-
Notifications
You must be signed in to change notification settings - Fork 145
Control Channel Specification
The control channel of the swtpm allows out-of-band control of certain life-cycle operations of the TPM 1.2 and TPM 2 in the swtpm programs. The swtpm data channel on the other hand accepts the plain TPM 1.2 and TPM 2 commands as specified by the Trusted Computing Group and enables TrouserS and other tools to directly talk to the swtpm. This specification focuses on the control channel operations (commands) and the commands' data structures.
The swtpm control channel supports the following types of operations:
- Indication of implemented control commands
- Initialization of the TPM
- Shutdown of swtpm process
- Stopping the TPM
- Getting the TPM Establishment bit
- Resetting the TPM Establishment bit
- Getting and setting of the TPM state blobs (permanent, volatile, and save state)
- Setting the locality
- Cancellation of an ongoing TPM command
- Getting configuration flags
- Hash operations on PCR 17
- TPM buffer size negotiation
Control channel operations are sent over a binary protocol using different types of interfaces as implemented by the swtpm programs. In case of a character device control commands are sent using ioctl and the command code is encoded in the ioctl code. In case a command is sent over a local (Unix) or TCP socket, the command code is found in the first 4 bytes of the packet. Command codes used by an ioctl are prefixed with PTM_ and those used in packets sent over sockets are prefixed by CMD_.
To avoid duplication of content, please consult the following man page for details about the control channel: swtpm_ioctls.pod