Skip to content

Commit 97c2783

Browse files
bradlitterellBrad Litterell
andauthored
Trusted Computing Group (TCG) TPM Specification 1.83 Release reference code. (#262)
Co-authored-by: Brad Litterell <bradlit@microsoft.com>
1 parent b4133f2 commit 97c2783

609 files changed

Lines changed: 99763 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.azuredevops/cmake_build_win.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
# editing pipeline due to message in ADO about a bad trigger.
2+
3+
variables:
4+
- name: BuildOutput
5+
value: out
6+
- name: VerboseOutput
7+
value: true
8+
9+
strategy:
10+
matrix:
11+
windows_x86_openssl:
12+
imageName: windows-2019
13+
targetArchitecture: Win32
14+
cmakecryptoargs: -DcryptoLib_Symmetric=Ossl -DcryptoLib_Hash=Ossl -DcryptoLib_BnMath=Ossl -DcryptoLib_Math=TpmBigNum
15+
16+
pool:
17+
vmImage: $(imageName)
18+
19+
steps:
20+
- checkout: self
21+
submodules: true
22+
23+
24+
###################################################
25+
# Windows
26+
###################################################
27+
28+
# Use CMake to setup target build environment
29+
- task: CMake@1
30+
inputs:
31+
cmakeArgs: -S $(BUILD.SOURCESDIRECTORY)\TPMCmd -B $(BUILD.SOURCESDIRECTORY)\TPMCmd\$(BuildOutput) -G "Visual Studio 16 2019" -A $(targetArchitecture) $(cmakecryptoargs)
32+
displayName: CMake setup build environment
33+
condition: eq( variables['Agent.OS'], 'Windows_NT' )
34+
35+
# Use CMake to execute build
36+
- task: CMake@1
37+
inputs:
38+
cmakeArgs: --build $(BUILD.SOURCESDIRECTORY)\TPMCmd\$(BuildOutput)
39+
displayName: CMake build TPM2
40+
condition: eq( variables['Agent.OS'], 'Windows_NT' )

.clang-format

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
1+
---
2+
# Last formatted with clang-format version 17.0.3
3+
Language: Cpp
4+
BasedOnStyle: Microsoft
5+
AccessModifierOffset: -4
6+
# AlwaysBreak & BlockIndent are buggy
7+
# AlwaysBreak: https://github.com/llvm/llvm-project/issues/57241
8+
# BlockIndent: https://github.com/llvm/llvm-project/issues/57250
9+
# Align is widely the default and seems to work more reasonably.
10+
AlignAfterOpenBracket: Align
11+
AlignConsecutiveMacros: Consecutive
12+
AlignConsecutiveAssignments: AcrossEmptyLines
13+
AlignConsecutiveBitFields: AcrossEmptyLines
14+
AlignConsecutiveDeclarations: AcrossEmptyLines
15+
AlignEscapedNewlines: Left
16+
AlignOperands: Align
17+
BreakBeforeBinaryOperators: NonAssignment
18+
# style Microsoft is actually for C# but TPM code base historically uses ~80 chars
19+
ColumnLimit: 86
20+
# don't break after return types, though clang-format seems to have some issues
21+
# with this and still breaks after TPM_RC and some other types.
22+
# open issue with LLVM, no confirmation or workaround identified yet.
23+
AlwaysBreakAfterDefinitionReturnType: None
24+
AlwaysBreakAfterReturnType: None
25+
# we prefer one parameter per line since many parameters have comments
26+
# and binpacking will create extra inconsistency
27+
BinPackArguments: false
28+
BinPackParameters: false
29+
# Microsft standard C/C++ braces
30+
BreakBeforeBraces: Allman
31+
IncludeBlocks: Preserve
32+
IndentCaseLabels: true
33+
IndentCaseBlocks: false
34+
IndentGotoLabels: false
35+
# Before hash can misalign comments when IndentWidth and PPIndentWidth differ.
36+
IndentPPDirectives: AfterHash
37+
IndentWidth: 4
38+
PPIndentWidth: 2
39+
# resist line-length excursions
40+
PenaltyExcessCharacter: 100000
41+
# prefer not to break after '='' and '(' for function calls
42+
# can still happen based on length of components
43+
PenaltyBreakAssignment: 10
44+
PenaltyBreakBeforeFirstCallParameter: 1000
45+
# prefer to break a string constant rather than wrap the entire set of
46+
# array brackets and equal sign. If this is too high, can produce this:
47+
# const char somereallylongvariablename
48+
# [] = "...."
49+
# which is really weird.
50+
PenaltyBreakString: 10
51+
PenaltyBreakOpenParenthesis: 1
52+
# really dislike breaking after bare return type, wastes vertical space.
53+
PenaltyReturnTypeOnItsOwnLine: 100000000
54+
# FOO* bar, not FOO *bar
55+
PointerAlignment: Left
56+
# don't touch comments that might have MD tables or other
57+
# complex snippets
58+
ReflowComments: false
59+
# don't sort includes because we can't be sure includes are order-agnostic.
60+
SortIncludes: false
61+
SpaceAroundPointerQualifiers: Default
62+
SpacesBeforeTrailingComments: 2
63+
SpacesInConditionalStatement: false
64+
# current code is inconsistent, but a simple search for "if (" and "if("
65+
# shows false to be most consistent with existing TPM code by
66+
# about 2-to-1
67+
SpaceBeforeParens: false
68+
StatementMacros:
69+
- _Acquires_exclusive_lock_
70+
- _Acquires_lock_
71+
- _Function_class_
72+
- _IRQL_requires_
73+
- _Must_inspect_result_
74+
- _No_competing_thread_
75+
- _Post_same_lock_
76+
- _Post_writable_byte_size_
77+
- _Pre_satisfies_
78+
- _Releases_lock_
79+
- _Requires_exclusive_lock_held_
80+
- _Requires_lock_held_
81+
- _Requires_lock_not_held_
82+
- _Requires_shared_lock_held_
83+
- _Ret_maybenull_
84+
- _Success_
85+
- _Use_decl_annotations_
86+
- "DLPENTRY\n"
87+
TabWidth: 4
88+
TypenameMacros:
89+
- BN_STRUCT_DEF
90+
DeriveLineEnding: false
91+
UseCRLF: false
92+
UseTab: Never
93+
WhitespaceSensitiveMacros:
94+
- STRINGIZE
95+
- LIB_QUOTE
96+
- LIB_INCLUDE2
97+
- PROFILE_QUOTE
98+
...

