Feature Request: Override TCTI via env variable

[joholl]

Let's add an environment variable TPM2TSS_TCTI to tctildr.

Why?

This is something which has to bugged me for a long time. When working on an application (or the tss tests), it would be great to be able to change the tcti via environment variable. E.g. when I have device, I could change it to libtpms, pcap:device, ... on the fly (without changing C code or shuffling aroung symlinks to libraries).

That is often already possible on application-level (TPM2TOOLS_TCTIand TPM2OPENSSL_TCTI), but not on tss-level.

Basically asking for the same thing: #2626

TSS Tests

The tss tests do have some handling based on various env-variables, but it is out-of-date and does not use the tctildr. (FYI: I'm currently working on this and might submit a draft PR in the coming weeks as a conversation starter).

Suggestion

Let's add an environment variable TPM2TSS_TCTI to tctildr. It will then attempt to load the given tcti (or fail with a descriptive error message if it can't).

I'm not concerned that users will override their TCTI accidentally, but we might want to emit a warning log, just in case.

Security

Security is not impacted, here. Implementing this feature only increases usability. If an attacker has access to env variables, we have other problems, anyway (such as library hijacking via LD_PRELOAD).

[tomoveu]

This is curious but also poses a security risk. I would like to follow the development of this feature. It will be very useful if implemented securely.