Andreas Fuchs

Add OpenSSL errors to calls ``` char err_buffer[256]; ERR_error_string_n(err, err_buffer, sizeof(err_buffer)); LOG_ERROR("Failure %s", err_buffer); ``` Helps with #2889 debugging

The SPI-Helper seems to not check the expect bit nor the stsValid bit during command transmission. The transfer should go as follows: - Write 1 byte - Check that expect...

Fixes: #2877

Tests in post-test checks should not be needed, since we check the pre test PCRs against the post test PCRs anyways.

Since some embedded platforms might not support standard `malloc()` it would be nice to have an ESYS_MALLOC (and ESYS_REALLOC and ESYS_FREE and ESYS_CALLOC) global variable that can be used by...

Proposal to add ```C Esys_GetCpHash(ESYS_CONTEXT* ctx, TPM2_ALG_HASH hashAlg, uint8_t **cpHash, size_t *cpHash_size); // Only to be called after Esys_*_Prepare() and before Esys_Execute/_Async() or Esys_Abort() Esys_Abort(ESYS_CONTEXT ctx) // Can be called...

Apparently, ``` ~/.clang-tidy: Checks: "-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling" ``` helps

Currently, qualifying data for the return blob is hard coded: https://github.com/tpm2-software/tpm2-tools/blob/b4bf516d4c5c798d1ad7b0921906e8a1650a4b86/tools/tpm2_certify.c#L79-L82 This should be either empty or settable by CLI parameters. If we decide to switch to empty by default,...

tpm2_pcrextend currently does not support sessions (also the other pcr ops). Add support for -S similar to e.g. tpm2_getrandom.