Initial commit

meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch

@@ -0,0 +1,51 @@
+1) Allow recipe to overide optimization.
+
+fixes:
+
+397 | #  warning _FORTIFY_SOURCE requires compiling with optimization (-O)
+|       |    ^~~~~~~
+| cc1: all warnings being treated as errors
+
+2) Allow recipe to override OE related compile-/link-flags
+
+fixes:
+
+ERROR: QA Issue: File /usr/bin/tpm_server in package ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags]
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Jens Rehsack <sno@NetBSD.org>
+
+Index: src/makefile
+===================================================================
+--- src.orig/makefile
++++ src/makefile
+@@ -38,13 +38,11 @@
+ #################################################################################
+ 
+ 
+-CC = /usr/bin/gcc
+-
+ CCFLAGS = -Wall  			\
+ 	-Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
+ 	-Werror -Wsign-compare \
+ 	-Wno-deprecated-declarations	\
+-	 -c -ggdb -O0 			\
++	 -c -ggdb -O 			\
+ 	-DTPM_POSIX			\
+ 	-D_POSIX_			\
+ 	-DTPM_NUVOTON
+@@ -80,11 +78,11 @@ TcpServerPosix.o	: $(HEADERS)
+ .PRECIOUS:	%.o
+ 
+ tpm_server:	$(OBJFILES)
+-		$(CC) $(OBJFILES) $(LNFLAGS) -o tpm_server
++		$(CCLD) $(OBJFILES) $(LDFLAGS) $(LNFLAGS) -o tpm_server
+ 
+ clean:		
+ 		rm -f *.o tpm_server *~
+ 
+ %.o:		%.c
+-		$(CC) $(CCFLAGS) $< -o $@
++		$(CC) $(CCFLAGS) $(CFLAGS) $< -o $@
+ 

meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_164-2020-192.1.bb

@@ -0,0 +1,37 @@
+SUMMARY = "IBM's Software TPM 2.0"
+DESCRIPTION = "The software TPM 2.0 is targeted toward application development, \
+education, and virtualization. \
+\
+The intent is that an application can be developed using the software TPM. \
+The application should then run using a hardware TPM without changes. \
+Advantages of this approach: \
+* In contrast to a hardware TPM, it runs on many platforms and it's generally faster. \
+* Application software errors are easily reversed by simply removing the TPM state and starting over. \
+* Difficult crypto errors are quickly debugged by looking inside the TPM."
+HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmswtpm2.html"
+LICENSE = "BSD-2-Clause"
+SECTION = "securty/tpm"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
+LIC_FILES_CHKSUM += "file://LICENSE;md5=c75e465155c42c14154bf6a2acb7347b"
+
+DEPENDS = "openssl"
+
+SRC_URI = "git://git.code.sf.net/p/ibmswtpm2/tpm2;protocol=https;branch=master \
+           file://tune-makefile.patch \
+           "
+SRCREV = "5452af422edeff70fcae8ea99dd28a0922051d7b"
+
+UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
+
+S = "${WORKDIR}/git/src"
+
+CFLAGS += "-Wno-error=maybe-uninitialized -DALG_CAMELLIA=ALG_NO"
+
+do_compile () {
+   make CC='${CC}'
+}
+
+do_install () {
+   install -d ${D}/${bindir}
+   install -m 0755 tpm_server  ${D}/${bindir}
+}

meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch

@@ -0,0 +1,121 @@
+From 26091b7830d84a12308442b238652ee9475d407b Mon Sep 17 00:00:00 2001
+From: Jens Rehsack <sno@netbsd.org>
+Date: Fri, 11 Sep 2020 07:46:41 +0200
+Subject: [PATCH] utils{,12}/Makefile.am: expand wildcards in prereqs
+
+Expand wildcards of required sources to avoid errors like:
+make[2]: *** No rule to make target 'man/man1/*.1', needed by 'all-am'.  Stop.
+make[2]: *** Waiting for unfinished jobs....
+
+Upstream-Status: Submitted
+
+Signed-off-by: Jens Rehsack <sno@netbsd.org>
+---
+ utils/Makefile.am   | 75 +++++++++++++++++++++++++++++++++++++++++++--
+ utils12/Makefile.am |  8 ++++-
+ 2 files changed, 79 insertions(+), 4 deletions(-)
+
+Index: git/utils/Makefile.am
+===================================================================
+--- git.orig/utils/Makefile.am
++++ git/utils/Makefile.am
+@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
+ 
+ noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
+ # install every header in ibmtss
+-nobase_include_HEADERS = ibmtss/*.h
++nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
++	ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
++	ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
++	ibmtss/ClockSet_fp.h ibmtss/Commit_fp.h ibmtss/ContextLoad_fp.h ibmtss/ContextSave_fp.h \
++	ibmtss/CreateEndorsementKeyPair_fp.h ibmtss/Create_fp.h ibmtss/CreateLoaded_fp.h \
++	ibmtss/CreatePrimary_fp.h ibmtss/CreateWrapKey_fp.h ibmtss/DictionaryAttackLockReset_fp.h \
++	ibmtss/DictionaryAttackParameters_fp.h ibmtss/Duplicate_fp.h ibmtss/ECC_Parameters_fp.h \
++	ibmtss/ECDH_KeyGen_fp.h ibmtss/ECDH_ZGen_fp.h ibmtss/EC_Ephemeral_fp.h ibmtss/EncryptDecrypt2_fp.h \
++	ibmtss/EncryptDecrypt_fp.h ibmtss/EventSequenceComplete_fp.h ibmtss/EvictControl_fp.h ibmtss/Extend_fp.h \
++	ibmtss/FlushContext_fp.h ibmtss/FlushSpecific_fp.h ibmtss/GetCapability12_fp.h ibmtss/GetCapability_fp.h \
++	ibmtss/GetCommandAuditDigest_fp.h ibmtss/GetRandom_fp.h ibmtss/GetSessionAuditDigest_fp.h \
++	ibmtss/GetTestResult_fp.h ibmtss/GetTime_fp.h ibmtss/Hash_fp.h ibmtss/HashSequenceStart_fp.h \
++	ibmtss/HierarchyChangeAuth_fp.h ibmtss/HierarchyControl_fp.h ibmtss/HMAC_fp.h ibmtss/HMAC_Start_fp.h \
++	ibmtss/Implementation.h ibmtss/Import_fp.h ibmtss/IncrementalSelfTest_fp.h ibmtss/LoadExternal_fp.h \
++	ibmtss/Load_fp.h ibmtss/LoadKey2_fp.h ibmtss/MakeCredential_fp.h ibmtss/MakeIdentity_fp.h ibmtss/NTC_fp.h \
++	ibmtss/NV_Certify_fp.h ibmtss/NV_ChangeAuth_fp.h ibmtss/NV_DefineSpace12_fp.h ibmtss/NV_DefineSpace_fp.h \
++	ibmtss/NV_Extend_fp.h ibmtss/NV_GlobalWriteLock_fp.h ibmtss/NV_Increment_fp.h ibmtss/NV_Read_fp.h \
++	ibmtss/NV_ReadLock_fp.h ibmtss/NV_ReadPublic_fp.h ibmtss/NV_ReadValueAuth_fp.h ibmtss/NV_ReadValue_fp.h \
++	ibmtss/NV_SetBits_fp.h ibmtss/NV_UndefineSpace_fp.h ibmtss/NV_UndefineSpaceSpecial_fp.h ibmtss/NV_Write_fp.h \
++	ibmtss/NV_WriteLock_fp.h ibmtss/NV_WriteValueAuth_fp.h ibmtss/NV_WriteValue_fp.h ibmtss/ObjectChangeAuth_fp.h \
++	ibmtss/OIAP_fp.h ibmtss/OSAP_fp.h ibmtss/OwnerReadInternalPub_fp.h ibmtss/OwnerSetDisable_fp.h \
++	ibmtss/Parameters12.h ibmtss/Parameters.h ibmtss/PCR_Allocate_fp.h ibmtss/PCR_Event_fp.h ibmtss/PCR_Extend_fp.h \
