Fixes for CI (now that fwtpm is enabled by default on intel/armv8)

Author: dgarske

.github/workflows/coverity-scan-fixes.yml

@@ -24,7 +24,7 @@ jobs:
       run: ./autogen.sh
     - name: wolfssl configure
       working-directory: ./wolfssl
-      run: ./configure --enable-wolftpm
+      run: ./configure --enable-wolftpm --enable-pkcallbacks --enable-keygen CFLAGS="-DWC_RSA_NO_PADDING"
     - name: wolfssl make
       working-directory: ./wolfssl
       run: make

.github/workflows/make-test-swtpm.yml

@@ -16,7 +16,7 @@ jobs:
         # wolfssl_config: --enable-wolftpm --enable-pkcallbacks
         # wolfssl_cflags: ""
         # wolfssl_ref: master
-        # wolftpm_config: --enable-swtpm
+        # wolftpm_config: --enable-swtpm --disable-fwtpm
         # wolftpm_cflags: ""
         # test_command: "true"
         # needs_swtpm: true
@@ -41,101 +41,101 @@ jobs:
 
           # No wolfCrypt
           - name: no-wolfcrypt
-            wolftpm_config: --enable-swtpm --disable-wolfcrypt
+            wolftpm_config: --enable-swtpm --disable-wolfcrypt --disable-fwtpm
             test_command: "make check && WOLFSSL_PATH=./wolfssl WOLFCRYPT_ENABLE=0 ./examples/run_examples.sh"
 
           # No wrapper
           - name: no-wrapper
-            wolftpm_config: --enable-swtpm --disable-wrapper
+            wolftpm_config: --enable-swtpm --disable-wrapper --disable-fwtpm
             test_command: "./examples/native/native_test"
 
           # Small stack
           - name: smallstack
-            wolftpm_config: --enable-swtpm --enable-smallstack
+            wolftpm_config: --enable-swtpm --enable-smallstack --disable-fwtpm
             test_command: "make check && WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh"
 
           # Infineon SLB9670
           - name: slb9670
-            wolftpm_config: --enable-infineon=slb9670
+            wolftpm_config: --enable-infineon=slb9670 --disable-fwtpm
           # Infineon SLB9672
           - name: slb9672
-            wolftpm_config: --enable-infineon=slb9672
+            wolftpm_config: --enable-infineon=slb9672 --disable-fwtpm
           # Infineon SLB9673
           - name: slb9673
-            wolftpm_config: --enable-infineon=slb9673 --enable-i2c
+            wolftpm_config: --enable-infineon=slb9673 --enable-i2c --disable-fwtpm
           # Cert sign callback (wc_SignCert_cb)
           - name: certsigncb
             wolfssl_config: --enable-wolftpm --enable-pkcallbacks --enable-certsigncb
-            wolftpm_config: --enable-swtpm --enable-certgen
+            wolftpm_config: --enable-swtpm --enable-certgen --disable-fwtpm
             test_command: "make check && WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh && ./examples/csr/csr -signcb && ./examples/csr/csr -signcb -cert"
 