.git-blame-ignore-revs

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# By default, the Github Blame UI ignores commits in this file.
2+
# To use this file locally, run either:
3+
# git blame --ignore-revs-file .git-blame-ignore-revs
4+
# git config blame.ignoreRevsFile .git-blame-ignore-revs
5+
6+
# https://github.com/TrustedComputingGroup/TPM-Internal/pull/4
7+
# Mass trim whitespace from .c & .h files, preserving line endings.
8+
705706aa59d777566159f346ce8bf04cac0fa64c
9+
10+
# https://github.com/TrustedComputingGroup/TPM-Internal/pull/2
11+
# Apply .clang-format
12+
c68483355e66d714266a3fe8cde8e12c907783b5
13+
14+
# https://github.com/TrustedComputingGroup/TPM-Internal/pull/21
15+
# Run clang-format on samples folder
16+
5d12e6e85290252ee141ecfba4eb5338d30300ee
17+
18+
# https://github.com/TrustedComputingGroup/TPM-Internal/pull/65
19+
# setup line normalization
20+
7ada6844eefed59c8d1eb53a27b43e7ca6b5bc1a
21+
# Apply clang-format.
22+
9a9eab4140ba61e3083996b8123c99cf94f66f57

.gitattributes

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
* text=auto
2+
*.json text eol=lf
3+
*.md text eol=lf
4+
*.c text eol=lf
5+
*.h text eol=lf
6+
*.py text eol=lf
7+
*.ps1 text eol=lf
8+
*.yml text eol=lf
9+
# not sure if VS likes LF in its project files
10+
*.vcproj text eol=crlf
11+
# ditto for CMD.exe
12+
*.cmd text eol=crlf
13+
*.sh text eol=lf
14+
15+
###############################################################################
16+
# behavior for image files
17+
###############################################################################
18+
*.drawio binary
19+
*.jpg binary
20+
*.png binary
21+
*.gif binary

.githooks/pre-commit

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
#!/bin/bash
2+
# run clang-format as a pre-commit hook.
3+
#
4+
# requires a specific path to clang-format be provided via git-config.
5+
# simply runs given clang-format with -style=file, expecting a .clang-format file
6+
# in the root of the repository. Format changes are automatically applied, but
7+
# any errors in this script result in commit failure.
8+
#
9+
# If reformatting the code undoes all the changes in the commit, then the commit will be blocked.
10+
# The only way around it is to use --no-verify. --allow-empty doesn't work because that
11+
# check happens prior to git calling the hook, and I don't know how to interrogate
12+
# the state of --allow-empty from inside the hook.
13+
#
14+
# this hook can be force-run on a segment of commits via rebase using exec. For example
15+
# this will replay and format all the commits on the current branch since commit c77fa657.
16+
# git rebase --strategy-option=theirs -x "git reset --soft HEAD~1 && git commit -C HEAD@{1}" --onto c77fa657 c77fa657
17+
#
18+
# this trick suggested by: # https://www.dlyr.fr/stuff/2021/03/magic-rebase-and-format/
19+
#
20+
# This hook has only been tested on Windows, and on Windows the path to clang-format should be a
21+
# Windows, not Linux format path, for example:
22+
#
23+
# >git config --local --add hooks.clangformat.path "c:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\bin\clang-format.exe"
24+
#
25+
# This should work on Windows and Linux (not-verified) if hooks.clangformat.path is set to "clang-format"
26+
# with clang-format already on your path.
27+
#
28+
# Redirect output to stderr.
29+
exec 1>&2
30+
# fail commit if hook fails
31+
set -e
32+
33+
CLANG_FORMAT=$(git config --get hooks.clangformat.path)
34+
if [ -z "${CLANG_FORMAT}" ]; then
35+
echo A path to clang-format must be set in hooks.clangformat.path
36+
exit 1
37+
fi
38+
39+
format_file() {
40+
file="${1}"
41+
echo "formatting ${file}"
42+
if [ -f $file ]; then
43+
# move working dir file out of the way
44+
mv ${file} ${file}.working
45+
# unstage the changes to be committed from the index
46+
git restore --worktree ${file}
47+
# and format it.
48+
"${CLANG_FORMAT}" -i --style=file ${file}
49+
# add back to index
50+
git add ${file}
51+
# replace pending worktree changes
52+
mv ${file}.working ${file}
53+
fi
54+
}
55+
56+
for file in `git diff-index --cached --name-only HEAD | grep -iE '\.(cpp|cc|c|h|hpp|inl)$' ` ; do
57+
format_file "${file}"
58+
done
59+
60+
# after formatting there may be no remaining (staged) changes
61+
# so check and abort commit if nothing remains.
62+
set +e
63+
# Assume something remains
64+
EXIT_CODE=0
65+
# sets $? to 1 if anything is different
66+
git diff-index --cached --exit-code HEAD
67+
if [ $? -eq 0 ]; then
68+
# nothing remains, fail hook
69+
echo No changes remain after auto-format hook. Aborting commit...
70+
EXIT_CODE=1
71+
fi
72+
exit ${EXIT_CODE}

