Fixes for using Windows TBS API. The wolfTPM2_NVStoreKey should return TPM_RC_COMMAND_CODE or TPM_E_COMMAND_BLOCKED for the WOLFTPM_IS_COMMAND_UNAVAILABLE macro. Add better enable option name --enable-wintbs (currently is --enable-winapi.

dgarske · dgarske · commit f35dbbbb3057 · 2023-10-30T10:06:17.000-07:00
diff --git a/configure.ac b/configure.ac
@@ -241,13 +241,17 @@ then
 fi
 
 # Windows TBS device Support
+AC_ARG_ENABLE([wintbs],,
+    [ ENABLED_WINTBS=$enableval ],
+    [ ENABLED_WINTBS=no ]
+    )
 AC_ARG_ENABLE([winapi],
     [AS_HELP_STRING([--enable-winapi],[Enable use of TPM through Windows driver (default: disabled)])],
     [ ENABLED_WINAPI=$enableval ],
     [ ENABLED_WINAPI=no ]
     )
 
-if test "x$ENABLED_WINAPI" = "xyes"
+if test "x$ENABLED_WINAPI" = "xyes" || test "x$ENABLED_WINTBS" = "xyes"
 then
     if test "x$ENABLED_DEVTPM" = "xyes" -o "x$ENABLED_SWTPM" = "xyes"
     then
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -3306,7 +3306,7 @@ int wolfTPM2_NVStoreKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle,
             printf("TPM2_EvictControl (storing key to NV) not allowed on "
                    "Windows TBS (err 0x%x)\n", rc);
         #endif
-            rc = TPM_RC_NV_UNAVAILABLE;
+            rc = TPM_RC_COMMAND_CODE;
         }
     #endif
 

Original file line number	Diff line number	Diff line change
`@@ -3306,7 +3306,7 @@ int wolfTPM2_NVStoreKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle,`
`3306`	`3306`	`printf("TPM2_EvictControl (storing key to NV) not allowed on "`
`3307`	`3307`	`"Windows TBS (err 0x%x)\n", rc);`
`3308`	`3308`	`#endif`
`3309`		`- rc = TPM_RC_NV_UNAVAILABLE;`
	`3309`	`+ rc = TPM_RC_COMMAND_CODE;`
`3310`	`3310`	`}`
`3311`	`3311`	`#endif`
`3312`	`3312`