Initial commit
This commit is contained in:
@@ -0,0 +1,80 @@
|
||||
meta-tpm layer
|
||||
==============
|
||||
|
||||
The bbappend files for some recipes (e.g. linux-yocto) in this layer need
|
||||
to have 'tpm' in DISTRO_FEATURES to have effect.
|
||||
To enable them, add in configuration file the following line.
|
||||
|
||||
DISTRO_FEATURES:append = " tpm"
|
||||
|
||||
If meta-tpm is included, but tpm is not enabled as a
|
||||
distro feature a warning is printed at parse time:
|
||||
|
||||
You have included the meta-tpm layer, but
|
||||
'tpm' has not been enabled in your DISTRO_FEATURES. Some bbappend files
|
||||
and preferred version setting may not take effect.
|
||||
|
||||
If you know what you are doing, this warning can be disabled by setting the following
|
||||
variable in your configuration:
|
||||
|
||||
SKIP_META_TPM_SANITY_CHECK = 1
|
||||
|
||||
|
||||
This layer contains base TPM recipes.
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
This layer depends on:
|
||||
|
||||
URI: git://git.openembedded.org/openembedded-core
|
||||
branch: master
|
||||
revision: HEAD
|
||||
prio: default
|
||||
|
||||
URI: git://git.openembedded.org/meta-openembedded/meta-oe
|
||||
branch: master
|
||||
revision: HEAD
|
||||
prio: default
|
||||
|
||||
Adding the meta-tpm layer to your build
|
||||
========================================
|
||||
|
||||
In order to use this layer, you need to make the build system aware of
|
||||
it.
|
||||
|
||||
Assuming this layer exists at the top-level of your
|
||||
yocto build tree, you can add it to the build system by adding the
|
||||
location of the meta-tpm layer to bblayers.conf, along with any
|
||||
other layers needed. e.g.:
|
||||
|
||||
BBLAYERS ?= " \
|
||||
/path/to/oe-core/meta \
|
||||
/path/to/meta-openembedded/meta-oe \
|
||||
/path/to/layer/meta-tpm \
|
||||
|
||||
|
||||
Maintenance
|
||||
-----------
|
||||
|
||||
Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
|
||||
|
||||
When sending single patches, please using something like:
|
||||
'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-security][PATCH'
|
||||
|
||||
These values can be set as defaults for this repository:
|
||||
|
||||
$ git config sendemail.to yocto@lists.yoctoproject.org
|
||||
$ git config format.subjectPrefix meta-security][PATCH
|
||||
|
||||
Now you can just do 'git send-email origin/master' to send all local patches.
|
||||
|
||||
Maintainers: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
|
||||
License
|
||||
=======
|
||||
|
||||
All metadata is MIT licensed unless otherwise stated. Source code included
|
||||
in tree for individual recipes is under the LICENSE stated in each recipe
|
||||
(.bb file) unless otherwise stated.
|
||||
@@ -0,0 +1,12 @@
|
||||
addhandler tpm_machinecheck
|
||||
tpm_machinecheck[eventmask] = "bb.event.SanityCheck"
|
||||
python tpm_machinecheck() {
|
||||
skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1"
|
||||
if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and \
|
||||
'tpm2' not in e.data.getVar('DISTRO_FEATURES').split() and \
|
||||
not skip_check:
|
||||
bb.warn("You have included the meta-tpm layer, but \
|
||||
'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
|
||||
and preferred version setting may not take effect. See the meta-tpm README \
|
||||
for details on enabling tpm support.")
|
||||
}
|
||||
@@ -0,0 +1,38 @@
|
||||
# meta-tpm Maintainers File
|
||||
#
|
||||
# This file contains a list of recipe maintainers.
|
||||
#
|
||||
# Please submit any patches against recipes in meta to the
|
||||
# Yocto mail list (yocto@yoctoproject.org)
|
||||
#
|
||||
# If you have problems with or questions about a particular recipe, feel
|
||||
# free to contact the maintainer directly (cc:ing the appropriate mailing list
|
||||
# puts it in the archive and helps other people who might have the same
|
||||
# questions in the future), but please try to do the following first:
|
||||
#
|
||||
# - look in the Yocto Project Bugzilla
|
||||
# (http://bugzilla.yoctoproject.org/) to see if a problem has
|
||||
# already been reported
|
||||
#
|
||||
# The format is as a bitbake variable override for each recipe
|
||||
#
|
||||
# RECIPE_MAINTAINER:pn-<recipe name> = "Full Name <address@domain>"
|
||||
#
|
||||
# Please keep this list in alphabetical order.
|
||||
RECIPE_MAINTAINER:pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-pcr-extend = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm-quote-tools = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-libtpm = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-trousers = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-swtpm = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-openssl-tpm-engine = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm-tools = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-abrmd = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-totp = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-tcti-uefi = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-tss-engine = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-pkcs11 = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-tss = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-tpm2-tools = "Armin Kuster <akuster808@gmail.com>"
|
||||
RECIPE_MAINTAINER:pn-ibmswtpm2 = "Armin Kuster <akuster808@gmail.com>"
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
# We have a conf and classes directory, add to BBPATH
|
||||
BBPATH .= ":${LAYERDIR}"
|
||||
|
||||
# We have a recipes directory, add to BBFILES
|
||||
BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend"
|
||||
|
||||
BBFILE_COLLECTIONS += "tpm-layer"
|
||||
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
|
||||
BBFILE_PRIORITY_tpm-layer = "6"
|
||||
|
||||
LAYERSERIES_COMPAT_tpm-layer = "mickledore"
|
||||
|
||||
LAYERDEPENDS_tpm-layer = " \
|
||||
core \
|
||||
openembedded-layer \
|
||||
meta-python \
|
||||
"
|
||||
BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"
|
||||
|
||||
# Sanity check for meta-integrity layer.
|
||||
# Setting SKIP_META_TPM_SANITY_CHECK to "1" would skip the bbappend files check.
|
||||
INHERIT += "sanity-meta-tpm"
|
||||
|
||||
BBFILES_DYNAMIC += " \
|
||||
networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
|
||||
"
|
||||
|
||||
addpylib ${LAYERDIR}/lib oeqa
|
||||
@@ -0,0 +1,26 @@
|
||||
# Copyright (C) 2022 Armin Kuster <akuster808@gmail.com>
|
||||
#
|
||||
from oeqa.runtime.case import OERuntimeTestCase
|
||||
from oeqa.core.decorator.depends import OETestDepends
|
||||
from oeqa.runtime.decorator.package import OEHasPackage
|
||||
from oeqa.core.decorator.data import skipIfNotFeature
|
||||
|
||||
class SwTpmTest(OERuntimeTestCase):
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
|
||||
cls.tc.target.run('mkdir /tmp/myvtpm2')
|
||||
cls.tc.target.run('chown tss:root /tmp/myvtpm2')
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(cls):
|
||||
cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
|
||||
cls.tc.target.run('rm -fr /tmp/myvtpm2')
|
||||
|
||||
@skipIfNotFeature('tpm2','Test tpm2_swtpm_socket requires tpm2 to be in DISTRO_FEATURES')
|
||||
@OETestDepends(['ssh.SSHTest.test_ssh'])
|
||||
@OEHasPackage(['swtpm'])
|
||||
def test_swtpm2_ek_cert(self):
|
||||
cmd = 'swtpm_setup --tpmstate /tmp/myvtpm2 --create-ek-cert --create-platform-cert --tpm2',
|
||||
status, output = self.target.run(cmd)
|
||||
self.assertEqual(status, 0, msg="swtpm create-ek-cert failed: %s" % output)
|
||||
@@ -0,0 +1,69 @@
|
||||
# Copyright (C) 2019 - 2022 Armin Kuster <akuster808@gmail.com>
|
||||
#
|
||||
from oeqa.runtime.case import OERuntimeTestCase
|
||||
from oeqa.core.decorator.depends import OETestDepends
|
||||
from oeqa.runtime.decorator.package import OEHasPackage
|
||||
from oeqa.core.decorator.data import skipIfNotFeature
|
||||
|
||||
class Tpm2Test(OERuntimeTestCase):
|
||||
@classmethod
|
||||
def setUpClass(cls):
|
||||
cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
|
||||
cls.tc.target.run('mkdir /tmp/myvtpm2')
|
||||
|
||||
@classmethod
|
||||
def tearDownClass(cls):
|
||||
cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
|
||||
cls.tc.target.run('rm -fr /tmp/myvtpm2')
|
||||
|
||||
def check_endlines(self, results, expected_endlines):
|
||||
for line in results.splitlines():
|
||||
for el in expected_endlines:
|
||||
if line == el:
|
||||
expected_endlines.remove(el)
|
||||
break
|
||||
|
||||
if expected_endlines:
|
||||
self.fail('Missing expected line endings:\n %s' % '\n '.join(expected_endlines))
|
||||
|
||||
@OEHasPackage(['tpm2-tools'])
|
||||
@OEHasPackage(['tpm2-abrmd'])
|
||||
@OEHasPackage(['swtpm'])
|
||||
@skipIfNotFeature('tpm2','Test tpm2_startup requires tpm2 to be in DISTRO_FEATURES')
|
||||
@OETestDepends(['ssh.SSHTest.test_ssh'])
|
||||
def test_tpm2_startup(self):
|
||||
cmds = [
|
||||
'swtpm socket -d --tpmstate dir=/tmp/myvtpm2 --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
|
||||
'tpm2_startup -c -T "swtpm:port=2321"',
|
||||
]
|
||||
|
||||
for cmd in cmds:
|
||||
status, output = self.target.run(cmd)
|
||||
self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
|
||||
|
||||
@OETestDepends(['tpm2.Tpm2Test.test_tpm2_startup'])
|
||||
def test_tpm2_pcrread(self):
|
||||
(status, output) = self.target.run('tpm2_pcrread')
|
||||
expected_endlines = []
|
||||
expected_endlines.append(' sha1:')
|
||||
expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000')
|
||||
expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000')
|
||||
expected_endlines.append(' sha256:')
|
||||
expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000000000000000000000000000')
|
||||
expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000000000000000000000000000')
|
||||
|
||||
|
||||
self.check_endlines(output, expected_endlines)
|
||||
|
||||
|
||||
@OEHasPackage(['p11-kit'])
|
||||
@OEHasPackage(['tpm2-pkcs11'])
|
||||
@OETestDepends(['tpm2.Tpm2Test.test_tpm2_pcrread'])
|
||||
def test_tpm2_pkcs11(self):
|
||||
(status, output) = self.target.run('p11-kit list-modules -v')
|
||||
self.assertEqual(status, 0, msg="Modules missing: %s" % output)
|
||||
|
||||
@OETestDepends(['tpm2.Tpm2Test.test_tpm2_pkcs11'])
|
||||
def test_tpm2_swtpm_reset(self):
|
||||
(status, output) = self.target.run('swtpm_ioctl -i --tcp :2322')
|
||||
self.assertEqual(status, 0, msg="swtpm reset failed: %s" % output)
|
||||
@@ -0,0 +1,18 @@
|
||||
DESCRIPTION = "A small image for building a tpm image for testing"
|
||||
|
||||
IMAGE_FEATURES += "ssh-server-openssh"
|
||||
|
||||
IMAGE_INSTALL = "\
|
||||
packagegroup-base \
|
||||
packagegroup-core-boot \
|
||||
packagegroup-security-tpm \
|
||||
os-release \
|
||||
"
|
||||
|
||||
IMAGE_LINGUAS ?= " "
|
||||
|
||||
LICENSE = "MIT"
|
||||
|
||||
inherit core-image
|
||||
|
||||
export IMAGE_BASENAME = "security-tpm-image"
|
||||
@@ -0,0 +1,19 @@
|
||||
DESCRIPTION = "A small image for building a tpm2 image for testing"
|
||||
|
||||
IMAGE_FEATURES += "ssh-server-openssh"
|
||||
|
||||
IMAGE_INSTALL = "\
|
||||
packagegroup-base \
|
||||
packagegroup-core-boot \
|
||||
packagegroup-security-tpm2 \
|
||||
os-release \
|
||||
swtpm \
|
||||
"
|
||||
|
||||
IMAGE_LINGUAS ?= " "
|
||||
|
||||
LICENSE = "MIT"
|
||||
|
||||
inherit core-image
|
||||
|
||||
export IMAGE_BASENAME = "security-tpm2-image"
|
||||
@@ -0,0 +1,19 @@
|
||||
DESCRIPTION = "Security packagegroup for TPM i2c support"
|
||||
LICENSE = "MIT"
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
|
||||
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
|
||||
|
||||
inherit packagegroup
|
||||
|
||||
PACKAGES = "packagegroup-security-tpm-i2c"
|
||||
|
||||
SUMMARY:packagegroup-security-tpm-i2c = "Security TPM i2c support"
|
||||
RDEPENDS:packagegroup-security-tpm-i2c = " \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'packagegroup-security-tpm', '', d)} \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'packagegroup-security-tpm2', '', d)} \
|
||||
kernel-module-tpm-i2c-atmel \
|
||||
kernel-module-tpm-i2c-infineon \
|
||||
kernel-module-tpm-i2c-nuvoton \
|
||||
kernel-module-tpm-st33zp24 \
|
||||
kernel-module-tpm-st33zp24-i2c \
|
||||
"
|
||||
@@ -0,0 +1,34 @@
|
||||
DESCRIPTION = "Security packagegroup for Poky"
|
||||
LICENSE = "MIT"
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
|
||||
