Fix for m33mu NV

Author: dgarske

examples/run_examples.sh

@@ -450,9 +450,11 @@ run_tpm_tls_client() { # Usage: run_tpm_tls_client [ecc/rsa] [tpmargs] [tlsversi
     pushd $WOLFSSL_PATH >> $TPMPWD/run.out 2>&1
     echo -e "./examples/server/server -v $3 -p $port -w -g -A ./certs/tpm-ca-$1-cert.pem -R $READY_FILE"
     ./examples/server/server -v $3 -p $port -w -g -A ./certs/tpm-ca-$1-cert.pem -R "$READY_FILE" >> $TPMPWD/run.out 2>&1 &
+    SERVER_PID=$!
     popd >> $TPMPWD/run.out 2>&1
     if ! wait_for_ready "$READY_FILE" 500; then
         echo -e "wolfSSL server failed to start for $1 $2"
+        kill $SERVER_PID 2>/dev/null
         rm -f "$READY_FILE"
         exit 1
     fi
@@ -470,8 +472,10 @@ run_tpm_tls_server() { # Usage: run_tpm_tls_server [ecc/rsa] [tpmargs] [tlsversi
 
     echo -e "./examples/tls/tls_server -p=$port -$1 $2"
     ./examples/tls/tls_server -p=$port -$1 $2 >> $TPMPWD/run.out 2>&1 &
+    SERVER_PID=$!
     if ! wait_for_port "$port" 500; then
         echo -e "TPM TLS server failed to start on port $port for $1 $2"
+        kill $SERVER_PID 2>/dev/null
         exit 1
     fi
     pushd $WOLFSSL_PATH >> $TPMPWD/run.out 2>&1

scripts/fwtpm_emu_test.sh

@@ -72,7 +72,7 @@ echo "  TZEN: $TZEN"
 if [ $DO_BUILD -eq 1 ]; then
     echo "Building fwTPM STM32 (TZEN=$TZEN, SELFTEST=1)..."
     make -C "$PORT_DIR" clean > /dev/null 2>&1
-    if ! make -C "$PORT_DIR" WOLFTPM_DIR="$WOLFTPM_DIR" ${WOLFSSL_DIR:+WOLFSSL_DIR="$WOLFSSL_DIR"} TZEN=$TZEN SELFTEST=1 > /tmp/fwtpm_emu_build.log 2>&1; then
+    if ! make -C "$PORT_DIR" WOLFTPM_DIR="$WOLFTPM_DIR" ${WOLFSSL_DIR:+WOLFSSL_DIR="$WOLFSSL_DIR"} TZEN=$TZEN SELFTEST=1 EXTRA_CFLAGS="-DFWTPM_NO_NV" > /tmp/fwtpm_emu_build.log 2>&1; then
         echo "FAIL: Build failed"
         tail -20 /tmp/fwtpm_emu_build.log
         exit 1

src/fwtpm/fwtpm.c

@@ -92,12 +92,32 @@ int FWTPM_Init(FWTPM_CTX* ctx)
     }
 
     /* Initialize NV storage - loads existing state or creates fresh seeds */
+#ifndef FWTPM_NO_NV
     rc = FWTPM_NV_Init(ctx);
     if (rc != 0) {
         wc_FreeRng(&ctx->rng);
         wolfCrypt_Cleanup();
         return rc;
     }
+#else
+    /* No NV: generate ephemeral seeds (lost on reset) */
+    rc = wc_RNG_GenerateBlock(&ctx->rng, ctx->ownerSeed, FWTPM_SEED_SIZE);
+    if (rc == 0)
+        rc = wc_RNG_GenerateBlock(&ctx->rng, ctx->endorsementSeed,
+            FWTPM_SEED_SIZE);
+    if (rc == 0)
+        rc = wc_RNG_GenerateBlock(&ctx->rng, ctx->platformSeed,
+            FWTPM_SEED_SIZE);
+    if (rc == 0)
+        rc = wc_RNG_GenerateBlock(&ctx->rng, ctx->nullSeed,
+            FWTPM_SEED_SIZE);
+    if (rc != 0) {
+        wc_FreeRng(&ctx->rng);
+        wolfCrypt_Cleanup();
+        return TPM_RC_FAILURE;
+    }
+    ctx->pcrAllocatedBanks = FWTPM_PCR_ALLOC_DEFAULT;
+#endif
 