++	ibmtss/PcrRead12_fp.h ibmtss/PCR_Read_fp.h ibmtss/PCR_Reset12_fp.h ibmtss/PCR_Reset_fp.h ibmtss/PCR_SetAuthPolicy_fp.h \
++	ibmtss/PCR_SetAuthValue_fp.h ibmtss/PolicyAuthorize_fp.h ibmtss/PolicyAuthorizeNV_fp.h ibmtss/PolicyAuthValue_fp.h \
++	ibmtss/PolicyCommandCode_fp.h ibmtss/PolicyCounterTimer_fp.h ibmtss/PolicyCpHash_fp.h ibmtss/PolicyDuplicationSelect_fp.h \
++	ibmtss/PolicyGetDigest_fp.h ibmtss/PolicyLocality_fp.h ibmtss/PolicyNameHash_fp.h ibmtss/PolicyNV_fp.h \
++	ibmtss/PolicyNvWritten_fp.h ibmtss/PolicyOR_fp.h ibmtss/PolicyPassword_fp.h ibmtss/PolicyPCR_fp.h \
++	ibmtss/PolicyPhysicalPresence_fp.h ibmtss/PolicyRestart_fp.h ibmtss/PolicySecret_fp.h ibmtss/PolicySigned_fp.h \
++	ibmtss/PolicyTemplate_fp.h ibmtss/PolicyTicket_fp.h ibmtss/PP_Commands_fp.h ibmtss/Quote2_fp.h ibmtss/Quote_fp.h \
++	ibmtss/ReadClock_fp.h ibmtss/ReadPubek_fp.h ibmtss/ReadPublic_fp.h ibmtss/Rewrap_fp.h ibmtss/RSA_Decrypt_fp.h \
++	ibmtss/RSA_Encrypt_fp.h ibmtss/SelfTest_fp.h ibmtss/SequenceComplete_fp.h ibmtss/SequenceUpdate_fp.h \
++	ibmtss/SetAlgorithmSet_fp.h ibmtss/SetCommandCodeAuditStatus_fp.h ibmtss/SetPrimaryPolicy_fp.h ibmtss/Shutdown_fp.h \
++	ibmtss/Sign12_fp.h ibmtss/Sign_fp.h ibmtss/StartAuthSession_fp.h ibmtss/Startup12_fp.h ibmtss/Startup_fp.h \
++	ibmtss/StirRandom_fp.h ibmtss/TakeOwnership_fp.h ibmtss/TestParms_fp.h ibmtss/TPMB.h ibmtss/TpmBuildSwitches.h \
++	ibmtss/tpmconstants12.h ibmtss/tpmstructures12.h ibmtss/tpmtypes12.h ibmtss/TPM_Types.h ibmtss/tsscrypto.h \
++	ibmtss/tsscryptoh.h ibmtss/tsserror12.h ibmtss/tsserror.h ibmtss/tssfile.h ibmtss/tss.h ibmtss/tssmarshal12.h \
++	ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
++	ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
++	ibmtss/ZGen_2Phase_fp.h
+ 
+-notrans_man_MANS = man/man1/*.1
++notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
++	man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
++	man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
++	man/man1/tsscontextload.1 man/man1/tsscontextsave.1 man/man1/tsscreate.1 man/man1/tsscreateek.1 \
++	man/man1/tsscreateekcert.1 man/man1/tsscreateloaded.1 man/man1/tsscreateprimary.1 \
++	man/man1/tssdictionaryattacklockreset.1 man/man1/tssdictionaryattackparameters.1 man/man1/tssduplicate.1 \
++	man/man1/tsseccparameters.1 man/man1/tssecephemeral.1 man/man1/tssencryptdecrypt.1 man/man1/tsseventextend.1 \
++	man/man1/tsseventsequencecomplete.1 man/man1/tssevictcontrol.1 man/man1/tssflushcontext.1 man/man1/tssgetcapability.1 \
++	man/man1/tssgetcommandauditdigest.1 man/man1/tssgetcryptolibrary.1 man/man1/tssgetrandom.1 \
++	man/man1/tssgetsessionauditdigest.1 man/man1/tssgettestresult.1 man/man1/tssgettime.1 man/man1/tsshash.1 \
++	man/man1/tsshashsequencestart.1 man/man1/tsshierarchychangeauth.1 man/man1/tsshierarchycontrol.1 \
++	man/man1/tsshmac.1 man/man1/tsshmacstart.1 man/man1/tssimaextend.1 man/man1/tssimport.1 man/man1/tssimportpem.1 \
++	man/man1/tssload.1 man/man1/tssloadexternal.1 man/man1/tssmakecredential.1 man/man1/tssntc2getconfig.1 \
++	man/man1/tssntc2lockconfig.1 man/man1/tssntc2preconfig.1 man/man1/tssnvcertify.1 man/man1/tssnvchangeauth.1 \