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
|
||||
|
||||
inherit packagegroup
|
||||
|
||||
PACKAGES = "packagegroup-security-tpm"
|
||||
|
||||
SUMMARY:packagegroup-security-tpm = "Security TPM support"
|
||||
RDEPENDS:packagegroup-security-tpm = " \
|
||||
tpm-tools \
|
||||
trousers \
|
||||
pcr-extend \
|
||||
tpm-quote-tools \
|
||||
swtpm \
|
||||
libhoth \
|
||||
openssl-tpm-engine \
|
||||
${X86_TPM_MODULES} \
|
||||
"
|
||||
|
||||
X86_TPM_MODULES ?= ""
|
||||
|
||||
X86_TPM_MODULES:x86 = " \
|
||||
kernel-module-tpm-atmel \
|
||||
kernel-module-tpm-infineon \
|
||||
kernel-module-tpm-nsc \
|
||||
"
|
||||
|
||||
X86_TPM_MODULES:x86-64 = " \
|
||||
kernel-module-tpm-atmel \
|
||||
kernel-module-tpm-infineon \
|
||||
kernel-module-tpm-nsc \
|
||||
"
|
||||
@@ -0,0 +1,23 @@
|
||||
DESCRIPTION = "TPM2 packagegroup for Security"
|
||||
LICENSE = "MIT"
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
|
||||
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
|
||||
|
||||
PACKAGE_ARCH = "${TUNE_PKGARCH}"
|
||||
|
||||
inherit packagegroup
|
||||
|
||||
PACKAGES = "${PN}"
|
||||
|
||||
SUMMARY:packagegroup-security-tpm2 = "Security TPM 2.0 support"
|
||||
RDEPENDS:packagegroup-security-tpm2 = " \
|
||||
tpm2-tools \
|
||||
trousers \
|
||||
tpm2-tss \
|
||||
libtss2-mu \
|
||||
libtss2-tcti-device \
|
||||
libtss2-tcti-mssim \
|
||||
libtss2 \
|
||||
tpm2-abrmd \
|
||||
tpm2-pkcs11 \
|
||||
"
|
||||
@@ -0,0 +1,14 @@
|
||||
DESCRIPTION = "Security packagegroup for Poky"
|
||||
LICENSE = "MIT"
|
||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
|
||||
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
|
||||
|
||||
inherit packagegroup
|
||||
|
||||
PACKAGES = "packagegroup-security-vtpm"
|
||||
|
||||
SUMMARY:packagegroup-security-vtpm = "Security Software vTPM support"
|
||||
RDEPENDS:packagegroup-security-vtpm = " \
|
||||
libtpm \
|
||||
swtpm \
|
||||
"
|
||||
@@ -0,0 +1,8 @@
|
||||
CONFIG_HW_RANDOM_TPM=y
|
||||
CONFIG_TCG_TPM=y
|
||||
CONFIG_TCG_TIS_CORE=y
|
||||
CONFIG_TCG_TIS=y
|
||||
CONFIG_SECURITYFS=y
|
||||
CONFIG_TCG_NSC=m
|
||||
CONFIG_TCG_ATMEL=m
|
||||
CONFIG_TCG_INFINEON=m
|
||||
@@ -0,0 +1,3 @@
|
||||
define KFEATURE_DESCRIPTION "Enable TPM"
|
||||
|
||||
kconf hardware tpm.cfg
|
||||
@@ -0,0 +1,6 @@
|
||||
CONFIG_HW_RANDOM_TPM=y
|
||||
CONFIG_TCG_TPM=y
|
||||
CONFIG_TCG_TIS_CORE=y
|
||||
CONFIG_TCG_TIS=y
|
||||
CONFIG_TCG_CRB=y
|
||||
CONFIG_SECURITYFS=y
|
||||
@@ -0,0 +1,3 @@
|
||||
define KFEATURE_DESCRIPTION "Enable TPM 2.0"
|
||||
|
||||
kconf hardware tpm2.cfg
|
||||
@@ -0,0 +1,15 @@
|
||||
CONFIG_HW_RANDOM_TPM=y
|
||||
CONFIG_TCG_TPM=y
|
||||
CONFIG_TCG_TIS_CORE=y
|
||||
CONFIG_TCG_TIS=y
|
||||
CONFIG_SECURITYFS=y
|
||||
|
||||
CONFIG_REGMAP_I2C=y
|
||||
CONFIG_I2C_BOARDINFO=y
|
||||
CONFIG_I2C_COMPAT=y
|
||||
CONFIG_RTC_I2C_AND_SPI=y
|
||||
|
||||
CONFIG_TCG_TIS_I2C_ATMEL=m
|
||||
CONFIG_TCG_TIS_I2C_INFINEON=m
|
||||
CONFIG_TCG_TIS_I2C_NUVOTON=m
|
||||
CONFIG_TCG_TIS_ST33ZP24_I2C=m
|
||||
@@ -0,0 +1,6 @@
|
||||
define KFEATURE_DESCRIPTION "Enable TPM i2c"
|
||||
|
||||
include features/i2c/i2c.scc
|
||||
|
||||
kconf hardware tpm_i2c.cfg
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
CONFIG_HW_RANDOM_TPM=y
|
||||
CONFIG_TCG_TPM=y
|
||||
CONFIG_TCG_VTPM_PROXY=y
|
||||
CONFIG_SECURITYFS=y
|
||||
~
|
||||
@@ -0,0 +1,4 @@
|
||||
define KFEATURE_DESCRIPTION "Enable vTPM"
|
||||
|
||||
kconf hardware vtpm.cfg
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
require ${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm tpm2', 'linux-yocto_tpm.inc', '', d)}
|
||||
@@ -0,0 +1,8 @@
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:"
|
||||
|
||||
SRC_URI += " \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \
|
||||
${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \
|
||||
"
|
||||
@@ -0,0 +1,16 @@
|
||||
SUMMARY = "LIBPM - Software TPM Library"
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
|
||||
|
||||
SRCREV = "f8c2dc7e12a730dcca4220d7ac5ad86d13dfd630"
|
||||
SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https"
|
||||
|
||||
PE = "1"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
inherit autotools-brokensep pkgconfig perlnative
|
||||
|
||||
PACKAGECONFIG ?= "openssl"
|
||||
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
|
||||
|
||||
BBCLASSEXTEND = "native"
|
||||
@@ -0,0 +1,49 @@
|
||||
SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools"
|
||||
LICENSE = "MIT"
|
||||
DEPENDS = "swtpm-native"
|
||||
|
||||
inherit native
|
||||
|
||||
# The whole point of the recipe is to make files available
|
||||
# for use after the build is done, so don't clean up...
|
||||
RM_WORK_EXCLUDE += "${PN}"
|
||||
|
||||
do_create_wrapper () {
|
||||
# Wrap (almost) all swtpm binaries. Some get special wrappers and some
|
||||
# are not needed.
|
||||
for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do
|
||||
exe=`basename $i`
|
||||
case $exe in
|
||||
swtpm_setup)
|
||||
cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF
|
||||
#! /bin/sh
|
||||
#
|
||||
# Wrapper around swtpm_setup which adds parameters required to
|
||||
# run the setup as non-root directly from the native sysroot.
|
||||
|
||||
PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
|
||||
export PATH
|
||||
|
||||
exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@"
|
||||
EOF
|
||||
;;
|
||||
*)
|
||||
cat >${WORKDIR}/${exe}_oe.sh <<EOF
|
||||
#! /bin/sh
|
||||
#
|
||||
# Wrapper around $exe which makes it easier to invoke
|
||||
# the right binary.
|
||||
|
||||
PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH"
|
||||
export PATH
|
||||
|
||||
exec ${exe} "\$@"
|
||||
EOF
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
chmod a+rx ${WORKDIR}/*.sh
|
||||
}
|
||||
|
||||
addtask do_create_wrapper before do_build after do_prepare_recipe_sysroot
|
||||
@@ -0,0 +1,50 @@
|
||||
SUMMARY = "SWTPM - Software TPM Emulator"
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
|
||||
SECTION = "apps"
|
||||
|
||||
# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
|
||||
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"
|
||||
|
||||
SRCREV = "2ae7b019370760e17f4f2675195a91ca53950eda"
|
||||
SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=master;protocol=https \
|
||||
"
|
||||
PE = "1"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
PARALLEL_MAKE = ""
|
||||
inherit autotools pkgconfig perlnative
|
||||
|
||||
TSS_USER="tss"
|
||||
TSS_GROUP="tss"
|
||||
|
||||
PACKAGECONFIG ?= "openssl gnutls"
|
||||
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
|
||||
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}"
|
||||
PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
|
||||
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
|
||||
# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is
|
||||
# used by swtpm-create-tpmca (the last two is provided by gnutls)
|
||||
# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert
|
||||
PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools"
|
||||
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
|
||||
PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse"
|
||||
PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
|
||||
|
||||
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
|
||||
|
||||
USERADD_PACKAGES = "${PN}"
|
||||
GROUPADD_PARAM:${PN} = "--system ${TSS_USER}"
|
||||
USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir / \
|
||||
--no-create-home --shell /bin/false ${BPN}"
|
||||
|
||||
|
||||
PACKAGE_BEFORE_PN = "${PN}-cuse"
|
||||
FILES:${PN}-cuse = "${bindir}/swtpm_cuse"
|
||||
|
||||
INSANE_SKIP:${PN} += "dev-so"
|
||||
|
||||
RDEPENDS:${PN} = "libtpm"
|
||||
|
||||
BBCLASSEXTEND = "native nativesdk"
|
||||
@@ -0,0 +1,17 @@
|
||||
SUMMARY = "Google Hoth USB library"
|
||||
DESCRIPTION = "Libraries and example programs for interacting with a \
|
||||
hoth-class root of trust."
|
||||
HOMEPAGE = "https://github.com/google/libhoth"
|
||||
|
||||
LICENSE = "Apache-2.0"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
|
||||
|
||||
SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main"
|
||||
SRCREV = "769296220dc88df33f4726aa11e39e049257b3c4"
|
||||
|
||||
DEPENDS += "libusb1"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit pkgconfig meson
|
||||
|
||||
+101
@@ -0,0 +1,101 @@
|
||||
Upstream-Status: Pending
|
||||
|
||||
commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
|
||||
Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
|
||||
Date: Wed Jun 19 18:57:13 2013 +0800
|
||||
|
||||
support well-known password in openssl-tpm-engine.
|
||||
|
||||
Add "-z" option to select well known password in create_tpm_key tool.
|
||||
|
||||
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
|
||||
|
||||
Index: git/src/create_tpm_key.c
|
||||
===================================================================
|
||||
--- git.orig/src/create_tpm_key.c
|
||||
+++ git/src/create_tpm_key.c
|
||||
@@ -48,6 +48,8 @@
|
||||
|
||||
#include "ssl_compat.h"
|
||||
|
||||
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
|
||||
+
|
||||
#define print_error(a,b) \
|
||||
fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
|
||||
a, b, Trspi_Error_String(b))
|
||||
@@ -72,6 +74,7 @@ usage(char *argv0)
|
||||
"\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
|
||||
"\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n"
|
||||
"\t\t-s|--key-size key size in bits [2048]\n"
|
||||
+ "\t\t-z|--zerokey use well known 20 bytes zero as SRK password.\n"
|
||||
"\t\t-a|--auth require a password for the key [NO]\n"
|
||||
"\t\t-p|--popup use TSS GUI popup dialogs to get the password "
|
||||
"for the\n\t\t\t\t key [NO] (implies --auth)\n"
|
||||
@@ -154,6 +157,7 @@ int main(int argc, char **argv)
|
||||
int asn1_len;
|
||||
char *filename, c, *openssl_key = NULL;
|
||||
int option_index, auth = 0, popup = 0, wrap = 0;
|
||||
+ int wellknownkey = 0;
|
||||
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
|
||||
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
|
||||
UINT32 key_size = 2048;
|
||||
@@ -161,12 +165,15 @@ int main(int argc, char **argv)
|
||||
|
||||
while (1) {
|
||||
option_index = 0;
|
||||
- c = getopt_long(argc, argv, "pe:q:s:ahw:",
|
||||
+ c = getopt_long(argc, argv, "pe:q:s:zahw:",
|
||||
long_options, &option_index);
|
||||
if (c == -1)
|
||||
break;
|
||||
|
||||
switch (c) {
|
||||
+ case 'z':
|
||||
+ wellknownkey = 1;
|
||||
+ break;
|
||||
case 'a':
|
||||
initFlags |= TSS_KEY_AUTHORIZATION;
|
||||
auth = 1;
|
||||
@@ -300,6 +307,8 @@ int main(int argc, char **argv)
|
||||
|
||||
if (srk_authusage) {
|
||||
char *authdata = calloc(1, 128);
|
||||
+ TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN;
|
||||
+ int authlen = 0;
|
||||
|
||||
if (!authdata) {
|
||||
fprintf(stderr, "malloc failed.\n");
|
||||
@@ -316,17 +325,26 @@ int main(int argc, char **argv)
|
||||
exit(result);
|
||||
}
|
||||
|
||||
- if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
|
||||
- Tspi_Context_CloseObject(hContext, hKey);
|
||||
- Tspi_Context_Close(hContext);
|
||||
- free(authdata);
|
||||
- exit(result);
|
||||
+ if (wellknownkey) {
|
||||
+ memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN);
|
||||
+ secretMode = TSS_SECRET_MODE_SHA1;
|
||||
+ authlen = TPM_WELL_KNOWN_KEY_LEN;
|
||||
+ }
|
||||
+ else {
|
||||
+ if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) {
|
||||
+ Tspi_Context_CloseObject(hContext, hKey);
|
||||
+ Tspi_Context_Close(hContext);
|
||||
+ free(authdata);
|
||||
+ exit(result);
|
||||
+ }
|
||||
+ secretMode = TSS_SECRET_MODE_PLAIN;
|
||||
+ authlen = strlen(authdata);
|
||||
}
|
||||
|
||||
//Set Secret
|
||||
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
|
||||
- TSS_SECRET_MODE_PLAIN,
|
||||
- strlen(authdata),
|
||||
+ secretMode,
|
||||
+ authlen,
|
||||
(BYTE *)authdata))) {
|
||||
print_error("Tspi_Policy_SetSecret", result);
|
||||
free(authdata);
|
||||
+82
@@ -0,0 +1,82 @@
|
||||
Upstream-Status: Pending
|
||||
|
||||
commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed
|
||||
Author: Junxian.Xiao <Junxian.Xiao@windriver.com>
|
||||
Date: Wed Jun 19 18:57:13 2013 +0800
|
||||
|
||||
support reading SRK password from env TPM_SRK_PW
|
||||
|
||||
Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially,
|
||||
use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password.
