--- a/components/trousers/patches/svrside.c.patch Tue Dec 13 13:42:07 2011 -0800
+++ b/components/trousers/patches/svrside.c.patch Tue Dec 13 13:58:15 2011 -0800
@@ -1,11 +1,12 @@
---- src/tcsd/svrside.c.orig Thu Jan 21 15:18:55 2010
-+++ src/tcsd/svrside.c Thu Jan 28 17:37:07 2010
-@@ -27,6 +27,13 @@
+--- src/tcsd/svrside.c Wed Jun 9 13:19:00 2010
++++ src/tcsd/svrside.c.new Thu Dec 8 12:58:00 2011
+@@ -27,6 +27,14 @@
#include <arpa/inet.h>
#include <errno.h>
#include <getopt.h>
+#ifdef SOLARIS
+#include <priv.h>
++#include <fcntl.h>
+#endif
+#ifndef HAVE_DAEMON
+#include <fcntl.h>
@@ -14,12 +15,103 @@
#include "trousers/tss.h"
#include "trousers_types.h"
#include "tcs_tsp.h"
-@@ -207,6 +214,79 @@
+@@ -44,6 +52,11 @@
+ static volatile int hup = 0, term = 0;
+ extern char *optarg;
+
++#ifdef SOLARIS
++static int
++get_event_log_from_kernel();
++#endif
++
+ static void
+ tcsd_shutdown(void)
+ {
+@@ -170,6 +183,10 @@
+ (void)req_mgr_final();
+ return result;
+ }
++#ifdef SOLARIS
++ /* Not fatal if this fails */
++ (void) get_event_log_from_kernel();
++#endif
+
+ result = owner_evict_init();
+ if (result != TSS_SUCCESS) {
+@@ -208,6 +225,147 @@
}
+#ifdef SOLARIS
+
++extern int get_device_fd();
++
++#define TPM_IOCTL_GETEVTABLE 1
++struct tpm_evtable_ioblk {
++ uint32_t buflen;
++ caddr_t buf;
++};
++
++static int
++store_eventlog(char *filename, struct tpm_evtable_ioblk *evlog)
++{
++ int fd;
++ int bytes = 0;
++
++ fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0600);
++ if (fd == -1) {
++ LogError("Error opening logfile %s: %s", filename,
++ strerror(errno));
++ return (-1);
++ }
++ while (bytes < evlog->buflen) {
++ int n;
++ n = write(fd, evlog->buf, evlog->buflen - bytes);
++ if (n == -1 && errno != EAGAIN) {
++ LogError("Error writing logfile %s: %s",
++ filename, strerror(errno));
++ close(fd);
++ return (-1);
++ }
++ if (n != -1)
++ bytes += n;
++ }
++ close(fd);
++
++ return (0);
++}
++
++static int
++get_event_log_from_kernel()
++{
++ int fd = get_device_fd();
++ struct tpm_evtable_ioblk ioblk;
++
++ if (fd == -1)
++ return (-1);
++
++ (void) memset(&ioblk, 0, sizeof (ioblk));
++ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
++ LogDebug("Cannot get event log from kernel: %s",
++ strerror(errno));
++ return (-1);
++ }
++ if (ioblk.buflen == 0)
++ return (0);
++
++ ioblk.buf = calloc(1, ioblk.buflen);
++ if (ioblk.buf == NULL) {
++ return (-1);
++ }
++ if (ioctl(fd, TPM_IOCTL_GETEVTABLE, &ioblk)) {
++ free(ioblk.buf);
++ LogDebug("Cannot get event log from kernel: %s",
++ strerror(errno));
++ return (-1);
++ }
++
++ return (store_eventlog(tcsd_options.firmware_log_file, &ioblk));
++}
+/*
+ * For Solaris, make the tcsd privilege aware and drop
+ * risky privileges if they are not needed.