     return rc;
 }
@@ -111,7 +131,11 @@ int FWTPM_Cleanup(FWTPM_CTX* ctx)
     }
 
     /* Save NV state before cleanup */
+#ifndef FWTPM_NO_NV
     rc = FWTPM_NV_Save(ctx);
+#else
+    rc = TPM_RC_SUCCESS;
+#endif
 
     wc_FreeRng(&ctx->rng);
     wolfCrypt_Cleanup();

src/fwtpm/fwtpm_nv.c

@@ -1123,7 +1123,8 @@ int FWTPM_NV_Init(FWTPM_CTX* ctx)
         rc = FWTPM_NV_Save(ctx);
     #ifdef DEBUG_WOLFTPM
         if (rc != TPM_RC_SUCCESS) {
-            printf("fwTPM: Warning: Failed to save initial NV state\n");
+            printf("fwTPM: Warning: Failed to save initial NV state (%d)\n",
+                rc);
         }
     #endif
     }

src/tpm2_swtpm.c

@@ -210,7 +210,10 @@ static TPM_RC SwTpmConnect(TPM2_CTX* ctx, const char* host, const char* port)
 
     /* 8N1: 8 data bits, no parity, 1 stop bit */
     tty.c_cflag = (tty.c_cflag & ~CSIZE) | CS8;
-    tty.c_cflag &= ~(PARENB | PARODD | CSTOPB | CRTSCTS);
+    tty.c_cflag &= ~(PARENB | PARODD | CSTOPB);
+#ifdef CRTSCTS
+    tty.c_cflag &= ~CRTSCTS;
+#endif
     tty.c_cflag |= (CLOCAL | CREAD);
 
     /* Raw mode: no special input/output processing */

tests/fwtpm_check.sh

@@ -29,11 +29,13 @@ SKIP_EXAMPLES=0
 # --- Helpers ---
 
 # Wait for a TCP port to be listening
-# Uses ss to check without connecting (nc -z would consume the accept slot)
+# Uses ss/netstat to check without connecting (nc -z would consume the accept slot)
 wait_for_port() {
     local port="$1" timeout="${2:-500}" elapsed=0
     while [ $elapsed -lt $timeout ]; do
-        if ss -tln 2>/dev/null | grep -q ":${port} "; then
+        if command -v ss >/dev/null 2>&1; then
+            ss -tln 2>/dev/null | grep -q ":${port} " && return 0
+        elif netstat -tln 2>/dev/null | grep -q ":${port} "; then
             return 0
         fi
         sleep 0.01
@@ -42,6 +44,21 @@ wait_for_port() {
     return 1
 }
 
+# Check if a port is in use (returns 0 if port is in use)
+check_port_in_use() {
+    local port="$1"
+    if command -v nc >/dev/null 2>&1; then
+        nc -z localhost "$port" 2>/dev/null
+        return $?
+    elif command -v ss >/dev/null 2>&1; then
+        ss -tln 2>/dev/null | grep -q ":${port} "
+        return $?
+    elif netstat -tln 2>/dev/null | grep -q ":${port} "; then
+        return 0
+    fi
+    return 1  # no tool available, assume in use to be safe
+}
+
 # Pick an available random port (returns port on stdout)
 pick_available_port() {
     local port attempts=0
@@ -51,7 +68,7 @@ pick_available_port() {
         else
             port=$(( (RANDOM % 55000) + 10000 ))
         fi
-        if ! nc -z localhost "$port" 2>/dev/null; then
+        if ! check_port_in_use "$port"; then
             echo "$port"
             return 0
         fi
@@ -240,7 +257,7 @@ if [ $IS_FWTPM_MODE -eq 1 ]; then
     # --- fwTPM mode: we manage the server lifecycle ---
 
     # Check if a server is already running (e.g. started by CI)
-    if [ $IS_SWTPM_MODE -eq 1 ] && ss -tln 2>/dev/null | grep -q ":${FWTPM_PORT} "; then
+    if [ $IS_SWTPM_MODE -eq 1 ] && check_port_in_use "$FWTPM_PORT"; then
         echo "Server already running on port $FWTPM_PORT"
         if [ $HAS_GETENV -eq 1 ]; then
             export TPM2_SWTPM_PORT="$FWTPM_PORT"
@@ -312,7 +329,7 @@ else
         export TPM2_SWTPM_PORT="$FWTPM_PORT"
     fi
 
-    if ! ss -tln 2>/dev/null | grep -q ":${FWTPM_PORT} "; then
+    if ! check_port_in_use "$FWTPM_PORT"; then
         echo "No TPM server on port $FWTPM_PORT, skipping (start one with: tpm_server &)"
         exit 77
     fi