|
||||
|
||||
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
|
||||
|
||||
Index: git/src/e_tpm.c
|
||||
===================================================================
|
||||
--- git.orig/src/e_tpm.c
|
||||
+++ git/src/e_tpm.c
|
||||
@@ -38,6 +38,8 @@
|
||||
#include "e_tpm.h"
|
||||
#include "ssl_compat.h"
|
||||
|
||||
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
|
||||
+
|
||||
//#define DLOPEN_TSPI
|
||||
|
||||
#ifndef OPENSSL_NO_HW
|
||||
@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
|
||||
TSS_RESULT result;
|
||||
UINT32 authusage;
|
||||
BYTE *auth;
|
||||
+ char *srkPasswd = NULL;
|
||||
+ TSS_FLAG secretMode = secret_mode;
|
||||
+ int authlen = 0;
|
||||
+
|
||||
|
||||
if (hSRK != NULL_HKEY) {
|
||||
DBGFN("SRK is already loaded.");
|
||||
@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
|
||||
return 0;
|
||||
}
|
||||
|
||||
- if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
|
||||
- cb_data)) {
|
||||
- Tspi_Context_CloseObject(hContext, hSRK);
|
||||
- free(auth);
|
||||
- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
- return 0;
|
||||
+ srkPasswd = getenv("TPM_SRK_PW");
|
||||
+ if (NULL != srkPasswd) {
|
||||
+ if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
|
||||
+ memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
|
||||
+ secretMode = TSS_SECRET_MODE_SHA1;
|
||||
+ authlen = TPM_WELL_KNOWN_KEY_LEN;
|
||||
+ } else {
|
||||
+ int authbuflen = 128;
|
||||
+ memset(auth, 0, authbuflen);
|
||||
+ strncpy(auth, srkPasswd, authbuflen-1);
|
||||
+ secretMode = TSS_SECRET_MODE_PLAIN;
|
||||
+ authlen = strlen(auth);
|
||||
+ }
|
||||
+ }
|
||||
+ else {
|
||||
+ if (!tpm_engine_get_auth(ui, (char *)auth, 128,
|
||||
+ "SRK authorization: ", cb_data)) {
|
||||
+ Tspi_Context_CloseObject(hContext, hSRK);
|
||||
+ free(auth);
|
||||
+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ secretMode = secret_mode;
|
||||
+ authlen = strlen(auth);
|
||||
}
|
||||
|
||||
/* secret_mode is a global that may be set by engine ctrl
|
||||
* commands. By default, its set to TSS_SECRET_MODE_PLAIN */
|
||||
- if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
|
||||
- strlen((char *)auth), auth))) {
|
||||
+ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode,
|
||||
+ authlen, auth))) {
|
||||
Tspi_Context_CloseObject(hContext, hSRK);
|
||||
free(auth);
|
||||
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
+253
@@ -0,0 +1,253 @@
|
||||
From eb28ad92a2722fd30f8114840cf2b1ade26b80ee Mon Sep 17 00:00:00 2001
|
||||
From: Limeng <Meng.Li@windriver.com>
|
||||
Date: Fri, 23 Jun 2017 11:39:04 +0800
|
||||
Subject: [PATCH] tpm:openssl-tpm-engine:parse an encrypted tpm SRK password
|
||||
from env
|
||||
|
||||
Before, we support reading SRK password from env TPM_SRK_PW,
|
||||
but it is a plain password and not secure.
|
||||
So, we improve it and support to get an encrypted (AES algorithm)
|
||||
SRK password from env, and then parse it. The default decrypting
|
||||
AES password and salt is set in bb file.
|
||||
When we initialize TPM, and set a SRK pw, and then we need to
|
||||
encrypt it with the same AES password and salt by AES algorithm.
|
||||
At last, we set a env as below:
|
||||
export TPM_SRK_ENC_PW=xxxxxxxx
|
||||
"xxxxxxxx" is the encrypted SRK password for libtpm.so.
|
||||
|
||||
Signed-off-by: Meng Li <Meng.Li@windriver.com>
|
||||
---
|
||||
Upstream-Status: Pending
|
||||
|
||||
e_tpm.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
e_tpm.h | 4 ++
|
||||
e_tpm_err.c | 4 ++
|
||||
3 files changed, 164 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: git/src/e_tpm.c
|
||||
===================================================================
|
||||
--- git.orig/src/e_tpm.c
|
||||
+++ git/src/e_tpm.c
|
||||
@@ -259,6 +259,118 @@ void ENGINE_load_tpm(void)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
+static int tpm_decode_base64(unsigned char *indata,
|
||||
+ int in_len,
|
||||
+ unsigned char *outdata,
|
||||
+ int *out_len)
|
||||
+{
|
||||
+ int total_len, len, ret;
|
||||
+ EVP_ENCODE_CTX dctx;
|
||||
+
|
||||
+ EVP_DecodeInit(&dctx);
|
||||
+
|
||||
+ total_len = 0;
|
||||
+ ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len);
|
||||
+ if (ret < 0) {
|
||||
+ TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ total_len += len;
|
||||
+ ret = EVP_DecodeFinal(&dctx, outdata, &len);
|
||||
+ if (ret < 0) {
|
||||
+ TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ total_len += len;
|
||||
+
|
||||
+ *out_len = total_len;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len,
|
||||
+ unsigned char *outdata,
|
||||
+ int *out_len)
|
||||
+{
|
||||
+ int dec_data_len, dec_data_lenfinal;
|
||||
+ unsigned char dec_data[256];
|
||||
+ unsigned char *aes_pw;
|
||||
+ unsigned char aes_salt[PKCS5_SALT_LEN];
|
||||
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
|
||||
+ const EVP_CIPHER *cipher = NULL;
|
||||
+ const EVP_MD *dgst = NULL;
|
||||
+ EVP_CIPHER_CTX *ctx = NULL;
|
||||
+
|
||||
+ if (sizeof(SRK_DEC_SALT) - 1 > PKCS5_SALT_LEN) {
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ aes_pw = malloc(sizeof(SRK_DEC_PW) - 1);
|
||||
+ if (aes_pw == NULL) {
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ memset(aes_salt, 0x00, sizeof(aes_salt));
|
||||
+ memcpy(aes_pw, SRK_DEC_PW, sizeof(SRK_DEC_PW) - 1);
|
||||
+ memcpy(aes_salt, SRK_DEC_SALT, sizeof(SRK_DEC_SALT) - 1);
|
||||
+
|
||||
+ cipher = EVP_get_cipherbyname("aes-128-cbc");
|
||||
+ if (cipher == NULL) {
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ free(aes_pw);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ dgst = EVP_sha256();
|
||||
+
|
||||
+ EVP_BytesToKey(cipher, dgst, aes_salt, (unsigned char *)aes_pw, sizeof(SRK_DEC_PW) - 1, 1, key, iv);
|
||||
+
|
||||
+ ctx = EVP_CIPHER_CTX_new();
|
||||
+ /* Don't set key or IV right away; we want to check lengths */
|
||||
+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 0)) {
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ free(aes_pw);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
|
||||
+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
|
||||
+
|
||||
+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 0)) {
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ free(aes_pw);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if (!EVP_CipherUpdate(ctx, dec_data, &dec_data_len, indata, in_len)) {
|
||||
+ /* Error */
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ free(aes_pw);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if (!EVP_CipherFinal_ex(ctx, dec_data + dec_data_len, &dec_data_lenfinal)) {
|
||||
+ /* Error */
|
||||
+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED);
|
||||
+ free(aes_pw);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ dec_data_len = dec_data_len + dec_data_lenfinal;
|
||||
+
|
||||
+ memcpy(outdata, dec_data, dec_data_len);
|
||||
+ *out_len = dec_data_len;
|
||||
+
|
||||
+ free(aes_pw);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
int tpm_load_srk(UI_METHOD *ui, void *cb_data)
|
||||
{
|
||||
TSS_RESULT result;
|
||||
@@ -319,8 +431,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
|
||||
return 0;
|
||||
}
|
||||
|
||||
- srkPasswd = getenv("TPM_SRK_PW");
|
||||
+ srkPasswd = getenv("TPM_SRK_ENC_PW");
|
||||
if (NULL != srkPasswd) {
|
||||
+ int in_len = strlen(srkPasswd);
|
||||
+ int out_len;
|
||||
+ unsigned char *out_buf;
|
||||
+
|
||||
+ if (!in_len || in_len % 4) {
|
||||
+ Tspi_Context_CloseObject(hContext, hSRK);
|
||||
+ free(auth);
|
||||
+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ out_len = in_len * 3 / 4;
|
||||
+ out_buf = malloc(out_len);
|
||||
+ if (NULL == out_buf) {
|
||||
+ Tspi_Context_CloseObject(hContext, hSRK);
|
||||
+ free(auth);
|
||||
+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (tpm_decode_base64(srkPasswd, strlen(srkPasswd),
|
||||
+ out_buf, &out_len)) {
|
||||
+ Tspi_Context_CloseObject(hContext, hSRK);
|
||||
+ free(auth);
|
||||
+ free(out_buf);
|
||||
+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (tpm_decrypt_srk_pw(out_buf, out_len,
|
||||
+ auth, &authlen)) {
|
||||
+ Tspi_Context_CloseObject(hContext, hSRK);
|
||||
+ free(auth);
|
||||
+ free(out_buf);
|
||||
+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ secretMode = TSS_SECRET_MODE_PLAIN;
|
||||
+ free(out_buf);
|
||||
+ }
|
||||
+#ifdef TPM_SRK_PLAIN_PW
|
||||
+ else if (NULL != (srkPasswd = getenv("TPM_SRK_PW")) {
|
||||
if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
|
||||
memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
|
||||
secretMode = TSS_SECRET_MODE_SHA1;
|
||||
@@ -333,6 +487,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
|
||||
authlen = strlen(auth);
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
else {
|
||||
if (!tpm_engine_get_auth(ui, (char *)auth, 128,
|
||||
"SRK authorization: ", cb_data)) {
|
||||
Index: git/src/e_tpm.h
|
||||
===================================================================
|
||||
--- git.orig/src/e_tpm.h
|
||||
+++ git/src/e_tpm.h
|
||||
@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
|
||||
#define TPM_F_TPM_FILL_RSA_OBJECT 116
|
||||
#define TPM_F_TPM_ENGINE_GET_AUTH 117
|
||||
#define TPM_F_TPM_CREATE_SRK_POLICY 118
|
||||
+#define TPM_F_TPM_DECODE_BASE64 119
|
||||
+#define TPM_F_TPM_DECRYPT_SRK_PW 120
|
||||
|
||||
/* Reason codes. */
|
||||
#define TPM_R_ALREADY_LOADED 100
|
||||
@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int rea
|
||||
#define TPM_R_ID_INVALID 125
|
||||
#define TPM_R_UI_METHOD_FAILED 126
|
||||
#define TPM_R_UNKNOWN_SECRET_MODE 127
|
||||
+#define TPM_R_DECODE_BASE64_FAILED 128
|
||||
+#define TPM_R_DECRYPT_SRK_PW_FAILED 129
|
||||
|
||||
/* structure pointed to by the RSA object's app_data pointer */
|
||||
struct rsa_app_data
|
||||
Index: git/src/e_tpm_err.c
|
||||
===================================================================
|
||||
--- git.orig/src/e_tpm_err.c
|
||||
+++ git/src/e_tpm_err.c
|
||||
@@ -234,6 +234,8 @@ static ERR_STRING_DATA TPM_str_functs[]
|
||||
{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
|
||||
{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
|
||||
{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
|
||||
+ {ERR_PACK(0, TPM_F_TPM_DECODE_BASE64, 0), "TPM_DECODE_BASE64"},
|
||||
+ {ERR_PACK(0, TPM_F_TPM_DECRYPT_SRK_PW, 0), "TPM_DECRYPT_SRK_PW"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
@@ -264,6 +266,8 @@ static ERR_STRING_DATA TPM_str_reasons[]
|
||||
{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
|
||||
{TPM_R_ID_INVALID, "engine id doesn't match"},
|
||||
{TPM_R_UI_METHOD_FAILED, "ui function failed"},
|
||||
+ {TPM_R_DECODE_BASE64_FAILED, "decode base64 failed"},
|
||||
+ {TPM_R_DECRYPT_SRK_PW_FAILED, "decrypt srk password failed"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
+33
@@ -0,0 +1,33 @@
|
||||
From fb44e2814fd819c086f9a4c925427f89c0e8cec6 Mon Sep 17 00:00:00 2001
|
||||
From: Limeng <Meng.Li@windriver.com>
|
||||
Date: Fri, 21 Jul 2017 16:32:02 +0800
|
||||
Subject: [PATCH] tpm:openssl-tpm-engine: change variable c type from char
|
||||
into int
|
||||
|
||||
refer to getopt_long() function definition, its return value type is
|
||||
int. So, change variable c type from char into int.
|
||||
On arm platform, when getopt_long() calling fails, if we define c as
|
||||
char type, its value will be 255, not -1. This will cause code enter
|
||||
wrong case.
|
||||
|
||||
Signed-off-by: Meng Li <Meng.Li@windriver.com>
|
||||
---
|
||||
Upstream-Status: Pending
|
||||
|
||||
create_tpm_key.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: git/src/create_tpm_key.c
|
||||
===================================================================
|
||||
--- git.orig/src/create_tpm_key.c
|
||||
+++ git/src/create_tpm_key.c
|
||||
@@ -155,7 +155,8 @@ int main(int argc, char **argv)
|
||||
ASN1_OCTET_STRING *blob_str;
|
||||
unsigned char *blob_asn1 = NULL;
|
||||
int asn1_len;
|
||||
- char *filename, c, *openssl_key = NULL;
|
||||
+ char *filename, *openssl_key = NULL;
|
||||
+ int c;
|
||||
int option_index, auth = 0, popup = 0, wrap = 0;
|
||||
int wellknownkey = 0;
|
||||
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
|
||||
+34
@@ -0,0 +1,34 @@
|
||||
Fix compiling for openssl 1.1
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
Index: git/src/e_tpm.c
|
||||
===================================================================
|
||||
--- git.orig/src/e_tpm.c
|
||||
+++ git/src/e_tpm.c
|
||||
@@ -265,19 +265,20 @@ static int tpm_decode_base64(unsigned ch
|
||||
int *out_len)
|
||||
{
|
||||
int total_len, len, ret;
|
||||
- EVP_ENCODE_CTX dctx;
|
||||
+ EVP_ENCODE_CTX *dctx;
|
||||
|
||||
- EVP_DecodeInit(&dctx);
|
||||
+ dctx = EVP_ENCODE_CTX_new();
|
||||
+ EVP_DecodeInit(dctx);
|
||||
|
||||
total_len = 0;
|
||||
- ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len);
|
||||
+ ret = EVP_DecodeUpdate(dctx, outdata, &len, indata, in_len);
|
||||
if (ret < 0) {
|
||||
TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
total_len += len;
|
||||
- ret = EVP_DecodeFinal(&dctx, outdata, &len);
|
||||
+ ret = EVP_DecodeFinal(dctx, outdata, &len);
|
||||
if (ret < 0) {
|
||||
TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
|
||||
return 1;
|
||||
@@ -0,0 +1,65 @@
|
||||
DESCRIPTION = "OpenSSL secure engine based on TPM hardware"
|
||||
HOMEPAGE = "https://github.com/mgerstner/openssl_tpm_engine"
|
||||
SECTION = "security/tpm"
|
||||
|
||||
LICENSE = "OpenSSL"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
|
||||
|
||||
DEPENDS += "openssl trousers"
|
||||
|
||||
SRC_URI = "\
|
||||
git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \
|
||||
file://0001-create-tpm-key-support-well-known-key-option.patch \
|
||||
file://0002-libtpm-support-env-TPM_SRK_PW.patch \
|
||||
file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
|
||||
file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \
|
||||
file://openssl11_build_fix.patch \
|
||||
"
|
||||
SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit autotools-brokensep pkgconfig