@@ -94,7 +186,7 @@
int
main(int argc, char **argv)
{
-@@ -222,6 +302,9 @@
+@@ -223,6 +381,9 @@
{"foreground", 0, NULL, 'f'},
{0, 0, 0, 0}
};
@@ -102,9 +194,9 @@
+ int rv;
+#endif
- while ((c = getopt_long(argc, argv, "fh", long_options, &option_index)) != -1) {
- switch (c) {
-@@ -287,6 +372,11 @@
+ unsetenv("TCSD_USE_TCP_DEVICE");
+ while ((c = getopt_long(argc, argv, "fhe", long_options, &option_index)) != -1) {
+@@ -294,6 +455,11 @@
return -1;
}
}
--- a/components/trousers/patches/tcsd.conf.in.patch Tue Dec 13 13:42:07 2011 -0800
+++ b/components/trousers/patches/tcsd.conf.in.patch Tue Dec 13 13:58:15 2011 -0800
@@ -1,11 +1,19 @@
---- dist/tcsd.conf.in.old Thu Apr 7 07:53:52 2011
-+++ dist/tcsd.conf.in Thu Apr 7 07:55:18 2011
-@@ -54,7 +54,7 @@
+--- dist/tcsd.conf.in Thu Jan 28 08:27:50 2010
++++ dist/tcsd.conf.in.new Fri Nov 18 10:35:22 2011
+@@ -37,6 +37,7 @@
+ #
+ # firmware_log_file = /sys/kernel/security/tpm0/binary_bios_measurements
+ #
++firmware_log_file=/var/tpm/system/pcrevent.log
+
+ # Option: kernel_log_file
+ # Values: Any absolute directory path
+@@ -54,7 +55,7 @@
# Description: A list of PCR indices that are manipulated only by the system
# firmware and therefore are not extended or logged by the TCSD.
#
-# firmware_pcrs =
-+firmware_pcrs =0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
++firmware_pcrs =0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,20,21
#
# Option: kernel_pcrs
--- a/components/trousers/patches/tddl.c.patch Tue Dec 13 13:42:07 2011 -0800
+++ b/components/trousers/patches/tddl.c.patch Tue Dec 13 13:58:15 2011 -0800
@@ -1,5 +1,5 @@
---- src/tddl/tddl.c.old 2010-04-12 22:24:21.000000000 -0700
-+++ src/tddl/tddl.c 2011-07-12 13:14:57.362305220 -0700
+--- src/tddl/tddl.c Mon Apr 12 22:24:21 2010
++++ src/tddl/tddl.c.new Thu Sep 22 12:28:25 2011
@@ -18,13 +18,17 @@
#include "trousers/tss.h"
@@ -18,7 +18,21 @@
{"/dev/tpm", TDDL_UNDEF, TDDL_UNDEF},
{NULL, 0, 0}
};
-@@ -63,7 +67,7 @@
+@@ -42,6 +46,13 @@
+ #include <netdb.h>
+ #include <fcntl.h>
+
++#ifdef SOLARIS
++int
++get_device_fd()
++{
++ return (opened_device->fd);
++}
++#endif
+
+ int
+ open_device()
+@@ -63,7 +74,7 @@
fd = socket(AF_INET, SOCK_STREAM, 0);
@@ -27,7 +41,7 @@
struct hostent *host = gethostbyname(tcp_device_hostname);
if (host != NULL) {
struct sockaddr_in addr;
-@@ -105,12 +109,16 @@
+@@ -105,12 +116,16 @@
/* tpm_device_paths is filled out in tddl.h */
for (i = 0; tpm_device_nodes[i].path != NULL; i++) {
errno = 0;
@@ -47,7 +61,7 @@
opened_device = &(tpm_device_nodes[i]);
tpm_device_nodes[i].fd = fd;
}
-@@ -181,11 +189,13 @@
+@@ -181,11 +196,13 @@
/* fall through */
case TDDL_TRANSMIT_IOCTL:
errno = 0;
@@ -61,7 +75,7 @@
LogInfo("Falling back to Read/Write device support.");
/* fall through */
case TDDL_TRANSMIT_RW:
-@@ -255,6 +265,7 @@
+@@ -255,6 +272,7 @@
TSS_RESULT Tddli_Cancel(void)
{
@@ -69,7 +83,7 @@
int rc;
if (opened_device->transmit == TDDL_TRANSMIT_IOCTL) {
-@@ -270,4 +281,7 @@
+@@ -270,4 +288,7 @@
} else {
return TDDLERR(TSS_E_NOTIMPL);
}