1  #!/bin/bash
  2  
  3  # setup-go-tpm.sh
  4  # Install and configure Google go-tpm libraries for hardware TPM integration
  5  
  6  set -e  # Exit on any error
  7  
  8  # Set colors for better output
  9  GREEN="\033[0;32m"
 10  BLUE="\033[0;34m"
 11  YELLOW="\033[0;33m"
 12  RED="\033[0;31m"
 13  RESET="\033[0m"
 14  
 15  echo -e "${BLUE}"
 16  echo -e "╔════════════════════════════════════════════════════════════════╗"
 17  echo -e "║                                                                ║"
 18  echo -e "║              KeepSync TPM Hardware Setup                       ║"
 19  echo -e "║                                                                ║"
 20  echo -e "╚════════════════════════════════════════════════════════════════╝"
 21  echo -e "${RESET}"
 22  
 23  # Get project root
 24  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 25  PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
 26  
 27  echo -e "${YELLOW}Setting up hardware TPM dependencies...${RESET}"
 28  
 29  # Check if we're in the right directory
 30  if [ ! -f "${PROJECT_ROOT}/go.mod" ]; then
 31      echo -e "${RED}Error: go.mod not found. Please run this script from the project root.${RESET}"
 32      exit 1
 33  fi
 34  
 35  # Function to check if a command exists
 36  command_exists() {
 37      command -v "$1" >/dev/null 2>&1
 38  }
 39  
 40  # Check for Go
 41  if ! command_exists go; then
 42      echo -e "${RED}Error: Go is not installed. Please install Go first.${RESET}"
 43      exit 1
 44  fi
 45  
 46  echo -e "${YELLOW}Go version:${RESET}"
 47  go version
 48  
 49  # Check for TPM hardware
 50  echo -e "${YELLOW}Checking TPM hardware availability...${RESET}"
 51  
 52  TPM_DEVICES=""
 53  TPM_AVAILABLE=false
 54  
 55  if [ -e "/dev/tpm0" ]; then
 56      echo -e "${GREEN}✓ TPM device found: /dev/tpm0${RESET}"
 57      TPM_DEVICES="$TPM_DEVICES /dev/tpm0"
 58      TPM_AVAILABLE=true
 59  fi
 60  
 61  if [ -e "/dev/tpmrm0" ]; then
 62      echo -e "${GREEN}✓ TPM resource manager found: /dev/tpmrm0 (preferred)${RESET}"
 63      TPM_DEVICES="$TPM_DEVICES /dev/tpmrm0"
 64      TPM_AVAILABLE=true
 65  fi
 66  
 67  if [ "$TPM_AVAILABLE" = false ]; then
 68      echo -e "${YELLOW}⚠ No TPM hardware detected. Hardware provider will fallback to simulator.${RESET}"
 69  else
 70      echo -e "${GREEN}✓ TPM hardware available${RESET}"
 71  fi
 72  
 73  # Check user permissions
 74  echo -e "${YELLOW}Checking TPM access permissions...${RESET}"
 75  
 76  if groups | grep -q "tss"; then
 77      echo -e "${GREEN}✓ User is in 'tss' group${RESET}"
 78  else
 79      echo -e "${YELLOW}⚠ User is not in 'tss' group. You may need to run:${RESET}"
 80      echo -e "${YELLOW}  sudo usermod -a -G tss \$USER${RESET}"
 81      echo -e "${YELLOW}  Then logout and login again.${RESET}"
 82  fi
 83  
 84  # Test TPM access
 85  if [ "$TPM_AVAILABLE" = true ]; then
 86      for device in $TPM_DEVICES; do
 87          if [ -r "$device" ] && [ -w "$device" ]; then
 88              echo -e "${GREEN}✓ Can access $device${RESET}"
 89          else
 90              echo -e "${YELLOW}⚠ Cannot access $device (may need 'tss' group membership)${RESET}"
 91          fi
 92      done
 93  fi
 94  
 95  # Change to project directory
 96  cd "$PROJECT_ROOT"
 97  
 98  echo -e "${YELLOW}Installing go-tpm dependencies...${RESET}"
 99  
100  # Install core go-tpm library
101  echo -e "${YELLOW}Installing github.com/google/go-tpm...${RESET}"
102  go get github.com/google/go-tpm@latest
103  if [ $? -eq 0 ]; then
104      echo -e "${GREEN}✓ go-tpm installed successfully${RESET}"
105  else
106      echo -e "${RED}✗ Failed to install go-tpm${RESET}"
107      exit 1
108  fi
109  
110  # Install TPM 2.0 specific library
111  echo -e "${YELLOW}Installing github.com/google/go-tpm/tpm2...${RESET}"
112  go get github.com/google/go-tpm/tpm2@latest
113  if [ $? -eq 0 ]; then
114      echo -e "${GREEN}✓ go-tpm/tpm2 installed successfully${RESET}"