|
||||
|
||||
# The definitions below are used to decrypt the srk password.
|
||||
# It is allowed to define the values in 3 forms: string, hex number and
|
||||
# the hybrid, e.g,
|
||||
# srk_dec_pw = "incendia"
|
||||
# srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61"
|
||||
# srk_dec_pw = "\x1""nc""\x3""nd""\x1""a"
|
||||
#
|
||||
# Due to the limit of escape character, the hybrid must be written in
|
||||
# above style. The actual values defined below in C code style are:
|
||||
# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' };
|
||||
# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' };
|
||||
srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\""
|
||||
srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\""
|
||||
|
||||
CFLAGS:append = " -DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}"
|
||||
|
||||
# Uncomment below line if using the plain srk password for development
|
||||
#CFLAGS:append = " -DTPM_SRK_PLAIN_PW"
|
||||
|
||||
do_configure:prepend() {
|
||||
cd ${B}
|
||||
cp LICENSE COPYING
|
||||
touch NEWS AUTHORS ChangeLog README
|
||||
}
|
||||
|
||||
FILES:${PN}-staticdev += "${libdir}/ssl/engines-3/tpm.la"
|
||||
FILES:${PN}-dbg += "\
|
||||
${libdir}/ssl/engines-3/.debug \
|
||||
${libdir}/engines-3/.debug \
|
||||
${prefix}/local/ssl/lib/engines-3/.debug \
|
||||
"
|
||||
FILES:${PN} += "\
|
||||
${libdir}/ssl/engines-3/tpm.so* \
|
||||
${libdir}/engines-3/tpm.so* \
|
||||
${libdir}/libtpm.so* \
|
||||
${prefix}/local/ssl/lib/engines-3/tpm.so* \
|
||||
"
|
||||
|
||||
RDEPENDS:${PN} += "libcrypto libtspi"
|
||||
|
||||
INSANE_SKIP:${PN} = "libdir"
|
||||
INSANE_SKIP:${PN}-dbg = "libdir"
|
||||
@@ -0,0 +1,45 @@
|
||||
Enable building with openssl 1.1
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
Index: git/src/pcr-extend.c
|
||||
===================================================================
|
||||
--- git.orig/src/pcr-extend.c
|
||||
+++ git/src/pcr-extend.c
|
||||
@@ -118,7 +118,7 @@ dump_buf (FILE *file, char *buf, size_t
|
||||
static unsigned char*
|
||||
sha1_file (FILE *file, unsigned int *hash_len)
|
||||
{
|
||||
- EVP_MD_CTX ctx = { 0 };
|
||||
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
||||
unsigned char *buf = NULL, *hash = NULL;
|
||||
size_t num_read = 0;
|
||||
|
||||
@@ -127,7 +127,7 @@ sha1_file (FILE *file, unsigned int *has
|
||||
perror ("malloc:\n");
|
||||
goto sha1_fail;
|
||||
}
|
||||
- if (EVP_DigestInit (&ctx, EVP_sha1 ()) == 0) {
|
||||
+ if (EVP_DigestInit (ctx, EVP_sha1 ()) == 0) {
|
||||
ERR_print_errors_fp (stderr);
|
||||
goto sha1_fail;
|
||||
}
|
||||
@@ -135,7 +135,7 @@ sha1_file (FILE *file, unsigned int *has
|
||||
num_read = fread (buf, 1, BUF_SIZE, file);
|
||||
if (num_read <= 0)
|
||||
break;
|
||||
- if (EVP_DigestUpdate (&ctx, buf, num_read) == 0) {
|
||||
+ if (EVP_DigestUpdate (ctx, buf, num_read) == 0) {
|
||||
ERR_print_errors_fp (stderr);
|
||||
goto sha1_fail;
|
||||
}
|
||||
@@ -149,7 +149,7 @@ sha1_file (FILE *file, unsigned int *has
|
||||
perror ("calloc of hash buffer:\n");
|
||||
goto sha1_fail;
|
||||
}
|
||||
- if (EVP_DigestFinal (&ctx, hash, hash_len) == 0) {
|
||||
+ if (EVP_DigestFinal (ctx, hash, hash_len) == 0) {
|
||||
ERR_print_errors_fp (stderr);
|
||||
goto sha1_fail;
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
SUMMARY = "Command line utility to extend hash of arbitrary data into a TPMs PCR."
|
||||
HOMEPAGE = "https://github.com/flihp/pcr-extend"
|
||||
SECTION = "security/tpm"
|
||||
LICENSE = "GPL-2.0-only"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
|
||||
|
||||
DEPENDS = "libtspi"
|
||||
|
||||
PV = "0.1+git${SRCPV}"
|
||||
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"
|
||||
|
||||
SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \
|
||||
file://fix_openssl11_build.patch "
|
||||
|
||||
inherit autotools
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
do_compile() {
|
||||
oe_runmake -C ${S}/src
|
||||
}
|
||||
|
||||
do_install() {
|
||||
install -d ${D}${bindir}
|
||||
oe_runmake -C ${S}/src DESTDIR="${D}" install
|
||||
}
|
||||
@@ -0,0 +1,22 @@
|
||||
SUMMARY = "The TPM Quote Tools is a collection of programs that provide support \
|
||||
for TPM based attestation using the TPM quote mechanism. \
|
||||
"
|
||||
DESCRIPTION = "The TPM Quote Tools is a collection of programs that provide support \
|
||||
for TPM based attestation using the TPM quote mechanism. The manual \
|
||||
page for tpm_quote_tools provides a usage overview. \
|
||||
\
|
||||
TPM Quote Tools has been tested with TrouSerS on Linux and NTRU on \
|
||||
Windows XP. It was ported to Windows using MinGW and MSYS. \
|
||||
"
|
||||
HOMEPAGE = "https://sourceforge.net/projects/tpmquotetools/"
|
||||
SECTION = "security/tpm"
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f"
|
||||
|
||||
DEPENDS = "libtspi tpm-tools"
|
||||
|
||||
SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master"
|
||||
SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
inherit autotools
|
||||
@@ -0,0 +1,56 @@
|
||||
Title: Fix FTBFS with clang due to uninitialized values
|
||||
Date: 2015-06-28
|
||||
Author: Alexander <sanek23994@gmail.com>
|
||||
Bug-Debian: http://bugs.debian.org/753063
|
||||
|
||||
Upstream-Status: Backport
|
||||
tpm-tools_1.3.9.1-0.1.debian.tar
|
||||
|
||||
Signed-off-by: Armin kuster <akuster808@gmail.com>
|
||||
|
||||
--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c 2012-05-17 21:49:58.000000000 +0400
|
||||
+++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_present.c 2014-06-29 01:01:11.502081468 +0400
|
||||
@@ -165,7 +165,7 @@
|
||||
|
||||
TSS_BOOL bCmd, bHwd;
|
||||
BOOL bRc;
|
||||
- TSS_HPOLICY hTpmPolicy;
|
||||
+ TSS_HPOLICY hTpmPolicy = 0;
|
||||
char *pwd = NULL;
|
||||
int pswd_len;
|
||||
char rsp[5];
|
||||
--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_takeownership.c 2010-09-30 21:28:09.000000000 +0400
|
||||
+++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_takeownership.c 2014-06-29 01:01:51.069373655 +0400
|
||||
@@ -67,7 +67,7 @@
|
||||
char *szSrkPasswd = NULL;
|
||||
int tpm_len, srk_len;
|
||||
TSS_HTPM hTpm;
|
||||
- TSS_HKEY hSrk;
|
||||
+ TSS_HKEY hSrk = 0;
|
||||
TSS_FLAG fSrkAttrs;
|
||||
TSS_HPOLICY hTpmPolicy, hSrkPolicy;
|
||||
int iRc = -1;
|
||||
--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvwrite.c 2011-08-17 16:20:35.000000000 +0400
|
||||
+++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_nvwrite.c 2014-06-29 01:02:45.836397172 +0400
|
||||
@@ -220,7 +220,7 @@
|
||||
close(fd);
|
||||
fd = -1;
|
||||
} else if (fillvalue >= 0) {
|
||||
- if (length < 0) {
|
||||
+ if (length == 0) {
|
||||
logError(_("Requiring size parameter.\n"));
|
||||
return -1;
|
||||
}
|
||||
--- tpm-tools-1.3.8/src/data_mgmt/data_protect.c 2012-05-17 21:49:58.000000000 +0400
|
||||
+++ tpm-tools-1.3.8-my/src/data_mgmt/data_protect.c 2014-06-29 01:03:49.863254459 +0400
|
||||
@@ -432,8 +432,8 @@
|
||||
|
||||
char *pszPin = NULL;
|
||||
|
||||
- CK_RV rv;
|
||||
- CK_SESSION_HANDLE hSession;
|
||||
+ CK_RV rv = 0;
|
||||
+ CK_SESSION_HANDLE hSession = 0;
|
||||
CK_OBJECT_HANDLE hObject;
|
||||
CK_MECHANISM tMechanism = { CKM_AES_ECB, NULL, 0 };
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
Upstream-Status: Pending
|
||||
Update to build with openssl 1.1.x
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
Index: git/src/cmds/tpm_extendpcr.c
|
||||
===================================================================
|
||||
--- git.orig/src/cmds/tpm_extendpcr.c
|
||||
+++ git/src/cmds/tpm_extendpcr.c
|
||||
@@ -136,7 +136,7 @@ int main(int argc, char **argv)
|
||||
|
||||
unsigned char msg[EVP_MAX_MD_SIZE];
|
||||
unsigned int msglen;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
||||
EVP_DigestInit(&ctx, EVP_sha1());
|
||||
while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0)
|
||||
EVP_DigestUpdate(&ctx, line, lineLen);
|
||||
@@ -0,0 +1,246 @@
|
||||
Upstream-Status: Pending
|
||||
|
||||
Index: git/include/tpm_tspi.h
|
||||
===================================================================
|
||||
--- git.orig/include/tpm_tspi.h
|
||||
+++ git/include/tpm_tspi.h
|
||||
@@ -117,6 +117,10 @@ TSS_RESULT tpmPcrRead(TSS_HTPM a_hTpm, U
|
||||
UINT32 *a_PcrSize, BYTE **a_PcrValue);
|
||||
TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx,
|
||||
UINT32 a_PcrSize, BYTE *a_PcrValue);
|
||||
+TSS_RESULT tpmPcrExtend(TSS_HTPM a_hTpm, UINT32 a_Idx,
|
||||
+ UINT32 a_DataSize, BYTE *a_Data,
|
||||
+ TSS_PCR_EVENT *a_Event,
|
||||
+ UINT32 *a_PcrSize, BYTE **a_PcrValue);
|
||||
#ifdef TSS_LIB_IS_12
|
||||
TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v);
|
||||
TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue);
|
||||
Index: git/lib/tpm_tspi.c
|
||||
===================================================================
|
||||
--- git.orig/lib/tpm_tspi.c
|
||||
+++ git/lib/tpm_tspi.c
|
||||
@@ -594,6 +594,20 @@ pcrcompositeSetPcrValue(TSS_HPCRS a_hPcr
|
||||
return result;
|
||||
}
|
||||
|
||||
+TSS_RESULT
|
||||
+tpmPcrExtend(TSS_HTPM a_hTpm, UINT32 a_Idx,
|
||||
+ UINT32 a_DataSize, BYTE *a_Data,
|
||||
+ TSS_PCR_EVENT *a_Event,
|
||||
+ UINT32 *a_PcrSize, BYTE **a_PcrValue)
|
||||
+{
|
||||
+ TSS_RESULT result =
|
||||
+ Tspi_TPM_PcrExtend(a_hTpm, a_Idx, a_DataSize, a_Data, a_Event,
|
||||
+ a_PcrSize, a_PcrValue);
|
||||
+ tspiResult("Tspi_TPM_PcrExtend", result);
|
||||
+
|
||||
+ return result;
|
||||
+}
|
||||
+
|
||||
#ifdef TSS_LIB_IS_12
|
||||
/*
|
||||
* These getPasswd functions will wrap calls to the other functions and check to see if the TSS
|
||||
Index: git/src/cmds/Makefile.am
|
||||
===================================================================
|
||||
--- git.orig/src/cmds/Makefile.am
|
||||
+++ git/src/cmds/Makefile.am
|
||||
@@ -22,6 +22,7 @@
|
||||
#
|
||||
|
||||
bin_PROGRAMS = tpm_sealdata \
|
||||
+ tpm_extendpcr \
|
||||
tpm_unsealdata
|
||||
|
||||
if TSS_LIB_IS_12
|
||||
@@ -33,4 +34,5 @@ endif
|
||||
LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto @INTLLIBS@
|
||||
|
||||
tpm_sealdata_SOURCES = tpm_sealdata.c
|
||||
+tpm_extendpcr_SOURCES = tpm_extendpcr.c
|
||||
tpm_unsealdata_SOURCES = tpm_unsealdata.c
|
||||
Index: git/src/cmds/tpm_extendpcr.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/src/cmds/tpm_extendpcr.c
|
||||
@@ -0,0 +1,181 @@
|
||||
+/*
|
||||
+ * The Initial Developer of the Original Code is International
|
||||
+ * Business Machines Corporation. Portions created by IBM
|
||||
+ * Corporation are Copyright (C) 2005, 2006 International Business
|
||||
+ * Machines Corporation. All Rights Reserved.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify
|
||||
+ * it under the terms of the Common Public License as published by
|
||||
+ * IBM Corporation; either version 1 of the License, or (at your option)
|
||||
+ * any later version.
|
||||
+ *
|
||||
+ * This program is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * Common Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the Common Public License
|
||||
+ * along with this program; if not, a copy can be viewed at
|
||||
+ * http://www.opensource.org/licenses/cpl1.0.php.
