Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve TPM provider #168

Merged
merged 1 commit into from
May 6, 2020
Merged

Improve TPM provider #168

merged 1 commit into from
May 6, 2020

Conversation

ionut-arm
Copy link
Member

This commit includes a couple of fixes in the TPM provider.

  • the TSS crate used has been updated to the latest one, including a few
    functionality updates; this now allows the session hash algorithm and
    the cipher used for sessions and primary key
  • more control over the format of the authentication value is now
    offered to admins; more precisely, they can provide string versions of
    hex values, prefixed by "hex:"

Signed-off-by: Ionut Mihalcea ionut.mihalcea@arm.com

Fixes #120
Fixes #121

@ionut-arm ionut-arm added the enhancement New feature or request label May 4, 2020
@ionut-arm ionut-arm added this to the Parsec production ready milestone May 4, 2020
@ionut-arm ionut-arm requested a review from hug-dev May 4, 2020 16:33
@ionut-arm ionut-arm self-assigned this May 4, 2020
@ionut-arm
Improve TPM provider
c6d339b 
This commit includes a couple of fixes in the TPM provider.
* the TSS crate used has been updated to the latest one, including a few
functionality updates; this now allows the session hash algorithm and
the cipher used for sessions and primary key
* more control over the format of the authentication value is now
offered to admins; more precisely, they can provide string versions of
hex values, prefixed by "hex:"

Signed-off-by: Ionut Mihalcea <ionut.mihalcea@arm.com>
hug-dev
hug-dev approved these changes May 5, 2020
View reviewed changes
config.toml
# be empty, however we strongly suggest that you use a secure passcode.
# To align with TPM tooling, PARSEC allows "owner_hierarchy_auth" to have a prefix indicating a string value,
# e.g. "str:password", or to represent a string version of a hex value, e.g. "hex:1a2b3c". If no prefix is
# provided, the value is considered to be a string.
#owner_hierarchy_auth = "password"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we set str:password as default?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could, but as stated above it's not really needed

e2e_tests/provider_cfg/tpm/config.toml
@@ -16,4 +16,4 @@ manager_type = "OnDisk"
provider_type = "Tpm"
key_info_manager = "on-disk-manager"
tcti = "mssim"
owner_hierarchy_auth = "tpm_pass"
owner_hierarchy_auth = "hex:74706d5f70617373" # "tpm_pass" in hex
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that different from "str:tpm_pass"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it isn't, just wanted to test it.

@ionut-arm ionut-arm merged commit aae746c into parallaxsecond:master May 6, 2020
@ionut-arm ionut-arm deleted the tpm_fixes branch May 6, 2020 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hug-dev hug-dev hug-dev approved these changes

Assignees

@ionut-arm ionut-arm

Labels
enhancement New feature or request
Projects
None yet
Milestone
Parsec production ready
2 participants
@ionut-arm @hug-dev