115  else
116      echo -e "${RED}✗ Failed to install go-tpm/tpm2${RESET}"
117      exit 1
118  fi
119  
120  # Install go-tpm-tools for high-level operations
121  echo -e "${YELLOW}Installing github.com/google/go-tpm-tools/client...${RESET}"
122  go get github.com/google/go-tpm-tools/client@latest
123  if [ $? -eq 0 ]; then
124      echo -e "${GREEN}✓ go-tpm-tools installed successfully${RESET}"
125  else
126      echo -e "${RED}✗ Failed to install go-tpm-tools${RESET}"
127      exit 1
128  fi
129  
130  # Install additional TPM utilities if needed
131  echo -e "${YELLOW}Installing additional TPM libraries...${RESET}"
132  go get github.com/google/go-tpm-tools/simulator@latest
133  go get github.com/google/go-tpm/tpm2/transport@latest
134  
135  # Update dependencies
136  echo -e "${YELLOW}Updating go.mod and go.sum...${RESET}"
137  go mod tidy
138  
139  # Verify installation
140  echo -e "${YELLOW}Verifying installation...${RESET}"
141  
142  # Test that we can import the packages
143  cat > /tmp/tpm_test.go << 'EOF'
144  package main
145  
146  import (
147      "fmt"
148      "github.com/google/go-tpm/tpm2"
149      "github.com/google/go-tpm-tools/client"
150  )
151  
152  func main() {
153      fmt.Println("go-tpm libraries imported successfully")
154  }
155  EOF
156  
157  if go run /tmp/tpm_test.go; then
158      echo -e "${GREEN}✓ TPM libraries verified successfully${RESET}"
159      rm -f /tmp/tpm_test.go
160  else
161      echo -e "${RED}✗ TPM libraries verification failed${RESET}"
162      rm -f /tmp/tmp_test.go
163      exit 1
164  fi
165  
166  # Create TPM capability detection script
167  echo -e "${YELLOW}Creating TPM capability detection script...${RESET}"
168  
169  cat > "${SCRIPT_DIR}/detect-tpm-capabilities.sh" << 'EOF'
170  #!/bin/bash
171  
172  # detect-tpm-capabilities.sh
173  # Detect and report TPM hardware capabilities
174  
175  echo "=== TPM Hardware Detection ==="
176  
177  # Check for TPM devices
178  echo "TPM Devices:"
179  ls -la /dev/tpm* 2>/dev/null || echo "  No TPM devices found"
180  
181  # Check TPM version if available
182  if command -v tpm2_getcap >/dev/null 2>&1; then
183      echo ""
184      echo "TPM Capabilities:"
185      tpm2_getcap properties-fixed 2>/dev/null || echo "  Cannot query TPM capabilities"
186  fi
187  
188  # Check systemd-tpm status
189  if systemctl is-active systemd-tpm2-generator >/dev/null 2>&1; then
190      echo ""
191      echo "systemd TPM2 support: Active"
192  else
193      echo ""
194      echo "systemd TPM2 support: Not active"
195  fi
196  
197  # Check kernel TPM support
198  echo ""
199  echo "Kernel TPM Support:"
200  if [ -d "/sys/class/tpm" ]; then
201      ls -la /sys/class/tpm/
202  else
203      echo "  No kernel TPM support detected"
204  fi
205  EOF
206  
207  chmod +x "${SCRIPT_DIR}/detect-tpm-capabilities.sh"
208  
209  echo -e "${GREEN}"
210  echo -e "╔════════════════════════════════════════════════════════════════╗"
211  echo -e "║                                                                ║"
212  echo -e "║                 TPM Setup Complete!                            ║"
213  echo -e "║                                                                ║"
214  echo -e "╚════════════════════════════════════════════════════════════════╝"
215  echo -e "${RESET}"
216  
217  echo -e "${GREEN}✅ TPM hardware setup completed successfully!${RESET}"
218  echo -e ""
219  echo -e "${YELLOW}Next steps:${RESET}"
220  echo -e "1. Run hardware provider implementation"
221  echo -e "2. Test hardware TPM integration"
222  echo -e "3. Verify fallback to simulator when needed"
223  echo -e ""
224  echo -e "${YELLOW}To detect TPM capabilities, run:${RESET}"
225  echo -e "  ${SCRIPT_DIR}/detect-tpm-capabilities.sh"
226  echo -e ""
227  echo -e "${YELLOW}To build with hardware TPM support:${RESET}"
228  echo -e "  ./scripts/integrated-build.sh build"
229  
230  exit 0