|
||||
+ */
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/sha.h>
|
||||
+#include <limits.h>
|
||||
+#include "tpm_tspi.h"
|
||||
+#include "tpm_utils.h"
|
||||
+#include "tpm_seal.h"
|
||||
+
|
||||
+// #define TPM_EXTENDPCR_DEBUG
|
||||
+
|
||||
+static void help(const char *aCmd)
|
||||
+{
|
||||
+ logCmdHelp(aCmd);
|
||||
+ logCmdOption("-i, --infile FILE",
|
||||
+ _
|
||||
+ ("Filename containing data to extend PCRs with. Default is STDIN."));
|
||||
+ logCmdOption("-p, --pcr NUMBER",
|
||||
+ _("PCR to extend."));
|
||||
+
|
||||
+}
|
||||
+
|
||||
+static char in_filename[PATH_MAX] = "";
|
||||
+static TSS_HPCRS hPcrs = NULL_HPCRS;
|
||||
+static TSS_HTPM hTpm;
|
||||
+static UINT32 selectedPcrs[24];
|
||||
+static UINT32 selectedPcrsLen = 0;
|
||||
+TSS_HCONTEXT hContext = 0;
|
||||
+
|
||||
+static int parse(const int aOpt, const char *aArg)
|
||||
+{
|
||||
+ int rc = -1;
|
||||
+
|
||||
+ switch (aOpt) {
|
||||
+ case 'i':
|
||||
+ if (aArg) {
|
||||
+ strncpy(in_filename, aArg, PATH_MAX);
|
||||
+ rc = 0;
|
||||
+ }
|
||||
+ break;
|
||||
+ case 'p':
|
||||
+ if (aArg) {
|
||||
+ selectedPcrs[selectedPcrsLen++] = atoi(aArg);
|
||||
+ rc = 0;
|
||||
+ }
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+ return rc;
|
||||
+
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char **argv)
|
||||
+{
|
||||
+
|
||||
+ int iRc = -1;
|
||||
+ struct option opts[] = {
|
||||
+ {"infile", required_argument, NULL, 'i'},
|
||||
+ {"pcr", required_argument, NULL, 'p'},
|
||||
+ };
|
||||
+ unsigned char line[EVP_MD_block_size(EVP_sha1()) * 16];
|
||||
+ int lineLen;
|
||||
+ UINT32 i;
|
||||
+
|
||||
+ BIO *bin = NULL;
|
||||
+
|
||||
+ initIntlSys();
|
||||
+
|
||||
+ if (genericOptHandler(argc, argv, "i:p:", opts,
|
||||
+ sizeof(opts) / sizeof(struct option), parse,
|
||||
+ help) != 0)
|
||||
+ goto out;
|
||||
+
|
||||
+ if (contextCreate(&hContext) != TSS_SUCCESS)
|
||||
+ goto out;
|
||||
+
|
||||
+ if (contextConnect(hContext) != TSS_SUCCESS)
|
||||
+ goto out_close;
|
||||
+
|
||||
+ if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
|
||||
+ goto out_close;
|
||||
+
|
||||
+ /* Create a BIO for the input file */
|
||||
+ if ((bin = BIO_new(BIO_s_file())) == NULL) {
|
||||
+ logError(_("Unable to open input BIO\n"));
|
||||
+ goto out_close;
|
||||
+ }
|
||||
+
|
||||
+ /* Assign the input file to the BIO */
|
||||
+ if (strlen(in_filename) == 0)
|
||||
+ BIO_set_fp(bin, stdin, BIO_NOCLOSE);
|
||||
+ else if (!BIO_read_filename(bin, in_filename)) {
|
||||
+ logError(_("Unable to open input file: %s\n"),
|
||||
+ in_filename);
|
||||
+ goto out_close;
|
||||
+ }
|
||||
+
|
||||
+ /* Create the PCRs object. If any PCRs above 15 are selected, this will need to be
|
||||
+ * a 1.2 TSS/TPM */
|
||||
+ if (selectedPcrsLen) {
|
||||
+ TSS_FLAG initFlag = 0;
|
||||
+ UINT32 pcrSize;
|
||||
+ BYTE *pcrValue;
|
||||
+
|
||||
+ for (i = 0; i < selectedPcrsLen; i++) {
|
||||
+ if (selectedPcrs[i] > 15) {
|
||||
+#ifdef TSS_LIB_IS_12
|
||||
+ initFlag |= TSS_PCRS_STRUCT_INFO_LONG;
|
||||
+#else
|
||||
+ logError(_("This version of %s was compiled for a v1.1 TSS, which "
|
||||
+ "can only seal\n data to PCRs 0-15. PCR %u is out of range"
|
||||
+ "\n"), argv[0], selectedPcrs[i]);
|
||||
+ goto out_close;
|
||||
+#endif
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ unsigned char msg[EVP_MAX_MD_SIZE];
|
||||
+ unsigned int msglen;
|
||||
+ EVP_MD_CTX ctx;
|
||||
+ EVP_DigestInit(&ctx, EVP_sha1());
|
||||
+ while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0)
|
||||
+ EVP_DigestUpdate(&ctx, line, lineLen);
|
||||
+ EVP_DigestFinal(&ctx, msg, &msglen);
|
||||
+
|
||||
+ if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag,
|
||||
+ &hPcrs) != TSS_SUCCESS)
|
||||
+ goto out_close;
|
||||
+
|
||||
+ for (i = 0; i < selectedPcrsLen; i++) {
|
||||
+#ifdef TPM_EXTENDPCR_DEBUG
|
||||
+ if (tpmPcrRead(hTpm, selectedPcrs[i], &pcrSize, &pcrValue) != TSS_SUCCESS)
|
||||
+ goto out_close;
|
||||
+
|
||||
+ unsigned int j;
|
||||
+ for (j = 0; j < pcrSize; j++)
|
||||
+ printf("%02X ", pcrValue[j]);
|
||||
+ printf("\n");
|
||||
+#endif
|
||||
+
|
||||
+ if (tpmPcrExtend(hTpm, selectedPcrs[i], msglen, msg, NULL, &pcrSize, &pcrValue) != TSS_SUCCESS)
|
||||
+ goto out_close;
|
||||
+
|
||||
+#ifdef TPM_EXTENDPCR_DEBUG
|
||||
+ for (j = 0; j < pcrSize; j++)
|
||||
+ printf("%02X ", pcrValue[j]);
|
||||
+ printf("\n");
|
||||
+#endif
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ iRc = 0;
|
||||
+ logSuccess(argv[0]);
|
||||
+
|
||||
+out_close:
|
||||
+ contextClose(hContext);
|
||||
+
|
||||
+out:
|
||||
+ if (bin)
|
||||
+ BIO_free(bin);
|
||||
+ return iRc;
|
||||
+}
|
||||
@@ -0,0 +1,35 @@
|
||||
SUMMARY = "The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM."
|
||||
DESCRIPTION = " \
|
||||
The tpm-tools package contains commands to allow the platform administrator \
|
||||
the ability to manage and diagnose the platform's TPM. Additionally, the \
|
||||
package contains commands to utilize some of the capabilities available \
|
||||
in the TPM PKCS#11 interface implemented in the openCryptoki project. \
|
||||
"
|
||||
SECTION = "tpm"
|
||||
LICENSE = "CPL-1.0"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
|
||||
|
||||
DEPENDS = "libtspi openssl perl-native"
|
||||
DEPENDS:class-native = "trousers-native"
|
||||
|
||||
SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
|
||||
SRC_URI = " \
|
||||
git://git.code.sf.net/p/trousers/tpm-tools;branch=master \
|
||||
file://tpm-tools-extendpcr.patch \
|
||||
file://04-fix-FTBFS-clang.patch \
|
||||
file://openssl1.1_fix.patch \
|
||||
"
|
||||
|
||||
inherit autotools-brokensep gettext
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
do_configure:prepend () {
|
||||
mkdir -p po
|
||||
mkdir -p m4
|
||||
cp -R po_/* po/
|
||||
touch po/Makefile.in.in
|
||||
touch m4/Makefile.am
|
||||
}
|
||||
|
||||
BBCLASSEXTEND = "native"
|
||||
+68
@@ -0,0 +1,68 @@
|
||||
From 3396fc7a184293c23135161f034802062f7f3816 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com>
|
||||
Date: Wed, 1 Nov 2017 11:41:48 +0000
|
||||
Subject: [PATCH] build: don't override --localstatedir --mandir --sysconfdir
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
It is currently impossible to override localstatedir,
|
||||
mandir and sysconfdir during ./configure, because they
|
||||
are being overriden unconditionally because of they
|
||||
way trousers is built using rpmbuild.
|
||||
|
||||
If they need massaging for rpmbuild, the values should
|
||||
be specified inside the spec file, not in ./configure
|
||||
and thereby overriding user-requested values.
|
||||
|
||||
With this patch it is now possible to set above
|
||||
locations as needed. The .spec file is being modified
|
||||
as well so as to restore previous behaviour.
|
||||
|
||||
Signed-off-by: André Draszik <adraszik@tycoint.com>
|
||||
---
|
||||
Upstream-Status: Submitted [https://sourceforge.net/p/trousers/mailman/message/36099290/]
|
||||
Signed-off-by: André Draszik <adraszik@tycoint.com>
|
||||
configure.ac | 11 ++---------
|
||||
dist/trousers.spec.in | 2 +-
|
||||
2 files changed, 3 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index b9626af..7fe5f8e 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -376,16 +376,9 @@ CFLAGS="$CFLAGS -I../include \
|
||||
KERNEL_VERSION=`uname -r`
|
||||
AC_SUBST(CFLAGS)
|
||||
|
||||
-# When we build the rpms, prefix will be /usr. This'll do some things that make sense,
|
||||
-# like put our sbin stuff in /usr/sbin and our library in /usr/lib. It'll do some other
|
||||
-# things that don't make sense like put our config file in /usr/etc. So, I'll just hack
|
||||
-# it here. If the --prefix option isn't specified during configure, let it all go to
|
||||
+# If the --prefix option isn't specified during configure, let it all go to
|
||||
# /usr/local, even /usr/local/etc. :-P
|
||||
-if test x"${prefix}" = x"/usr"; then
|
||||
- sysconfdir="/etc"
|
||||
- localstatedir="/var"
|
||||
- mandir="/usr/share/man"
|
||||
-elif test x"${prefix}" = x"NONE"; then
|
||||
+if test x"${prefix}" = x"NONE"; then
|
||||
localstatedir="/usr/local/var"
|
||||
fi
|
||||
|
||||
diff --git a/dist/trousers.spec.in b/dist/trousers.spec.in
|
||||
index b298b0e..10ef178 100644
|
||||
--- a/dist/trousers.spec.in
|
||||
+++ b/dist/trousers.spec.in
|
||||
@@ -45,7 +45,7 @@ applications.
|
||||
|
||||
%build
|
||||
%{?arch64:export PKG_CONFIG_PATH=%{pkgconfig_path}:$PKG_CONFIG_PATH}
|
||||
-./configure --prefix=/usr --libdir=%{_libdir}
|
||||
+./configure --prefix=/usr --libdir=%{_libdir} --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man
|
||||
make
|
||||
|
||||
%clean
|
||||
--
|
||||
2.15.0.rc1
|
||||
|
||||
+49
@@ -0,0 +1,49 @@
|
||||
trousers: fix compiling with musl
|
||||
|
||||
use POSIX getpwent instead of getpwent_r
|
||||
|
||||
Upstream-Status: Submitted
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
|
||||
Index: git/src/tspi/ps/tspps.c
|
||||
===================================================================
|
||||
--- git.orig/src/tspi/ps/tspps.c
|
||||
+++ git/src/tspi/ps/tspps.c
|
||||
@@ -66,9 +66,6 @@ get_user_ps_path(char **file)
|
||||
TSS_RESULT result;
|
||||
char *file_name = NULL, *home_dir = NULL;
|
||||
struct passwd *pwp;
|
||||
-#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
|
||||
- struct passwd pw;
|
||||
-#endif
|
||||
struct stat stat_buf;
|
||||
char buf[PASSWD_BUFSIZE];
|
||||
uid_t euid;
|
||||
@@ -96,24 +93,15 @@ get_user_ps_path(char **file)
|
||||
#else
|
||||
setpwent();
|
||||
while (1) {
|
||||
-#if (defined (__linux) || defined (linux) || defined(__GLIBC__))
|
||||
- rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp);
|
||||
- if (rc) {
|
||||
- LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s",
|
||||
- strerror(rc));
|
||||
- endpwent();
|
||||
- return TSPERR(TSS_E_INTERNAL_ERROR);
|
||||
- }
|
||||
-
|
||||
-#elif (defined (__FreeBSD__) || defined (__OpenBSD__))
|
||||
if ((pwp = getpwent()) == NULL) {
|
||||
LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s",
|
||||
strerror(rc));
|
||||
endpwent();
|
||||
+#if (defined (__FreeBSD__) || defined (__OpenBSD__))
|
||||
MUTEX_UNLOCK(user_ps_path);
|
||||
+#endif
|
||||
return TSPERR(TSS_E_INTERNAL_ERROR);
|
||||
}
|
||||
-#endif
|
||||
if (euid == pwp->pw_uid) {
|
||||
home_dir = strdup(pwp->pw_dir);
|
||||
break;
|
||||
@@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=TCG Core Services Daemon
|
||||
After=syslog.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=@SBINDIR@/tcsd
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,2 @@
|
||||
# trousers daemon expects tpm device to be owned by tss user & group
|
||||
KERNEL=="tpm[0-9]*", MODE="0600", OWNER="tss", GROUP="tss"
|
||||
@@ -0,0 +1,67 @@
|
||||
#!/bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: tcsd trousers
|
||||
# Required-Start: $local_fs $remote_fs $network
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# Should-Start:
|
||||
# Should-Stop:
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: starts tcsd
|
||||
# Description: tcsd belongs to the TrouSerS TCG Software Stack
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/sbin/tcsd
|
||||
NAME=tcsd
|
||||
DESC="Trusted Computing daemon"
|
||||
USER="tss"
|
||||
|
||||
test -x "${DAEMON}" || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
case "${1}" in
|
||||
start)
|
||||
echo "Starting $DESC: "
|
||||
|
||||
if [ ! -e /dev/tpm* ]
|
||||
then
|
||||
echo "device driver not loaded, skipping."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
start-stop-daemon --start --quiet --oknodo \
|
||||
--pidfile /var/run/${NAME}.pid --make-pidfile --background \
|
||||
--user ${USER} --chuid ${USER} \
|
||||
--exec ${DAEMON} -- ${DAEMON_OPTS} --foreground
|
||||
RETVAL="$?"
|
||||
echo "$NAME."
|
||||
exit $RETVAL
|
||||
;;
|
||||
|
||||
stop)
|
||||
echo "Stopping $DESC: "
|
||||
|
||||
start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --exec ${DAEMON}
|
||||
RETVAL="$?"
|
||||
echo "$NAME."
|
||||
rm -f /var/run/${NAME}.pid
|
||||
exit $RETVAL
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
"${0}" stop
|
||||
sleep 1
|
||||
"${0}" start
|
||||
exit $?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: ${NAME} {start|stop|restart|force-reload|status}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
@@ -0,0 +1,120 @@
|
||||
SUMMARY = "TrouSerS - An open-source TCG Software Stack implementation."
