Support for swtpm port arguments

dgarske · dgarske · commit 5f4c09afd7f8 · 2025-11-20T15:07:19.000-08:00
diff --git a/.github/workflows/make-test-swtpm.yml b/.github/workflows/make-test-swtpm.yml
@@ -133,10 +133,9 @@ jobs:
             needs_install: true
 
           # Old wolfSSL (v4.7.0)
+          # Builds latest wolfSSL for examples/client/client and examples/server/server
+          # Builds old wolfSSL (v4.7.0) for linking wolfTPM against older shared library
           - name: old-wolfssl
-            wolfssl_config: --enable-wolftpm
-            wolfssl_cflags: "-DWOLFSSL_PUBLIC_MP -DWOLFSSL_TEST_CERT -DWOLFSSL_KEY_GEN"
-            wolfssl_ref: v4.7.0-stable
             test_command: "make check && WOLFSSL_PATH=./wolfssl NO_PUBASPRIV=1 ./examples/run_examples.sh"
             needs_install: true
 
@@ -166,15 +165,33 @@ jobs:
           sudo make install
           sudo ldconfig
 
+      # For old-wolfssl test: checkout and build old wolfSSL for linking
+      - name: Checkout old wolfSSL
+        if: matrix.name == 'old-wolfssl'
+        uses: actions/checkout@master
+        with:
+          repository: wolfssl/wolfssl
+          path: wolfssl-old
+          ref: v4.7.0-stable
+      - name: Setup old wolfSSL for linking
+        if: matrix.name == 'old-wolfssl'
+        working-directory: ./wolfssl-old
+        run: |
+          ./autogen.sh
+          CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_TEST_CERT -DWOLFSSL_KEY_GEN" ./configure --enable-wolftpm
+          make
+          sudo make install
+          sudo ldconfig
+
       - name: Setup ibmswtpm2
-        if: matrix.needs_swtpm == true || matrix.needs_swtpm == null
+        if: matrix.needs_swtpm != false
         uses: actions/checkout@master
         with:
           repository: kgoldman/ibmswtpm2
           path: ibmswtpm2
 
       - name: Generate TPM port
-        if: matrix.needs_swtpm == true || matrix.needs_swtpm == null
+        if: matrix.needs_swtpm != false
         run: |
           # Generate deterministic port from matrix name (base 40000, spacing 2 for port+1)
           MATRIX_HASH=$(echo -n "${{ matrix.name }}" | cksum | cut -d' ' -f1)
@@ -184,7 +201,7 @@ jobs:
           echo "Generated TPM port: $TPM_PORT (matrix: ${{ matrix.name }})"
 
       - name: Start TPM simulator
-        if: matrix.needs_swtpm == true || matrix.needs_swtpm == null
+        if: matrix.needs_swtpm != false
         working-directory: ./ibmswtpm2/src
         run: |
           make
@@ -202,14 +219,9 @@ jobs:
           WOLFTPM_CONFIG="${{ matrix.wolftpm_config || '--enable-swtpm' }}"
           WOLFTPM_CFLAGS="${{ matrix.wolftpm_cflags || '' }}"
           WOLFTPM_CC="${{ matrix.wolftpm_cc || '' }}"
-          # Add TPM port to CFLAGS if SWTPM is needed (as string)
+          # Add TPM port to configure if SWTPM is needed
           if [ -n "$TPM_PORT" ]; then
-            PORT_DEF='-DTPM2_SWTPM_PORT="'$TPM_PORT'"'
-            if [ -n "$WOLFTPM_CFLAGS" ]; then
-              WOLFTPM_CFLAGS="$WOLFTPM_CFLAGS $PORT_DEF"
-            else
-              WOLFTPM_CFLAGS="$PORT_DEF"
-            fi
+            WOLFTPM_CONFIG="$WOLFTPM_CONFIG --with-swtpm-port=$TPM_PORT"
           fi
           if [ -n "$WOLFTPM_CC" ]; then
             if [ -n "$WOLFTPM_CFLAGS" ]; then
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -167,6 +167,11 @@ endif(WIN32)
 if("${WOLFTPM_INTERFACE}" STREQUAL "SWTPM")
     list(APPEND WOLFTPM_DEFINITIONS "-DWOLFTPM_SWTPM")
 