.github/CODEOWNERS

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
2+
# Each line is a file pattern followed by one or more owners.
3+
4+
# These owners will be the default owners for everything in
5+
# the repo. Unless a later match takes precedence,
6+
# These will be requested for review when someone opens a pull request.
7+
* @chrisfenner @bradlitterell @N7JTI @bluegate010 @liranper @amycnelson

.github/workflows/docker-check.yml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
name: docker build validation
2+
3+
on:
4+
# Allows you to run this workflow manually from the Actions tab
5+
workflow_dispatch:
6+
7+
jobs:
8+
build-validation:
9+
10+
runs-on: ubuntu-latest
11+
permissions:
12+
contents: read
13+
14+
steps:
15+
- name: Checkout repository
16+
uses: actions/checkout@v3
17+
18+
- name: Setup Docker buildx
19+
uses: docker/setup-buildx-action@v1
20+
21+
# Build the Docker image (native platform only) to check the build.
22+
# Don't build cross-platform as it takes 10x as long.
23+
# https://github.com/docker/build-push-action
24+
- name: Build and push Docker image
25+
id: build-and-push
26+
uses: docker/build-push-action@v3
27+
with:
28+
context: .
29+
push: false
30+
tags: ${{ steps.meta.outputs.tags }}
31+
labels: ${{ steps.meta.outputs.labels }}
Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
name: publish container
2+
3+
on:
4+
push:
5+
# Publish semver tags as releases.
6+
tags: [ 'v*.*.*' ]
7+
8+
env:
9+
# Use docker.io for Docker Hub if empty
10+
REGISTRY: ghcr.io
11+
# github.repository as <account>/<repo>
12+
IMAGE_NAME: ${{ github.repository }}
13+
14+
15+
jobs:
16+
publish-container:
17+
18+
runs-on: ubuntu-latest
19+
permissions:
20+
contents: read
21+
packages: write
22+
23+
steps:
24+
- name: Checkout repository
25+
uses: actions/checkout@v3
26+
27+
# Set up QEMU for cross-platform builds below
28+
- name: Set up QEMU
29+
id: qemu
30+
uses: docker/setup-qemu-action@v1
31+
with:
32+
image: tonistiigi/binfmt:latest
33+
platforms: all
34+
35+
- name: Setup Docker buildx
36+
uses: docker/setup-buildx-action@v2
37+
38+
# Extract metadata (tags, labels) for Docker
39+
# https://github.com/docker/metadata-action
40+
- name: Extract Docker metadata
41+
id: meta
42+
uses: docker/metadata-action@v4
43+
with:
44+
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
45+
tags: |
46+
type=semver,pattern=r{{version}}
47+
48+
# Login against a Docker registry
49+
# https://github.com/docker/login-action
50+
- name: Log into registry ${{ env.REGISTRY }}
51+
uses: docker/login-action@v2
52+
with:
53+
registry: ${{ env.REGISTRY }}
54+
username: ${{ github.actor }}
55+
password: ${{ secrets.GITHUB_TOKEN }}
56+
57+
# Build and push Docker image with Buildx
58+
# https://github.com/docker/build-push-action
59+
- name: Build and push Docker image
60+
id: build-and-push
61+
uses: docker/build-push-action@v3
62+
with:
63+
context: .
64+
platforms: linux/amd64,linux/arm64
65+
push: true
66+
tags: ${{ steps.meta.outputs.tags }}
67+
labels: ${{ steps.meta.outputs.labels }}

0 commit comments

Comments
 (0)