|
||||
LICENSE = "BSD-3-Clause"
|
||||
HOMEPAGE = "http://sourceforge.net/projects/trousers/"
|
||||
LIC_FILES_CHKSUM = "file://README;startline=3;endline=4;md5=2af28fbed0832e4d83a9e6dd68bb4413"
|
||||
SECTION = "security/tpm"
|
||||
|
||||
DEPENDS = "openssl"
|
||||
|
||||
SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
|
||||
PV = "0.3.15+git${SRCPV}"
|
||||
|
||||
SRC_URI = " \
|
||||
git://git.code.sf.net/p/trousers/trousers;branch=master \
|
||||
file://trousers.init.sh \
|
||||
file://trousers-udev.rules \
|
||||
file://tcsd.service \
|
||||
file://get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch \
|
||||
file://0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch \
|
||||
"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit autotools pkgconfig useradd update-rc.d ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
|
||||
|
||||
PACKAGECONFIG ?= "gmp "
|
||||
PACKAGECONFIG[gmp] = "--with-gmp, --with-gmp=no, gmp"
|
||||
PACKAGECONFIG[gtk] = "--with-gui=gtk, --with-gui=none, gtk+"
|
||||
|
||||
do_install () {
|
||||
oe_runmake DESTDIR=${D} install
|
||||
}
|
||||
|
||||
do_install:append() {
|
||||
install -d ${D}${sysconfdir}/init.d
|
||||
install -m 0755 ${WORKDIR}/trousers.init.sh ${D}${sysconfdir}/init.d/trousers
|
||||
install -d ${D}${sysconfdir}/udev/rules.d
|
||||
install -m 0644 ${WORKDIR}/trousers-udev.rules ${D}${sysconfdir}/udev/rules.d/45-trousers.rules
|
||||
|
||||
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
|
||||
install -d ${D}${systemd_unitdir}/system
|
||||
install -m 0644 ${WORKDIR}/tcsd.service ${D}${systemd_unitdir}/system/
|
||||
sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/tcsd.service
|
||||
fi
|
||||
}
|
||||
|
||||
CONFFILES:${PN} += "${sysconfig}/tcsd.conf"
|
||||
|
||||
PROVIDES = "${PACKAGES}"
|
||||
PACKAGES = " \
|
||||
libtspi \
|
||||
libtspi-dbg \
|
||||
libtspi-dev \
|
||||
libtspi-doc \
|
||||
libtspi-staticdev \
|
||||
trousers \
|
||||
trousers-dbg \
|
||||
trousers-doc \
|
||||
"
|
||||
|
||||
# libtspi needs tcsd for most (all?) operations, so suggest to
|
||||
# install that.
|
||||
RRECOMMENDS:libtspi = "${PN}"
|
||||
|
||||
FILES:libtspi = " \
|
||||
${libdir}/*.so.1 \
|
||||
${libdir}/*.so.1.2.0 \
|
||||
"
|
||||
FILES:libtspi-dbg = " \
|
||||
${libdir}/.debug \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tspi \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/trspi \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/*.h \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/tss \
|
||||
"
|
||||
FILES:libtspi-dev = " \
|
||||
${includedir} \
|
||||
${libdir}/*.so \
|
||||
"
|
||||
FILES:libtspi-doc = " \
|
||||
${mandir}/man3 \
|
||||
"
|
||||
FILES:libtspi-staticdev = " \
|
||||
${libdir}/*.la \
|
||||
${libdir}/*.a \
|
||||
"
|
||||
FILES:${PN} = " \
|
||||
${sbindir}/tcsd \
|
||||
${sysconfdir} \
|
||||
${localstatedir} \
|
||||
"
|
||||
|
||||
FILES:${PN}-dev += "${libdir}/trousers"
|
||||
|
||||
FILES:${PN}-dbg = " \
|
||||
${sbindir}/.debug \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tcs \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tcsd \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tddl \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/trousers \
|
||||
${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/trousers \
|
||||
"
|
||||
FILES:${PN}-doc = " \
|
||||
${mandir}/man5 \
|
||||
${mandir}/man8 \
|
||||
"
|
||||
|
||||
FILES:${PN} += "${systemd_unitdir}/*"
|
||||
|
||||
INITSCRIPT_NAME = "trousers"
|
||||
INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ."
|
||||
|
||||
USERADD_PACKAGES = "${PN}"
|
||||
GROUPADD_PARAM:${PN} = "--system tss"
|
||||
USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
|
||||
|
||||
SYSTEMD_PACKAGES = "${PN}"
|
||||
SYSTEMD_SERVICE:${PN} = "tcsd.service"
|
||||
SYSTEMD_AUTO_ENABLE = "disable"
|
||||
|
||||
BBCLASSEXTEND = "native"
|
||||
@@ -0,0 +1,51 @@
|
||||
1) Allow recipe to overide optimization.
|
||||
|
||||
fixes:
|
||||
|
||||
397 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
|
||||
| | ^~~~~~~
|
||||
| cc1: all warnings being treated as errors
|
||||
|
||||
2) Allow recipe to override OE related compile-/link-flags
|
||||
|
||||
fixes:
|
||||
|
||||
ERROR: QA Issue: File /usr/bin/tpm_server in package ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags]
|
||||
|
||||
Upstream-Status: Inappropriate [OE specific]
|
||||
|
||||
Signed-off-by: Jens Rehsack <sno@NetBSD.org>
|
||||
|
||||
Index: src/makefile
|
||||
===================================================================
|
||||
--- src.orig/makefile
|
||||
+++ src/makefile
|
||||
@@ -38,13 +38,11 @@
|
||||
#################################################################################
|
||||
|
||||
|
||||
-CC = /usr/bin/gcc
|
||||
-
|
||||
CCFLAGS = -Wall \
|
||||
-Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
|
||||
-Werror -Wsign-compare \
|
||||
-Wno-deprecated-declarations \
|
||||
- -c -ggdb -O0 \
|
||||
+ -c -ggdb -O \
|
||||
-DTPM_POSIX \
|
||||
-D_POSIX_ \
|
||||
-DTPM_NUVOTON
|
||||
@@ -80,11 +78,11 @@ TcpServerPosix.o : $(HEADERS)
|
||||
.PRECIOUS: %.o
|
||||
|
||||
tpm_server: $(OBJFILES)
|
||||
- $(CC) $(OBJFILES) $(LNFLAGS) -o tpm_server
|
||||
+ $(CCLD) $(OBJFILES) $(LDFLAGS) $(LNFLAGS) -o tpm_server
|
||||
|
||||
clean:
|
||||
rm -f *.o tpm_server *~
|
||||
|
||||
%.o: %.c
|
||||
- $(CC) $(CCFLAGS) $< -o $@
|
||||
+ $(CC) $(CCFLAGS) $(CFLAGS) $< -o $@
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
SUMMARY = "IBM's Software TPM 2.0"
|
||||
DESCRIPTION = "The software TPM 2.0 is targeted toward application development, \
|
||||
education, and virtualization. \
|
||||
\
|
||||
The intent is that an application can be developed using the software TPM. \
|
||||
The application should then run using a hardware TPM without changes. \
|
||||
Advantages of this approach: \
|
||||
* In contrast to a hardware TPM, it runs on many platforms and it's generally faster. \
|
||||
* Application software errors are easily reversed by simply removing the TPM state and starting over. \
|
||||
* Difficult crypto errors are quickly debugged by looking inside the TPM."
|
||||
HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmswtpm2.html"
|
||||
LICENSE = "BSD-2-Clause"
|
||||
SECTION = "securty/tpm"
|
||||
LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
|
||||
LIC_FILES_CHKSUM += "file://LICENSE;md5=c75e465155c42c14154bf6a2acb7347b"
|
||||
|
||||
DEPENDS = "openssl"
|
||||
|
||||
SRC_URI = "git://git.code.sf.net/p/ibmswtpm2/tpm2;protocol=https;branch=master \
|
||||
file://tune-makefile.patch \
|
||||
"
|
||||
SRCREV = "5452af422edeff70fcae8ea99dd28a0922051d7b"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
|
||||
|
||||
S = "${WORKDIR}/git/src"
|
||||
|
||||
CFLAGS += "-Wno-error=maybe-uninitialized -DALG_CAMELLIA=ALG_NO"
|
||||
|
||||
do_compile () {
|
||||
make CC='${CC}'
|
||||
}
|
||||
|
||||
do_install () {
|
||||
install -d ${D}/${bindir}
|
||||
install -m 0755 tpm_server ${D}/${bindir}
|
||||
}
|
||||
+121
@@ -0,0 +1,121 @@
|
||||
From 26091b7830d84a12308442b238652ee9475d407b Mon Sep 17 00:00:00 2001
|
||||
From: Jens Rehsack <sno@netbsd.org>
|
||||
Date: Fri, 11 Sep 2020 07:46:41 +0200
|
||||
Subject: [PATCH] utils{,12}/Makefile.am: expand wildcards in prereqs
|
||||
|
||||
Expand wildcards of required sources to avoid errors like:
|
||||
make[2]: *** No rule to make target 'man/man1/*.1', needed by 'all-am'. Stop.
|
||||
make[2]: *** Waiting for unfinished jobs....
|
||||
|
||||
Upstream-Status: Submitted
|
||||
|
||||
Signed-off-by: Jens Rehsack <sno@netbsd.org>
|
||||
---
|
||||
utils/Makefile.am | 75 +++++++++++++++++++++++++++++++++++++++++++--
|
||||
utils12/Makefile.am | 8 ++++-
|
||||
2 files changed, 79 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: git/utils/Makefile.am
|
||||
===================================================================
|
||||
--- git.orig/utils/Makefile.am
|
||||
+++ git/utils/Makefile.am
|
||||
@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
|
||||
|
||||
noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
|
||||
# install every header in ibmtss
|
||||
-nobase_include_HEADERS = ibmtss/*.h
|
||||
+nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
|
||||
+ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
|
||||
+ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
|
||||
+ ibmtss/ClockSet_fp.h ibmtss/Commit_fp.h ibmtss/ContextLoad_fp.h ibmtss/ContextSave_fp.h \
|
||||
+ ibmtss/CreateEndorsementKeyPair_fp.h ibmtss/Create_fp.h ibmtss/CreateLoaded_fp.h \
|
||||
+ ibmtss/CreatePrimary_fp.h ibmtss/CreateWrapKey_fp.h ibmtss/DictionaryAttackLockReset_fp.h \
|
||||
+ ibmtss/DictionaryAttackParameters_fp.h ibmtss/Duplicate_fp.h ibmtss/ECC_Parameters_fp.h \
|
||||
+ ibmtss/ECDH_KeyGen_fp.h ibmtss/ECDH_ZGen_fp.h ibmtss/EC_Ephemeral_fp.h ibmtss/EncryptDecrypt2_fp.h \
|
||||
+ ibmtss/EncryptDecrypt_fp.h ibmtss/EventSequenceComplete_fp.h ibmtss/EvictControl_fp.h ibmtss/Extend_fp.h \
|
||||
+ ibmtss/FlushContext_fp.h ibmtss/FlushSpecific_fp.h ibmtss/GetCapability12_fp.h ibmtss/GetCapability_fp.h \
|
||||
+ ibmtss/GetCommandAuditDigest_fp.h ibmtss/GetRandom_fp.h ibmtss/GetSessionAuditDigest_fp.h \
|
||||
+ ibmtss/GetTestResult_fp.h ibmtss/GetTime_fp.h ibmtss/Hash_fp.h ibmtss/HashSequenceStart_fp.h \
|
||||
+ ibmtss/HierarchyChangeAuth_fp.h ibmtss/HierarchyControl_fp.h ibmtss/HMAC_fp.h ibmtss/HMAC_Start_fp.h \
|
||||
+ ibmtss/Implementation.h ibmtss/Import_fp.h ibmtss/IncrementalSelfTest_fp.h ibmtss/LoadExternal_fp.h \
|
||||
+ ibmtss/Load_fp.h ibmtss/LoadKey2_fp.h ibmtss/MakeCredential_fp.h ibmtss/MakeIdentity_fp.h ibmtss/NTC_fp.h \
|
||||
+ ibmtss/NV_Certify_fp.h ibmtss/NV_ChangeAuth_fp.h ibmtss/NV_DefineSpace12_fp.h ibmtss/NV_DefineSpace_fp.h \
|
||||
+ ibmtss/NV_Extend_fp.h ibmtss/NV_GlobalWriteLock_fp.h ibmtss/NV_Increment_fp.h ibmtss/NV_Read_fp.h \
|
||||
+ ibmtss/NV_ReadLock_fp.h ibmtss/NV_ReadPublic_fp.h ibmtss/NV_ReadValueAuth_fp.h ibmtss/NV_ReadValue_fp.h \
|
||||
+ ibmtss/NV_SetBits_fp.h ibmtss/NV_UndefineSpace_fp.h ibmtss/NV_UndefineSpaceSpecial_fp.h ibmtss/NV_Write_fp.h \
|
||||
+ ibmtss/NV_WriteLock_fp.h ibmtss/NV_WriteValueAuth_fp.h ibmtss/NV_WriteValue_fp.h ibmtss/ObjectChangeAuth_fp.h \
|
||||
+ ibmtss/OIAP_fp.h ibmtss/OSAP_fp.h ibmtss/OwnerReadInternalPub_fp.h ibmtss/OwnerSetDisable_fp.h \
|
||||
+ ibmtss/Parameters12.h ibmtss/Parameters.h ibmtss/PCR_Allocate_fp.h ibmtss/PCR_Event_fp.h ibmtss/PCR_Extend_fp.h \
|
||||
+ ibmtss/PcrRead12_fp.h ibmtss/PCR_Read_fp.h ibmtss/PCR_Reset12_fp.h ibmtss/PCR_Reset_fp.h ibmtss/PCR_SetAuthPolicy_fp.h \
|
||||
+ ibmtss/PCR_SetAuthValue_fp.h ibmtss/PolicyAuthorize_fp.h ibmtss/PolicyAuthorizeNV_fp.h ibmtss/PolicyAuthValue_fp.h \
|
||||
+ ibmtss/PolicyCommandCode_fp.h ibmtss/PolicyCounterTimer_fp.h ibmtss/PolicyCpHash_fp.h ibmtss/PolicyDuplicationSelect_fp.h \
|
||||
+ ibmtss/PolicyGetDigest_fp.h ibmtss/PolicyLocality_fp.h ibmtss/PolicyNameHash_fp.h ibmtss/PolicyNV_fp.h \
|
||||
+ ibmtss/PolicyNvWritten_fp.h ibmtss/PolicyOR_fp.h ibmtss/PolicyPassword_fp.h ibmtss/PolicyPCR_fp.h \
|
||||
+ ibmtss/PolicyPhysicalPresence_fp.h ibmtss/PolicyRestart_fp.h ibmtss/PolicySecret_fp.h ibmtss/PolicySigned_fp.h \
|
||||
+ ibmtss/PolicyTemplate_fp.h ibmtss/PolicyTicket_fp.h ibmtss/PP_Commands_fp.h ibmtss/Quote2_fp.h ibmtss/Quote_fp.h \
|
||||
+ ibmtss/ReadClock_fp.h ibmtss/ReadPubek_fp.h ibmtss/ReadPublic_fp.h ibmtss/Rewrap_fp.h ibmtss/RSA_Decrypt_fp.h \
|
||||
+ ibmtss/RSA_Encrypt_fp.h ibmtss/SelfTest_fp.h ibmtss/SequenceComplete_fp.h ibmtss/SequenceUpdate_fp.h \
|
||||
