Skip to content

Fix TPM Linux read() return code handling #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
embhorn merged 1 commit into from
Sep 3, 2025
Merged

Fix TPM Linux read() return code handling #434

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 42 additions & 24 deletions src/tpm2_linux.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,22 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)
#include <errno.h>
#include <string.h>


/* TPM Device Path Configuration:
* - /dev/tpm0: TPM raw device (default)
* - /dev/tpmrm0: TPM resource manager (requires kernel 5.12+)
* Enabled with WOLFTPM_USE_TPMRM
*/
#ifndef TPM2_LINUX_DEV
#define TPM2_LINUX_DEV "/dev/tpm0"
#ifdef WOLFTPM_USE_TPMRM
#define TPM2_LINUX_DEV "/dev/tpmrm0"
#else
#define TPM2_LINUX_DEV "/dev/tpm0"
#endif
#endif

#ifndef TPM2_LINUX_DEV_POLL_TIMEOUT
#define TPM2_LINUX_DEV_POLL_TIMEOUT -1 /* Infinite time for poll events */
#endif

/* Linux kernels older than v4.20 (before December 2018) do not support
* partial reads. The only way to receive a complete response is to read
Expand All @@ -111,7 +121,7 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)
int fd;
int rc_poll, nfds = 1; /* Polling single TPM dev file */
struct pollfd fds;
size_t rspSz = 0;
int rspSz = 0;

#ifdef WOLFTPM_DEBUG_VERBOSE
printf("Command size: %d\n", packet->pos);
Expand All @@ -127,47 +137,55 @@ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)
/* Wait for response to be available */
rc_poll = poll(&fds, nfds, TPM2_LINUX_DEV_POLL_TIMEOUT);
if (rc_poll > 0 && fds.revents == POLLIN) {
rspSz = read(fd, packet->buf, packet->size);
ssize_t ret = read(fd, packet->buf, packet->size);
/* The caller parses the TPM_Packet for correctness */
if (rspSz >= TPM2_HEADER_SIZE) {
if (ret >= TPM2_HEADER_SIZE) {
/* Enough bytes for a TPM response */
rspSz = (int)ret;
rc = TPM_RC_SUCCESS;
}
#ifdef DEBUG_WOLFTPM
else if (rspSz == 0) {
printf("Received EOF instead of TPM response.\n");
}
else
{
printf("Failed to read from TPM device %d, got errno %d"
" = %s\n", fd, errno, strerror(errno));
#ifdef DEBUG_WOLFTPM
printf("Received EOF(0) from %s: errno %d = %s\n",
TPM2_LINUX_DEV, errno, strerror(errno));
#endif
}
else {
#ifdef DEBUG_WOLFTPM
printf("Failed to read from %s: errno %d = %s\n",
TPM2_LINUX_DEV, errno, strerror(errno));
#endif
rc = TPM_RC_FAILURE;
}
}
#ifdef WOLFTPM_DEBUG_VERBOSE
else {
printf("Failed to get a response from fd %d, got errno %d ="
"%s\n", fd, errno, strerror(errno));
#ifdef DEBUG_WOLFTPM
printf("Failed poll on %s: errno %d = %s\n",
TPM2_LINUX_DEV, errno, strerror(errno));
#endif
rc = TPM_RC_FAILURE;
}
#endif
}
#ifdef WOLFTPM_DEBUG_VERBOSE
else {
printf("Failed to send the TPM command to fd %d, got errno %d ="
"%s\n", fd, errno, strerror(errno));
}
#ifdef DEBUG_WOLFTPM
printf("Failed write to %s: errno %d = %s\n",
TPM2_LINUX_DEV, errno, strerror(errno));
#endif
rc = TPM_RC_FAILURE;
}

close(fd);
}
#ifdef DEBUG_WOLFTPM
else if (fd == -1 && errno == EACCES) {
printf("Permission denied. Use sudo or change the user group.\n");
printf("Permission denied on %s\n"
"Use sudo or add tss group to user.\n", TPM2_LINUX_DEV);
}
else {
perror("Failed to open device");
#ifdef DEBUG_WOLFTPM
printf("Failed to open %s: errno %d = %s\n",
TPM2_LINUX_DEV, errno, strerror(errno));
#endif
}
#endif

#ifdef WOLFTPM_DEBUG_VERBOSE
if (rspSz > 0) {
Expand Down
Loading