,7 +283,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:i:S:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvundefine.c b/tools/tpm2_nvundefine.c index 62086c681..3e8e77ea3 100644 --- a/tools/tpm2_nvundefine.c +++ b/tools/tpm2_nvundefine.c @@ -265,7 +265,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -413,7 +413,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvwrite.c b/tools/tpm2_nvwrite.c index ec7f23870..e29ca8a3f 100644 --- a/tools/tpm2_nvwrite.c +++ b/tools/tpm2_nvwrite.c @@ -295,7 +295,7 @@ static tool_rc check_options(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -432,7 +432,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:i:S:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; } diff --git a/tools/tpm2_nvwritelock.c b/tools/tpm2_nvwritelock.c index d0591b375..6b6c87c06 100644 --- a/tools/tpm2_nvwritelock.c +++ b/tools/tpm2_nvwritelock.c @@ -214,7 +214,7 @@ static tool_rc check_options(tpm2_option_flags flags) { * none we fall back to the old behavior of reading from a define NV index * * Also, tcti is setup to a fake_tcti when tcti is specified "none" as the - * tool option affords TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI. + * tool option affords TPM2_OPTIONS_FAKE_TCTI. * * If NVindex name is not specified and tcti is not none, it is expected * that the NV index is actually define. This behavior complies with the @@ -313,7 +313,7 @@ static bool tpm2_tool_onstart(tpm2_options **opts) { }; *opts = tpm2_options_new("C:P:S:n:", ARRAY_LEN(topts), topts, on_option, - on_arg, TPM2_OPTIONS_OPTIONAL_SAPI_AND_FAKE_TCTI); + on_arg, TPM2_OPTIONS_FAKE_TCTI); return *opts != NULL; }