+ ibmtss/SetAlgorithmSet_fp.h ibmtss/SetCommandCodeAuditStatus_fp.h ibmtss/SetPrimaryPolicy_fp.h ibmtss/Shutdown_fp.h \
|
||||
+ ibmtss/Sign12_fp.h ibmtss/Sign_fp.h ibmtss/StartAuthSession_fp.h ibmtss/Startup12_fp.h ibmtss/Startup_fp.h \
|
||||
+ ibmtss/StirRandom_fp.h ibmtss/TakeOwnership_fp.h ibmtss/TestParms_fp.h ibmtss/TPMB.h ibmtss/TpmBuildSwitches.h \
|
||||
+ ibmtss/tpmconstants12.h ibmtss/tpmstructures12.h ibmtss/tpmtypes12.h ibmtss/TPM_Types.h ibmtss/tsscrypto.h \
|
||||
+ ibmtss/tsscryptoh.h ibmtss/tsserror12.h ibmtss/tsserror.h ibmtss/tssfile.h ibmtss/tss.h ibmtss/tssmarshal12.h \
|
||||
+ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
|
||||
+ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
|
||||
+ ibmtss/ZGen_2Phase_fp.h
|
||||
|
||||
-notrans_man_MANS = man/man1/*.1
|
||||
+notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
|
||||
+ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
|
||||
+ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
|
||||
+ man/man1/tsscontextload.1 man/man1/tsscontextsave.1 man/man1/tsscreate.1 man/man1/tsscreateek.1 \
|
||||
+ man/man1/tsscreateekcert.1 man/man1/tsscreateloaded.1 man/man1/tsscreateprimary.1 \
|
||||
+ man/man1/tssdictionaryattacklockreset.1 man/man1/tssdictionaryattackparameters.1 man/man1/tssduplicate.1 \
|
||||
+ man/man1/tsseccparameters.1 man/man1/tssecephemeral.1 man/man1/tssencryptdecrypt.1 man/man1/tsseventextend.1 \
|
||||
+ man/man1/tsseventsequencecomplete.1 man/man1/tssevictcontrol.1 man/man1/tssflushcontext.1 man/man1/tssgetcapability.1 \
|
||||
+ man/man1/tssgetcommandauditdigest.1 man/man1/tssgetcryptolibrary.1 man/man1/tssgetrandom.1 \
|
||||
+ man/man1/tssgetsessionauditdigest.1 man/man1/tssgettestresult.1 man/man1/tssgettime.1 man/man1/tsshash.1 \
|
||||
+ man/man1/tsshashsequencestart.1 man/man1/tsshierarchychangeauth.1 man/man1/tsshierarchycontrol.1 \
|
||||
+ man/man1/tsshmac.1 man/man1/tsshmacstart.1 man/man1/tssimaextend.1 man/man1/tssimport.1 man/man1/tssimportpem.1 \
|
||||
+ man/man1/tssload.1 man/man1/tssloadexternal.1 man/man1/tssmakecredential.1 man/man1/tssntc2getconfig.1 \
|
||||
+ man/man1/tssntc2lockconfig.1 man/man1/tssntc2preconfig.1 man/man1/tssnvcertify.1 man/man1/tssnvchangeauth.1 \
|
||||
+ man/man1/tssnvdefinespace.1 man/man1/tssnvextend.1 man/man1/tssnvglobalwritelock.1 man/man1/tssnvincrement.1 \
|
||||
+ man/man1/tssnvread.1 man/man1/tssnvreadlock.1 man/man1/tssnvreadpublic.1 man/man1/tssnvsetbits.1 \
|
||||
+ man/man1/tssnvundefinespace.1 man/man1/tssnvundefinespacespecial.1 man/man1/tssnvwrite.1 man/man1/tssnvwritelock.1 \
|
||||
+ man/man1/tssobjectchangeauth.1 man/man1/tsspcrallocate.1 man/man1/tsspcrevent.1 man/man1/tsspcrextend.1 \
|
||||
+ man/man1/tsspcrread.1 man/man1/tsspcrreset.1 man/man1/tsspolicyauthorize.1 man/man1/tsspolicyauthorizenv.1 \
|
||||
+ man/man1/tsspolicyauthvalue.1 man/man1/tsspolicycommandcode.1 man/man1/tsspolicycountertimer.1 \
|
||||
+ man/man1/tsspolicycphash.1 man/man1/tsspolicyduplicationselect.1 man/man1/tsspolicygetdigest.1 \
|
||||
+ man/man1/tsspolicymaker.1 man/man1/tsspolicymakerpcr.1 man/man1/tsspolicynamehash.1 man/man1/tsspolicynv.1 \
|
||||
+ man/man1/tsspolicynvwritten.1 man/man1/tsspolicyor.1 man/man1/tsspolicypassword.1 man/man1/tsspolicypcr.1 \
|
||||
+ man/man1/tsspolicyrestart.1 man/man1/tsspolicysecret.1 man/man1/tsspolicysigned.1 man/man1/tsspolicytemplate.1 \
|
||||
+ man/man1/tsspolicyticket.1 man/man1/tsspowerup.1 man/man1/tssprintattr.1 man/man1/tsspublicname.1 \
|
||||
+ man/man1/tssquote.1 man/man1/tssreadclock.1 man/man1/tssreadpublic.1 man/man1/tssreturncode.1 \
|
||||
+ man/man1/tssrewrap.1 man/man1/tssrsadecrypt.1 man/man1/tssrsaencrypt.1 man/man1/tsssequencecomplete.1 \
|
||||
+ man/man1/tsssequenceupdate.1 man/man1/tsssetcommandcodeauditstatus.1 man/man1/tsssetprimarypolicy.1 \
|
||||
+ man/man1/tssshutdown.1 man/man1/tsssign.1 man/man1/tsssignapp.1 man/man1/tssstartauthsession.1 \
|
||||
+ man/man1/tssstartup.1 man/man1/tssstirrandom.1 man/man1/tsstimepacket.1 man/man1/tsstpm2pem.1 \
|
||||
+ man/man1/tsstpmcmd.1 man/man1/tsstpmpublic2eccpoint.1 man/man1/tssunseal.1 man/man1/tssverifysignature.1 \
|
||||
+ man/man1/tsswriteapp.1 man/man1/tsszgen2phase.1
|
||||
|
||||
if CONFIG_TPM20
|
||||
noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
|
||||
Index: git/utils12/Makefile.am
|
||||
===================================================================
|
||||
--- git.orig/utils12/Makefile.am
|
||||
+++ git/utils12/Makefile.am
|
||||
@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
|
||||
# result: [current-age].age.revision
|
||||
libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
|
||||
|
||||
-notrans_man_MANS = man/man1/*.1
|
||||
+notrans_man_MANS = man/man1/tss1activateidentity.1 man/man1/tss1createekcert.1 man/man1/tss1createendorsementkeypair.1 \
|
||||
+ man/man1/tss1createwrapkey.1 man/man1/tss1eventextend.1 man/man1/tss1extend.1 man/man1/tss1flushspecific.1 \
|
||||
+ man/man1/tss1getcapability.1 man/man1/tss1imaextend.1 man/man1/tss1loadkey2.1 man/man1/tss1makeekblob.1 \
|
||||
+ man/man1/tss1makeidentity.1 man/man1/tss1nvdefinespace.1 man/man1/tss1nvreadvalue.1 man/man1/tss1nvreadvalueauth.1 \
|
||||
+ man/man1/tss1nvwritevalue.1 man/man1/tss1nvwritevalueauth.1 man/man1/tss1oiap.1 man/man1/tss1osap.1 \
|
||||
+ man/man1/tss1ownerreadinternalpub.1 man/man1/tss1ownersetdisable.1 man/man1/tss1pcrread.1 man/man1/tss1quote2.1 \
|
||||
+ man/man1/tss1sign.1 man/man1/tss1startup.1 man/man1/tss1takeownership.1 man/man1/tss1tpminit.1
|
||||
noinst_HEADERS = ekutils12.h
|
||||
|
||||
bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
|
||||
@@ -0,0 +1,31 @@
|
||||
SUMMARY = "IBM's Software TPM 2.0 TSS"
|
||||
DESCRIPTION = "This is a user space TSS for TPM 2.0. It implements the \
|
||||
functionality equivalent to (but not API compatible with) the TCG TSS \
|
||||
working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a \
|
||||
hopefully simpler interface. \
|
||||
It comes with over 110 'TPM tools' samples that can be used for scripted \
|
||||
apps, rapid prototyping, education, and debugging. \
|
||||
It also comes with a web based TPM interface, suitable for a demo to an \
|
||||
audience that is unfamiliar with TCG technology. It is also useful for \
|
||||
basic TPM management."
|
||||
HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmtss2.html"
|
||||
LICENSE = "BSD-2-Clause"
|
||||
SECTION = "securty/tpm"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
|
||||
|
||||
DEPENDS = "openssl ibmswtpm2"
|
||||
|
||||
inherit autotools pkgconfig
|
||||
|
||||
SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573"
|
||||
SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \
|
||||
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
|
||||
"
|
||||
|
||||
UPSTREAM_CHECK_COMMITS = "1"
|
||||
UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
|
||||
UPSTREAM_CHECK_GITTAGREGEX = "rev.*)"
|
||||
|
||||
EXTRA_OECONF = "--disable-tpm-1.2"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
@@ -0,0 +1,65 @@
|
||||
#!/bin/sh
|
||||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: tpm2-abrmd
|
||||
# Required-Start: $local_fs $remote_fs $network
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# Should-Start:
|
||||
# Should-Stop:
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: starts tpm2-abrmd
|
||||
# Description: tpm2-abrmd implements the TCG resource manager
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/sbin/tpm2-abrmd
|
||||
NAME=tpm2-abrmd
|
||||
DESC="TCG TSS2 Access Broker and Resource Management daemon"
|
||||
USER="tss"
|
||||
|
||||
test -x "${DAEMON}" || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
case "${1}" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
|
||||
if [ ! -e /dev/tpm? ]
|
||||
then
|
||||
echo "device driver not loaded, skipping."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
start-stop-daemon --start --quiet --oknodo --background --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}
|
||||
RETVAL="$?"
|
||||
echo "$NAME."
|
||||
[ "$RETVAL" = 0 ] && pidof $DAEMON > /var/run/${NAME}.pid
|
||||
exit $RETVAL
|
||||
;;
|
||||
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
|
||||
start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --exec ${DAEMON}
|
||||
RETVAL="$?"
|
||||
echo "$NAME."
|
||||
rm -f /var/run/${NAME}.pid
|
||||
exit $RETVAL
|
||||
;;
|
||||
|
||||
restart|force-reload)
|
||||
"${0}" stop
|
||||
sleep 1
|
||||
"${0}" start
|
||||
exit $?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: ${NAME} {start|stop|restart|force-reload|status}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
@@ -0,0 +1 @@
|
||||
DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transients=20 --flush-all"
|
||||
@@ -0,0 +1,54 @@
|
||||
SUMMARY = "TPM2 Access Broker & Resource Manager"
|
||||
DESCRIPTION = "This is a system daemon implementing the TPM2 access \
|
||||
broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \
|
||||
is implemented using Glib and the GObject system. In this documentation and \
|
||||
in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \
|
||||
"
|
||||
SECTION = "security/tpm"
|
||||
|
||||
LICENSE = "BSD-2-Clause"
|
||||
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
|
||||
|
||||
DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
|
||||
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
|
||||
|
||||
SRC_URI = "\
|
||||
https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
|
||||
file://tpm2-abrmd-init.sh \
|
||||
file://tpm2-abrmd.default \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "d59aff34164aa705b05155b86607f6b66918a433104f754a3fcf76216dd9f465"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
inherit autotools pkgconfig systemd update-rc.d useradd
|
||||
|
||||
SYSTEMD_PACKAGES += "${PN}"
|
||||
SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service"
|
||||
SYSTEMD_AUTO_ENABLE:${PN} = "disable"
|
||||
|
||||
INITSCRIPT_NAME = "${PN}"
|
||||
INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ."
|
||||
|
||||
USERADD_PACKAGES = "${PN}"
|
||||
GROUPADD_PARAM:${PN} = "tss"
|
||||
USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
|
||||
|
||||
PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
|
||||
PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no"
|
||||
|
||||
do_install:append() {
|
||||
install -d "${D}${sysconfdir}/init.d"
|
||||
install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd"
|
||||
|
||||
install -d "${D}${sysconfdir}/default"
|
||||
install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd"
|
||||
}
|
||||
|
||||
FILES:${PN} += "${libdir}/systemd/system-preset \
|
||||
${datadir}/dbus-1"
|
||||
|
||||
RDEPENDS:${PN} += "tpm2-tss"
|
||||
|
||||
BBCLASSEXTEND = "native"
|
||||
@@ -0,0 +1,21 @@
|
||||
SUMMARY = "Provider for integration of TPM 2.0 to OpenSSL 3.0"
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=b75785ac083d3c3ca04d99d9e4e1fbab"
|
||||
|
||||
DEPENDS = "autoconf-archive-native tpm2-tss openssl"
|
||||
|
||||
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
|
||||
|
||||
SRC_URI[sha256sum] = "5a9bb0c6c61d026272b8843cbc291b5dfa9a55c1661a513b1c980807ad2dad01"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
inherit autotools pkgconfig
|
||||
|
||||
do_configure:prepend() {
|
||||
# do not extract the version number from git
|
||||
sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
|
||||
}
|
||||
|
||||
FILES:${PN} = "\
|
||||
${libdir}/ossl-modules/tpm2.so"
|
||||
@@ -0,0 +1,47 @@
|
||||
SUMMARY = "A PKCS#11 interface for TPM2 hardware"
|
||||
DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token."
