Skip to content

Sanitize tss version number too #604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mcr wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Sanitize tss version number too #604

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions tss-esapi/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# TPM2 Software Stack Rust Wrapper
# TPM2 Software Stack Rust Wrapper

<p align="center">
<a href="https://crates.io/crates/tss-esapi"><img alt="Crates.io" src="https://img.shields.io/crates/v/tss-esapi"></a>
<a href="https://docs.rs/tss-esapi"><img src="https://docs.rs/tss-esapi/badge.svg" alt="Code documentation"/></a>
<a href="https://codecov.io/gh/parallaxsecond/rust-tss-esapi"><img src="https://codecov.io/gh/parallaxsecond/rust-tss-esapi/branch/main/graph/badge.svg?token=5T7SVCHWFE"/></a>
</p>

This is the high-level, Rust idiomatic wrapper crate that exposes an interface
This is the high-level, Rust idiomatic wrapper crate that exposes an interface
to [TSS](https://github.com/tpm2-software/tpm2-tss).

This crate depends on the [`tss-esapi-sys`](../tss-esapi-sys/) crate for its
FFI interface. By default, pre-generated bindings are used. If you'd like the
bindings to be generated at build time, please enable either the
bindings to be generated at build time, please enable either the
`generate-bindings` feature - the FFI bindings will then be generated at build
time using the headers identified on the system.

Expand All @@ -31,7 +31,7 @@ The crate currently offers the following features:
* `abstraction` (enabled by default) - provides a set of abstracted primitives
on top of the basic Rust-native ESAPI API provided by the crate. This feature
can be turned off to reduce the number of dependencies built.
* `serde` - enable serde `Serialize`/`Deserialize` traits for types.
* `serde` - enable serde `Serialize`/`Deserialize` traits for types.
* `rustcrypto-full` (disabled by default) - provides conversion from all
supported elliptic curves, rsa or hashes.
Support for individual hash, rsa or curves can be pulled individually.
Expand All @@ -45,4 +45,11 @@ The crate currently offers the following features:

For more information on cross-compiling the `tss-esapi` crate, please see the README of the `tss-esapi-sys` crate.

## Building against libtss2

The [TSS](https://github.com/tpm2-software/tpm2-tss) library can be installed from Debian, RPM, or other packaging manager.
It will install a pkg-config definition to indicate how to compile and link against the library.
When it is installed via source, and/or if it has been edited (such as to debug things), then the version number will be marked with the git commit (and dirty flag). The resulting version string is unfortunately not compatible with the semver parser/comparing mechanism, and it can be rejected.
Setting the environment variable TPM2\_TSS\_VERSION\_IGNORE\_PRERELEASE to a non-empty string will cause the build system to ignore this pre-release information.
Copy link
Collaborator

@wiktor-k wiktor-k Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Setting the environment variable TPM2\_TSS\_VERSION\_IGNORE\_PRERELEASE to a non-empty string will cause the build system to ignore this pre-release information.
Setting the environment variable `TPM2_TSS_VERSION_IGNORE_PRERELEASE` to a non-empty string will cause the build system to ignore this pre-release information.


*Copyright 2021 Contributors to the Parsec project.*
13 changes: 10 additions & 3 deletions tss-esapi/build.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
// Copyright 2021 Contributors to the Parsec project.
// SPDX-License-Identifier: Apache-2.0
use semver::{Version, VersionReq};
use semver::{Prerelease, Version, VersionReq};

const TPM2_TSS_MINIMUM_VERSION: Version = Version::new(4, 1, 3);
const TPM2_TSS_VERSION_IGNORE_PRERELEASE: &str = "TPM2_TSS_VERSION_IGNORE_PRERELEASE";

fn main() {
println!("cargo:rustc-check-cfg=cfg(hierarchy_is_esys_tr)");
Expand All @@ -20,15 +21,21 @@ fn main() {
.expect("Failed to parse ENV variable DEP_TSS2_ESYS_VERSION as string");

Version::parse(&tss_version_string)
.expect("Failed to parse the DEP_TSS2_ESYS_VERSION variable as a semver version")
.map(|mut v| {
if std::env::var(TPM2_TSS_VERSION_IGNORE_PRERELEASE).is_ok() {
v.pre = Prerelease::EMPTY;
}
v
})
.expect("Failed to parse the DEP_TSS2_ESYS_VERSION variable {tss_version_string} as a semver version")
};

let supported_tss_version =
VersionReq::parse("<5.0.0, >=2.3.3").expect("Failed to parse supported TSS version");

assert!(
supported_tss_version.matches(&tss_version),
"Unsupported TSS version {tss_version}"
"Unsupported TSS version {tss_version}, maybe try {TPM2_TSS_VERSION_IGNORE_PRERELEASE}=true"
Copy link
Collaborator

@wiktor-k wiktor-k Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"Unsupported TSS version {tss_version}, maybe try {TPM2_TSS_VERSION_IGNORE_PRERELEASE}=true"
"Unsupported TSS version {tss_version}, maybe try setting the environment variable {TPM2_TSS_VERSION_IGNORE_PRERELEASE}=true"

);

let hierarchy_is_esys_tr_req = VersionReq::parse(">=3.0.0").unwrap();
Expand Down