Added a script for using swtpm for testing.

crates/btnode/scripts/swtpm-localca.conf

@@ -0,0 +1,4 @@
+statedir = $TPM_PATH
+signingkey = $TPM_PATH/signkey.pem
+issuercert = $TPM_PATH/issuercert.pem
+certserial = $TPM_PATH/certserial

crates/btnode/scripts/swtpm-localca.options

@@ -0,0 +1,3 @@
+--platform-manufacturer Fedora
+--platform-version 2.1
+--platform-model QEMU

crates/btnode/scripts/swtpm.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+# Script for provisioning and running the swtpm emulator. This script can only be run by a user with
+# sudo privileges.
+set -e
+
+# The name of the virtual TPM device. This will determine the name of the device under /dev.
+TPM_NAME=vtpm0
+# The path to the directory where the TPM's state will be stored.
+export TPM_PATH=/tmp/$TPM_NAME
+# The name of the user to run swtpm as.
+TPM_USER=tss
+# The file where swtpm's pid will be stored.
+TPM_PID=$TPM_PATH/swtpm.pid
+
+setup() {
+    mkdir -p $TPM_PATH
+    swtpm_setup --config swtpm_setup.conf --tpm-state dir://$TPM_PATH \
+        --tpm2 --ecc --createek --display
+}
+
+start() {
+    if [ ! -d $TPM_PATH ]; then
+        setup
+    fi
+    if [ -f $TPM_PID ]; then
+        echo "swtpm is already running with PID $(cat $TPM_PID)."
+        exit 1
+    fi
+    sudo swtpm cuse --name $TPM_NAME --tpm2 --log file=$TPM_PATH/log.txt,level=5 \
+        --flags not-need-init,startup-clear --pid file=$TPM_PID \
+        --runas $TPM_USER --tpmstate dir=$TPM_PATH
+    sudo chown :$TPM_USER /dev/$TPM_NAME
+    sudo chmod 0660 /dev/$TPM_NAME
+}
+
+stop() {
+    if [ ! -f $TPM_PID ]; then
+        echo "swtpm is not running."
+        exit 1
+    fi
+    pid=$(cat $TPM_PID)
+    sudo rm $TPM_PID
+    sudo kill -SIGTERM $pid
+}
+
+usage() {
+    echo "${0} <start|stop>"
+}
+
+if [ "${1}" = start ]; then
+    start
+elif [ "${1}" = stop ]; then
+    stop
+else
+    usage
+fi

crates/btnode/scripts/swtpm_setup.conf

@@ -0,0 +1,6 @@
+# Program invoked for creating certificates
+create_certs_tool= /usr/bin/swtpm_localca
+create_certs_tool_config = $PWD/swtpm-localca.conf
+create_certs_tool_options = $PWD/swtpm-localca.options
+# Comma-separated list (no spaces) of PCR banks to activate by default
+active_pcr_banks = sha256

crates/btnode/src/crypto/tpm.rs

@@ -34,6 +34,12 @@ impl HasResponseCode for Tss2ResponseCode {
     }
 }
 
+impl HasResponseCode for TSS2_RC {
+    fn response_code(&self) -> TSS2_RC {
+        self.clone()
+    }
+}
+
 trait Tss2Expect<T> {
     /// Provides an enhanced error message for types which contain TSS2 response codes.
     fn tss2_expect(self, err_msg: &str) -> T;
@@ -60,12 +66,13 @@ impl<T> Tss2Expect<T> for tss_esapi::Result<T> {
 #[cfg(test)]
 mod test {
     use super::*;
+    use core::str::FromStr;
     use tss_esapi::{
         Context,
         constants::{
             session_type::{SessionType},
         },
-        tcti_ldr::{TabrmdConfig},
+        tcti_ldr::{DeviceConfig, NetworkTPMConfig, TctiNameConf, TabrmdConfig},
         interface_types::{
             resource_handles::{Hierarchy},
             algorithm::{HashingAlgorithm},
@@ -87,6 +94,13 @@ mod test {
         },
     };
 
+    //#[test]
+    fn decode_return_code() {
+        const RC: TSS2_RC = 0x00000101;
+        let text = tss2_rc_decode(RC);
+        panic!("{}", text);
+    }
+
     #[test]
     fn create_context() {
         let config = TabrmdConfig::default();
@@ -96,9 +110,9 @@ mod test {
 
     #[test]
     fn create_primary_key() {
-        let config = TabrmdConfig::default();
-        let mut context = Context::new_with_tabrmd(config)
-            .expect("Failed to connect to tabrmd. Ensure that tpm2-abrmd is running");
+        let config = TctiNameConf::Device(DeviceConfig::from_str("/dev/vtpm0").unwrap());
+        let mut context = Context::new(config)
+            .tss2_expect("Failed to create context");
 
         let public = {
             let object_attributes = ObjectAttributes::builder()
@@ -137,7 +151,7 @@ mod test {
             SymmetricDefinition::AES_256_CFB,
             HashingAlgorithm::Sha256,
         )
-        .expect("Failed to create session")
+        .tss2_expect("Failed to create session")
         .expect("Received invalid handle");
 
         context.execute_with_session(Some(session), |ctx| {