|
||||
SECTION = "security/tpm"
|
||||
LICENSE = "BSD-2-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"
|
||||
|
||||
DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"
|
||||
|
||||
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
|
||||
|
||||
SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
inherit autotools-brokensep pkgconfig python3native
|
||||
|
||||
EXTRA_OECONF += "--disable-ptool-checks"
|
||||
|
||||
do_compile:append() {
|
||||
cd ${S}/tools
|
||||
python3 setup.py build
|
||||
}
|
||||
|
||||
do_install:append() {
|
||||
cd ${S}/tools
|
||||
export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}"
|
||||
${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
|
||||
|
||||
sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool
|
||||
}
|
||||
|
||||
PACKAGES =+ "${PN}-tools"
|
||||
|
||||
FILES:${PN}-tools = "\
|
||||
${bindir}/tpm2_ptool \
|
||||
${libdir}/${PYTHON_DIR}/* \
|
||||
"
|
||||
|
||||
FILES:${PN} += "\
|
||||
${libdir}/pkcs11/* \
|
||||
${datadir}/p11-kit/* \
|
||||
"
|
||||
|
||||
INSANE_SKIP:${PN} += "dev-so"
|
||||
|
||||
RDEPENDS:${PN} = "p11-kit tpm2-tools "
|
||||
RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"
|
||||
@@ -0,0 +1,27 @@
|
||||
Upstream-Status: Inappropriate [OE specific]
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
Index: git/configure.ac
|
||||
===================================================================
|
||||
--- git.orig/configure.ac
|
||||
+++ git/configure.ac
|
||||
@@ -84,9 +84,6 @@ AC_ARG_WITH([efi-lds],
|
||||
AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
|
||||
[],
|
||||
[with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
|
||||
-AC_CHECK_FILE(["${with_efi_lds}"],
|
||||
- [],
|
||||
- [AC_MSG_ERROR([Missing file: ${with_efi_lds}.])])
|
||||
EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
|
||||
|
||||
# path to object file from gnu-efi
|
||||
@@ -94,9 +91,6 @@ AC_ARG_WITH([efi-crt0],
|
||||
AS_HELP_STRING([--with-efi-crt0=OBJ_PATH],[Path to gnu-efi crt0 object file.]),
|
||||
[],
|
||||
[with_efi_crt0="/usr/lib/crt0-efi-${ARCH}.o"])
|
||||
-AC_CHECK_FILE(["${with_efi_crt0}"],
|
||||
- [],
|
||||
- [AC_MSG_ERROR([Missing ${with_efi_crt0} file.])])
|
||||
EXTRA_LDLIBS="${with_efi_crt0}"
|
||||
|
||||
# check for efi and gnuefi libraries
|
||||
@@ -0,0 +1,25 @@
|
||||
Error building for i386 target in cross env
|
||||
|
||||
#include <efi/x86_64/efibind.h>
|
||||
|
||||
ARCH is host arch, not target arch
|
||||
|
||||
Upstream-Status: Submitted
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
Index: git/src/uefi-types.h
|
||||
===================================================================
|
||||
--- git.orig/src/uefi-types.h
|
||||
+++ git/src/uefi-types.h
|
||||
@@ -3,9 +3,9 @@
|
||||
#define UEFI_TYPES_H
|
||||
|
||||
#ifndef EDK2_BUILD
|
||||
-#if ARCH == x86_64
|
||||
+#if defined(__x86_64__)
|
||||
#include <efi/x86_64/efibind.h>
|
||||
-#elif ARCH == ia32
|
||||
+#elif defined(__i386__)
|
||||
#include <efi/ia32/efibind.h>
|
||||
#else
|
||||
#error "Unsupported ARCH."
|
||||
+38
@@ -0,0 +1,38 @@
|
||||
From b74837184cfdefb45e48f3fdc974fc67691fc861 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
|
||||
Date: Wed, 3 Jul 2019 19:16:35 +0300
|
||||
Subject: [PATCH] configure.ac: stop inserting host directories into compile
|
||||
path
|
||||
|
||||
Do not insert /usr/lib and /usr/lib64 into library search path.
|
||||
|
||||
Upstream-Status: Inappropriate [OE specific]
|
||||
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
|
||||
---
|
||||
configure.ac | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: git/configure.ac
|
||||
===================================================================
|
||||
--- git.orig/configure.ac
|
||||
+++ git/configure.ac
|
||||
@@ -70,10 +70,6 @@ EXTRA_CFLAGS+="-I${with_efi_includedir}
|
||||
# compiler flags / search path
|
||||
CFLAGS_TMP="$CFLAGS"
|
||||
CFLAGS="$CFLAGS $EXTRA_CFLAGS"
|
||||
-AC_CHECK_HEADERS([efi.h efilib.h],
|
||||
- [],
|
||||
- [AC_MSG_ERROR([Missing gnu-efi headers.])],
|
||||
- [#include <efi.h>])
|
||||
CFLAGS="$CFLAGS_TMP"
|
||||
|
||||
# path to linker script from gnu-efi
|
||||
@@ -81,7 +77,7 @@ AC_ARG_WITH([efi-lds],
|
||||
AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
|
||||
[],
|
||||
[with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
|
||||
-EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
|
||||
+EXTRA_LDFLAGS="-Wl,--script=${with_efi_lds}"
|
||||
|
||||
# path to object file from gnu-efi
|
||||
AC_ARG_WITH([efi-crt0],
|
||||
@@ -0,0 +1,47 @@
|
||||
SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment"
|
||||
SECTION = "security/tpm"
|
||||
LICENSE = "BSD-2-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
|
||||
DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"
|
||||
|
||||
SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
|
||||
file://configure_oe_fixup.patch \
|
||||
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
|
||||
file://fix_header_file.patch \
|
||||
"
|
||||
|
||||
SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit autotools pkgconfig
|
||||
|
||||
EFIDIR ?= "/EFI/BOOT"
|
||||
|
||||
EFI_ARCH:x86 = "ia32"
|
||||
EFI_ARCH:x86-64 = "x86_64"
|
||||
|
||||
CFLAGS:append = " -I${STAGING_INCDIR}/efi -I${STAGING_INCDIR}/efi/${EFI_ARCH}"
|
||||
|
||||
EXTRA_OECONF:append = " \
|
||||
--with-efi-includedir=${STAGING_INCDIR} \
|
||||
--with-efi-crt0=${STAGING_LIBDIR}/crt0-efi-${EFI_ARCH}.o \
|
||||
--with-efi-lds=${STAGING_LIBDIR}/elf_${EFI_ARCH}_efi.lds \
|
||||
"
|
||||
|
||||
do_compile:append() {
|
||||
oe_runmake example
|
||||
}
|
||||
|
||||
do_install:append() {
|
||||
install -d "${D}${EFIDIR}"
|
||||
install -m 0755 "${B}"/example/*.efi "${D}${EFIDIR}"
|
||||
}
|
||||
|
||||
COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
|
||||
|
||||
FILES:${PN} += "${EFIDIR}"
|
||||
|
||||
RDEPENDS:${PN} = "gnu-efi libtss2-mu"
|
||||
@@ -0,0 +1,15 @@
|
||||
SUMMARY = "Tools for TPM2."
|
||||
DESCRIPTION = "tpm2-tools"
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=a846608d090aa64494c45fc147cc12e3"
|
||||
SECTION = "tpm"
|
||||
|
||||
DEPENDS = "tpm2-tss openssl curl"
|
||||
|
||||
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
|
||||
|
||||
SRC_URI[sha256sum] = "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
inherit autotools pkgconfig bash-completion
|
||||
@@ -0,0 +1,17 @@
|
||||
SUMMARY = "Attest the trustworthiness of a device against a human using time-based one-time passwords"
|
||||
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1"
|
||||
|
||||
SECTION = "security/tpm"
|
||||
|
||||
DEPENDS = "autoconf-archive libtss2-dev qrencode"
|
||||
|
||||
PE = "1"
|
||||
|
||||
SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
|
||||
SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"
|
||||
|
||||
inherit autotools-brokensep pkgconfig
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
@@ -0,0 +1,32 @@
|
||||
SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL."
|
||||
DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
|
||||
|
||||
LICENSE = "BSD-3-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
|
||||
|
||||
SECTION = "security/tpm"
|
||||
|
||||
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
|
||||
|
||||
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/v${PV}/${BPN}-${PV}.tar.gz"
|
||||
|
||||
SRC_URI[sha256sum] = "ea2941695ac221d23a7f3e1321140e75b1495ae6ade876f2f4c2ed807c65e2a5"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
inherit autotools-brokensep pkgconfig systemd
|
||||
|
||||
# It uses the API deprecated since the OpenSSL 3.0
|
||||
CFLAGS:append = ' -Wno-deprecated-declarations -Wno-unused-parameter'
|
||||
|
||||
do_configure:prepend() {
|
||||
# do not extract the version number from git
|
||||
sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
|
||||
}
|
||||
|
||||
PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion"
|
||||
|
||||
FILES:${PN}-dev = "${libdir}/engines-3/tpm2tss.so ${includedir}/*"
|
||||
FILES:${PN}-engines = "${libdir}/engines-3/lib*.so*"
|
||||
FILES:${PN}-engines-staticdev = "${libdir}/engines-3/libtpm2tss.a"
|
||||
FILES:${PN}-bash-completion += "${datadir}/bash-completion/completions"
|
||||
@@ -0,0 +1,29 @@
|
||||
revert configure: add checks for all tools used by make install
|
||||
|
||||
Not appropriate for cross build env.
|
||||
|
||||
Upstream-Status: Inappropriate [OE specific]
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
Index: tpm2-tss-4.0.1/configure.ac
|
||||
===================================================================
|
||||
--- tpm2-tss-4.0.1.orig/configure.ac
|
||||
+++ tpm2-tss-4.0.1/configure.ac
|
||||
@@ -554,17 +554,6 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes")
|
||||
AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes)
|
||||
AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes")
|
||||
|
||||
-# Check all tools used by make install
|
||||
-AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"],
|
||||
- [ AC_CHECK_PROG(useradd, useradd, yes)
|
||||
- AC_CHECK_PROG(groupadd, groupadd, yes)
|
||||
- AC_CHECK_PROG(adduser, adduser, yes)
|
||||
- AC_CHECK_PROG(addgroup, addgroup, yes)
|
||||
- AS_IF([test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" ],
|
||||
- [AC_MSG_ERROR([addgroup or groupadd are needed.])])
|
||||
- AS_IF([test "x$adduser" != "xyes" && test "x$useradd" != "xyes" ],
|
||||
- [AC_MSG_ERROR([adduser or useradd are needed.])])])
|
||||
-
|
||||
AC_SUBST([PATH])
|
||||
|
||||
dnl --------- Doxy Gen -----------------------
|
||||
@@ -0,0 +1,95 @@
|
||||
SUMMARY = "Software stack for TPM2."
|
||||
DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) "
|
||||
LICENSE = "BSD-2-Clause"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
|
||||
SECTION = "tpm"
|
||||
|
||||
DEPENDS = "autoconf-archive-native libgcrypt openssl"
|
||||
|
||||
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
|
||||
file://fixup_hosttools.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950"
|
||||
|
||||
UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
|
||||
|
||||
CVE_PRODUCT = "tpm2_software_stack"
|
||||
|
||||
inherit autotools pkgconfig systemd useradd
|
||||
|
||||
PACKAGECONFIG ??= ""
|
||||
PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
|
||||
PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid "
|
||||
PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid "
|
||||
|
||||
EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
|
||||
EXTRA_OECONF += "--runstatedir=/run"
|
||||
EXTRA_OECONF:remove = " --disable-static"
|
||||
|
||||
USERADD_PACKAGES = "${PN}"
|
||||
GROUPADD_PARAM:${PN} = "--system tss"
|
||||
USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
|
||||
|
||||
do_install:append() {
|
||||
# Remove /run as it is created on startup
|
||||
rm -rf ${D}/run
|
||||
}
|
||||
|
||||
PROVIDES = "${PACKAGES}"
|
||||
PACKAGES = " \
|
||||
${PN} \
|
||||
${PN}-dbg \
|
||||
${PN}-doc \
|
||||
libtss2-mu \
|
||||
libtss2-mu-dev \
|
||||
libtss2-mu-staticdev \
|
||||
libtss2-tcti-device \
|
||||
libtss2-tcti-device-dev \
|
||||
libtss2-tcti-device-staticdev \
|
||||
libtss2-tcti-mssim \
|
||||
libtss2-tcti-mssim-dev \
|
||||
libtss2-tcti-mssim-staticdev \
|
||||
libtss2 \
|
||||
libtss2-dev \
|
||||
libtss2-staticdev \
|
||||
"
|
||||
|
||||
FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
|
||||
FILES:libtss2-tcti-device-dev = " \
|
||||
${includedir}/tss2/tss2_tcti_device.h \
|
||||
${libdir}/pkgconfig/tss2-tcti-device.pc \
|
||||
${libdir}/libtss2-tcti-device.so"
|
||||
FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
|
||||
|
||||
FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
|
||||
FILES:libtss2-tcti-mssim-dev = " \
|
||||
${includedir}/tss2/tss2_tcti_mssim.h \
|
||||
${libdir}/pkgconfig/tss2-tcti-mssim.pc \
|
||||
${libdir}/libtss2-tcti-mssim.so"
|
||||
FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
|
||||
|
||||
FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*"
|
||||
FILES:libtss2-mu-dev = " \
|
||||
${includedir}/tss2/tss2_mu.h \
|
||||
${libdir}/pkgconfig/tss2-mu.pc \
|
||||
${libdir}/libtss2-mu.so"
|
||||
FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
|
||||
|
||||
FILES:libtss2 = "${libdir}/libtss2*so.*"
|
||||
FILES:libtss2-dev = " \
|
||||
${includedir} \
|
||||
${libdir}/pkgconfig \
|
||||
${libdir}/libtss2*so"
|
||||
FILES:libtss2-staticdev = "${libdir}/libtss*a"
|
||||
|
||||
FILES:${PN} = "\
|
||||
${libdir}/udev \
|
||||
/var/lib/tpm2-tss \
|
||||
/var/run \
|
||||
${nonarch_base_libdir}/udev \
|
||||
${sysconfdir}/tmpfiles.d \
|
||||
${sysconfdir}/tpm2-tss \
|
||||
${sysconfdir}/sysusers.d"
|
||||
|
||||
RDEPENDS:libtss2 = "libgcrypt"
|
||||
Reference in New Issue
Block a user