           # STMicro ST33KTPM2
           - name: st33ktpm2
-            wolftpm_config: --enable-st33
+            wolftpm_config: --enable-st33 --disable-fwtpm
           # STMicro ST33KTPM2
           - name: st33ktpm2 firmware
-            wolftpm_config: --enable-st33 --enable-firmware
+            wolftpm_config: --enable-st33 --enable-firmware --disable-fwtpm
           # SPDM + Nuvoton (compile-only, no hardware in CI)
           - name: spdm-nuvoton
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nuvoton
+            wolftpm_config: --enable-spdm --enable-nuvoton --disable-fwtpm
             needs_swtpm: false
           # SPDM small stack (heap-allocated SPDM context)
           - name: spdm-smallstack
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nuvoton --enable-smallstack
+            wolftpm_config: --enable-spdm --enable-nuvoton --enable-smallstack --disable-fwtpm
             needs_swtpm: false
           # SPDM debug
           - name: spdm-debug
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nuvoton --enable-debug
+            wolftpm_config: --enable-spdm --enable-nuvoton --enable-debug --disable-fwtpm
             needs_swtpm: false
           # SPDM + Nations (compile-only, no hardware in CI)
           - name: spdm-nations
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nations
+            wolftpm_config: --enable-spdm --enable-nations --disable-fwtpm
             needs_swtpm: false
           # SPDM + Nations debug
           - name: spdm-nations-debug
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nations --enable-debug
+            wolftpm_config: --enable-spdm --enable-nations --enable-debug --disable-fwtpm
             needs_swtpm: false
           # SPDM + Nations small stack (heap-allocated SPDM context)
           - name: spdm-nations-smallstack
             wolfssl_config: --enable-wolftpm --enable-ecc --enable-sha384 --enable-aesgcm --enable-hkdf --enable-sp
-            wolftpm_config: --enable-spdm --enable-nations --enable-smallstack
+            wolftpm_config: --enable-spdm --enable-nations --enable-smallstack --disable-fwtpm
             needs_swtpm: false
           # Microchip
           - name: microchip
-            wolftpm_config: --enable-microchip
+            wolftpm_config: --enable-microchip --disable-fwtpm
           # Nuvoton
           - name: nuvoton
-            wolftpm_config: --enable-nuvoton
+            wolftpm_config: --enable-nuvoton --disable-fwtpm
 
           # TIS lock
           - name: tislock
-            wolftpm_config: --enable-tislock
+            wolftpm_config: --enable-tislock --disable-fwtpm
             needs_swtpm: false
 
           # Debug
           - name: debug
-            wolftpm_config: --enable-debug
+            wolftpm_config: --enable-debug --disable-fwtpm
             needs_swtpm: false
 
           # Debug verbose
           - name: debug-verbose
-            wolftpm_config: --enable-debug=verbose
+            wolftpm_config: --enable-debug=verbose --disable-fwtpm
             needs_swtpm: false
 
           # Debug IO
           - name: debug-io
-            wolftpm_config: --enable-debug=io
+            wolftpm_config: --enable-debug=io --disable-fwtpm
             wolftpm_cflags: "-DWOLFTPM_DEBUG_TIMEOUT"
             needs_swtpm: false
 
           # AdvIO
           - name: advio
-            wolftpm_config: --enable-advio
+            wolftpm_config: --enable-advio --disable-fwtpm
             needs_swtpm: false
 
           # Autodetect (default configure, /dev/tpm0 + SPI dual support)
@@ -155,7 +155,7 @@ jobs:
 
           # No provisioning
           - name: no-provisioning
-            wolftpm_config: --disable-provisioning
+            wolftpm_config: --disable-provisioning --disable-fwtpm
             needs_swtpm: false
 
           # Symmetric encryption
@@ -286,7 +286,7 @@ jobs:
       - name: Build wolfTPM
         run: |
           ./autogen.sh
-          WOLFTPM_CONFIG="${{ matrix.wolftpm_config || '--enable-swtpm' }}"
+          WOLFTPM_CONFIG="${{ matrix.wolftpm_config || '--enable-swtpm --disable-fwtpm' }}"
           WOLFTPM_CFLAGS="${{ matrix.wolftpm_cflags || '' }}"
           WOLFTPM_CC="${{ matrix.wolftpm_cc || '' }}"
           # Add TPM port to configure if SWTPM is needed

.github/workflows/multi-compiler.yml

@@ -88,7 +88,7 @@ jobs:
           CXX: ${{ matrix.cxx }}
         run: |
           ./autogen.sh
-          ./configure CFLAGS="-Wall -Wextra -Wpedantic"
+          ./configure --disable-fwtpm CFLAGS="-Wall -Wextra -Wpedantic"
           make -j$(nproc)
 
       - name: Make dist

.github/workflows/sanitizer.yml

@@ -94,7 +94,7 @@ jobs:
       - name: Build wolfTPM with ${{ matrix.name }}
         run: |
           ./autogen.sh
-          ./configure --enable-swtpm \
+          ./configure --enable-swtpm --disable-fwtpm \
             CFLAGS="${{ matrix.cflags }}" LDFLAGS="${{ matrix.ldflags }}"
           make -j$(nproc)
 