+    # SWTPM port configuration
+    set(WOLFTPM_SWTPM_PORT "2321" CACHE STRING
+        "Set SWTPM socket port (default: 2321)")
+    list(APPEND WOLFTPM_DEFINITIONS "-DTPM2_SWTPM_PORT=\"${WOLFTPM_SWTPM_PORT}\"")
+
 elseif("${WOLFTPM_INTERFACE}" STREQUAL "DEVTPM")
     list(APPEND WOLFTPM_DEFINITIONS "-DWOLFTPM_LINUX_DEV")
 
diff --git a/Makefile.am b/Makefile.am
@@ -26,7 +26,9 @@ dist_doc_DATA =
 DISTCLEANFILES+= aminclude.am
 
 # make sure we pass the correct flags to distcheck
-AM_DISTCHECK_CONFIGURE_FLAGS = --enable-swtpm
+# SWTPM_PORT can be set via --with-swtpm-port during configure
+# Use @SWTPM_PORT@ substitution from configure.ac
+AM_DISTCHECK_CONFIGURE_FLAGS = --enable-swtpm @DISTCHECK_SWTPM_PORT_FLAG@
 
 exampledir = $(docdir)/example
 dist_example_DATA=
diff --git a/configure.ac b/configure.ac
@@ -231,6 +231,17 @@ AC_ARG_ENABLE([swtpm],
     [ ENABLED_SWTPM=no ]
     )
 
+# SWTPM port configuration
+SWTPM_PORT="2321"
+AC_ARG_WITH([swtpm-port],
+    [AS_HELP_STRING([--with-swtpm-port=PORT],[Set SWTPM socket port (default: 2321)])],
+    [
+        if test "x$withval" != "xno" && test "x$withval" != "xyes"; then
+            SWTPM_PORT="$withval"
+        fi
+    ]
+)
+
 if test "x$ENABLED_SWTPM" = "xyes"
 then
     if test "x$ENABLED_DEVTPM" = "xyes"
@@ -239,8 +250,21 @@ then
     fi
 
     AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SWTPM"
+    AM_CFLAGS="$AM_CFLAGS -DTPM2_SWTPM_PORT=\"$SWTPM_PORT\""
+
+    # Set distcheck flag if port is not default (only when SWTPM is enabled)
+    if test "x$SWTPM_PORT" != "x2321"; then
+        DISTCHECK_SWTPM_PORT_FLAG="--with-swtpm-port=$SWTPM_PORT"
+    else
+        DISTCHECK_SWTPM_PORT_FLAG=""
+    fi
+else
+    DISTCHECK_SWTPM_PORT_FLAG=""
 fi
 
+AC_SUBST([SWTPM_PORT])
+AC_SUBST([DISTCHECK_SWTPM_PORT_FLAG])
+
 # Windows TBS device Support
 AC_ARG_ENABLE([wintbs],,
     [ ENABLED_WINTBS=$enableval ],
@@ -579,6 +603,9 @@ echo "   * Advanced IO:               $ENABLED_ADVIO"
 echo "   * I2C:                       $ENABLED_I2C"
 echo "   * Linux kernel TPM device:   $ENABLED_DEVTPM"
 echo "   * SWTPM:                     $ENABLED_SWTPM"
+if test "x$ENABLED_SWTPM" = "xyes"; then
+    echo "   * SWTPM Port:                 $SWTPM_PORT"
+fi
 echo "   * WINAPI:                    $ENABLED_WINAPI"
 echo "   * TIS/SPI Check Wait State:  $ENABLED_CHECKWAITSTATE"
 