.github/workflows/seal-test.yml

@@ -56,7 +56,7 @@ jobs:
       - name: Build wolfTPM
         run: |
           ./autogen.sh
-          ./configure --enable-swtpm --enable-debug
+          ./configure --enable-swtpm --enable-debug --disable-fwtpm
           make -j
 
       - name: Run seal tests

src/tpm2.c

@@ -6743,19 +6743,7 @@ int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, word32 size, int* sizeUsed)
 
 #ifdef DEBUG_WOLFTPM
 
-void TPM2_PrintAuth(const TPMS_AUTH_COMMAND* authCmd)
-{
-    if (authCmd == NULL)
-        return;
-
-    printf("authCmd:\n");
-    printf("sessionHandle=0x%08X\n", (unsigned int)authCmd->sessionHandle);
-    printf("nonceSize=%u nonceBuffer:\n", authCmd->nonce.size);
-    TPM2_PrintBin(authCmd->nonce.buffer, authCmd->nonce.size);
-    printf("sessionAttributes=0x%02X\n", authCmd->sessionAttributes);
-    printf("hmacSize=%u hmacBuffer:\n", authCmd->hmac.size);
-    TPM2_PrintBin(authCmd->hmac.buffer, authCmd->hmac.size);
-}
+/* TPM2_PrintAuth moved to tpm2_util.c (shared with fwtpm_server) */
 
 void TPM2_PrintPublicArea(const TPM2B_PUBLIC* pub)
 {

src/tpm2_util.c

@@ -151,4 +151,18 @@ void TPM2_PrintBin(const byte* buffer, word32 length)
         length -= sz;
     }
 }
+
+void TPM2_PrintAuth(const TPMS_AUTH_COMMAND* authCmd)
+{
+    if (authCmd == NULL)
+        return;
+
+    printf("authCmd:\n");
+    printf("sessionHandle=0x%08X\n", (unsigned int)authCmd->sessionHandle);
+    printf("nonceSize=%u nonceBuffer:\n", authCmd->nonce.size);
+    TPM2_PrintBin(authCmd->nonce.buffer, authCmd->nonce.size);
+    printf("sessionAttributes=0x%02X\n", authCmd->sessionAttributes);
+    printf("hmacSize=%u hmacBuffer:\n", authCmd->hmac.size);
+    TPM2_PrintBin(authCmd->hmac.buffer, authCmd->hmac.size);
+}
 #endif /* DEBUG_WOLFTPM */

tests/include.am

@@ -3,14 +3,12 @@
 # All paths should be given relative to the root
 
 # unit.test requires a running TPM server. When fwtpm_check.sh is used
-# (BUILD_FWTPM or BUILD_SWTPM), it manages the server and runs unit.test
-# internally — so exclude unit.test from check_PROGRAMS in those cases.
+# (BUILD_FWTPM), it manages the server and runs unit.test internally —
+# so exclude unit.test from check_PROGRAMS in that case.
 if BUILD_EXAMPLES
 if !BUILD_FWTPM
-if !BUILD_SWTPM
 check_PROGRAMS += tests/unit.test
 endif
-endif
 noinst_PROGRAMS += tests/unit.test
 tests_unit_test_SOURCES      = tests/unit_tests.c \
                                examples/tpm_test_keys.c
@@ -38,12 +36,7 @@ tests_fwtpm_unit_test_LDADD    = $(LIB_STATIC_ADD)
 endif
 
 # TPM make check: manages server, runs unit.test + run_examples.sh
-# Used for --enable-fwtpm and/or --enable-swtpm builds
+# Used for --enable-fwtpm builds
 if BUILD_FWTPM
 dist_noinst_SCRIPTS += tests/fwtpm_check.sh
 endif
-if BUILD_SWTPM
-if !BUILD_FWTPM
-dist_noinst_SCRIPTS += tests/fwtpm_check.sh
-endif
-endif