++	man/man1/tssnvdefinespace.1 man/man1/tssnvextend.1 man/man1/tssnvglobalwritelock.1 man/man1/tssnvincrement.1 \
++	man/man1/tssnvread.1 man/man1/tssnvreadlock.1 man/man1/tssnvreadpublic.1 man/man1/tssnvsetbits.1 \
++	man/man1/tssnvundefinespace.1 man/man1/tssnvundefinespacespecial.1 man/man1/tssnvwrite.1 man/man1/tssnvwritelock.1 \
++	man/man1/tssobjectchangeauth.1 man/man1/tsspcrallocate.1 man/man1/tsspcrevent.1 man/man1/tsspcrextend.1 \
++	man/man1/tsspcrread.1 man/man1/tsspcrreset.1 man/man1/tsspolicyauthorize.1 man/man1/tsspolicyauthorizenv.1 \
++	man/man1/tsspolicyauthvalue.1 man/man1/tsspolicycommandcode.1 man/man1/tsspolicycountertimer.1 \
++	man/man1/tsspolicycphash.1 man/man1/tsspolicyduplicationselect.1 man/man1/tsspolicygetdigest.1 \
++	man/man1/tsspolicymaker.1 man/man1/tsspolicymakerpcr.1 man/man1/tsspolicynamehash.1 man/man1/tsspolicynv.1 \
++	man/man1/tsspolicynvwritten.1 man/man1/tsspolicyor.1 man/man1/tsspolicypassword.1 man/man1/tsspolicypcr.1 \
++	man/man1/tsspolicyrestart.1 man/man1/tsspolicysecret.1 man/man1/tsspolicysigned.1 man/man1/tsspolicytemplate.1 \
++	man/man1/tsspolicyticket.1 man/man1/tsspowerup.1 man/man1/tssprintattr.1 man/man1/tsspublicname.1 \
++	man/man1/tssquote.1 man/man1/tssreadclock.1 man/man1/tssreadpublic.1 man/man1/tssreturncode.1 \
++	man/man1/tssrewrap.1 man/man1/tssrsadecrypt.1 man/man1/tssrsaencrypt.1 man/man1/tsssequencecomplete.1 \
++	man/man1/tsssequenceupdate.1 man/man1/tsssetcommandcodeauditstatus.1 man/man1/tsssetprimarypolicy.1 \
++	man/man1/tssshutdown.1 man/man1/tsssign.1 man/man1/tsssignapp.1 man/man1/tssstartauthsession.1 \
++	man/man1/tssstartup.1 man/man1/tssstirrandom.1 man/man1/tsstimepacket.1 man/man1/tsstpm2pem.1 \
++	man/man1/tsstpmcmd.1 man/man1/tsstpmpublic2eccpoint.1 man/man1/tssunseal.1 man/man1/tssverifysignature.1 \
++	man/man1/tsswriteapp.1 man/man1/tsszgen2phase.1
+ 
+ if CONFIG_TPM20
+ noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
+Index: git/utils12/Makefile.am
+===================================================================
+--- git.orig/utils12/Makefile.am
++++ git/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
+ # result: [current-age].age.revision
+ libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
+ 
+-notrans_man_MANS = man/man1/*.1
++notrans_man_MANS = man/man1/tss1activateidentity.1 man/man1/tss1createekcert.1 man/man1/tss1createendorsementkeypair.1 \
++	man/man1/tss1createwrapkey.1 man/man1/tss1eventextend.1 man/man1/tss1extend.1 man/man1/tss1flushspecific.1 \
++	man/man1/tss1getcapability.1 man/man1/tss1imaextend.1 man/man1/tss1loadkey2.1 man/man1/tss1makeekblob.1 \
++	man/man1/tss1makeidentity.1 man/man1/tss1nvdefinespace.1 man/man1/tss1nvreadvalue.1 man/man1/tss1nvreadvalueauth.1 \
++	man/man1/tss1nvwritevalue.1 man/man1/tss1nvwritevalueauth.1 man/man1/tss1oiap.1 man/man1/tss1osap.1 \
++	man/man1/tss1ownerreadinternalpub.1 man/man1/tss1ownersetdisable.1 man/man1/tss1pcrread.1 man/man1/tss1quote2.1 \
++	man/man1/tss1sign.1 man/man1/tss1startup.1 man/man1/tss1takeownership.1 man/man1/tss1tpminit.1
+ noinst_HEADERS = ekutils12.h
+ 
+ bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend

meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb

@@ -0,0 +1,31 @@
+SUMMARY = "IBM's Software TPM 2.0 TSS"
+DESCRIPTION = "This is a user space TSS for TPM 2.0. It implements the \
+functionality equivalent to (but not API compatible with) the TCG TSS \
+working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a \
+hopefully simpler interface. \
+It comes with over 110 'TPM tools' samples that can be used for scripted \
+apps, rapid prototyping, education, and debugging. \
+It also comes with a web based TPM interface, suitable for a demo to an \
+audience that is unfamiliar with TCG technology. It is also useful for \
+basic TPM management."
+HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmtss2.html"
+LICENSE = "BSD-2-Clause"
+SECTION = "securty/tpm"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
+
+DEPENDS = "openssl ibmswtpm2"
+
+inherit autotools pkgconfig
+
+SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573"
+SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \
+           file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
+           "
+
+UPSTREAM_CHECK_COMMITS = "1"
+UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
+UPSTREAM_CHECK_GITTAGREGEX = "rev.*)"
+
+EXTRA_OECONF = "--disable-tpm-1.2"
+
+S = "${WORKDIR}/git"

meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:		tpm2-abrmd
+# Required-Start:	$local_fs $remote_fs $network
+# Required-Stop:	$local_fs $remote_fs $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:	2 3 4 5
+# Default-Stop:		0 1 6
+# Short-Description:	starts tpm2-abrmd
+# Description:		tpm2-abrmd implements the TCG resource manager
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/tpm2-abrmd
+NAME=tpm2-abrmd
+DESC="TCG TSS2 Access Broker and Resource Management daemon"
+USER="tss"
+
+test -x "${DAEMON}" || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+case "${1}" in
+	start)
+		echo -n "Starting $DESC: "
+
+		if [ ! -e /dev/tpm? ]
+		then
+			echo "device driver not loaded, skipping."
+			exit 0
+		fi
+
+		start-stop-daemon --start --quiet --oknodo --background --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}
+		RETVAL="$?"
+		echo "$NAME."
+		[ "$RETVAL" = 0 ] && pidof $DAEMON > /var/run/${NAME}.pid
+		exit $RETVAL
+		;;
+
+	stop)
+		echo -n "Stopping $DESC: "
+
+		start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --exec ${DAEMON}
+		RETVAL="$?"
+                echo  "$NAME."
+		rm -f /var/run/${NAME}.pid
+		exit $RETVAL
+		;;
+
+	restart|force-reload)
+		"${0}" stop
+		sleep 1
+		"${0}" start
+		exit $?
+		;;
+	*)
+		echo "Usage: ${NAME} {start|stop|restart|force-reload|status}" >&2
+		exit 3
+		;;
+esac
+
+exit 0

meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default

@@ -0,0 +1 @@
+DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transients=20 --flush-all"

meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb

@@ -0,0 +1,54 @@
+SUMMARY = "TPM2 Access Broker & Resource Manager"
+DESCRIPTION = "This is a system daemon implementing the TPM2 access \
+broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \
+is implemented using Glib and the GObject system. In this documentation and \
+in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \
+"
+SECTION = "security/tpm"
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+
+DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
+            libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
+
+SRC_URI = "\
+    https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
+    file://tpm2-abrmd-init.sh \
+    file://tpm2-abrmd.default \
+"
+
+SRC_URI[sha256sum] = "d59aff34164aa705b05155b86607f6b66918a433104f754a3fcf76216dd9f465"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+inherit autotools pkgconfig systemd update-rc.d useradd
+
+SYSTEMD_PACKAGES += "${PN}"
+SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service"
+SYSTEMD_AUTO_ENABLE:${PN} = "disable"
+
+INITSCRIPT_NAME = "${PN}"
+INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ."
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "tss"
+USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
+
+PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no"
+
+do_install:append() {
+    install -d "${D}${sysconfdir}/init.d"
+    install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd"
+
+    install -d "${D}${sysconfdir}/default"
+    install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd"
+}
+
+FILES:${PN} += "${libdir}/systemd/system-preset \
+		${datadir}/dbus-1"
+
+RDEPENDS:${PN} += "tpm2-tss"
+
+BBCLASSEXTEND = "native"

meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.1.bb

@@ -0,0 +1,21 @@
+SUMMARY = "Provider for integration of TPM 2.0 to OpenSSL 3.0"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b75785ac083d3c3ca04d99d9e4e1fbab"
+
+DEPENDS = "autoconf-archive-native tpm2-tss openssl"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "5a9bb0c6c61d026272b8843cbc291b5dfa9a55c1661a513b1c980807ad2dad01"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+inherit autotools pkgconfig
+
+do_configure:prepend() {
+    # do not extract the version number from git
+    sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
+}
+
+FILES:${PN} = "\
+    ${libdir}/ossl-modules/tpm2.so"

meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb

@@ -0,0 +1,47 @@
+SUMMARY = "A PKCS#11 interface for TPM2 hardware"
+DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token."
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"
+
+DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+inherit autotools-brokensep pkgconfig python3native
+
+EXTRA_OECONF += "--disable-ptool-checks"
+
+do_compile:append() {
+    cd ${S}/tools
+    python3 setup.py build
+}
+
+do_install:append() {
+    cd ${S}/tools
+    export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}"
+    ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
+
+    sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool
+}
+
+PACKAGES =+ "${PN}-tools"
+
+FILES:${PN}-tools = "\
+    ${bindir}/tpm2_ptool \
+    ${libdir}/${PYTHON_DIR}/* \
+    "
+
+FILES:${PN} += "\
+    ${libdir}/pkcs11/* \
+    ${datadir}/p11-kit/* \
+    "
+
+INSANE_SKIP:${PN}   += "dev-so"
+
+RDEPENDS:${PN} = "p11-kit tpm2-tools "
+RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"

meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch

@@ -0,0 +1,27 @@
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -84,9 +84,6 @@ AC_ARG_WITH([efi-lds],
+             AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
+             [],
+             [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
+-AC_CHECK_FILE(["${with_efi_lds}"],
+-              [],
+-              [AC_MSG_ERROR([Missing file: ${with_efi_lds}.])])
+ EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
+ 
+ # path to object file from gnu-efi
+@@ -94,9 +91,6 @@ AC_ARG_WITH([efi-crt0],
+             AS_HELP_STRING([--with-efi-crt0=OBJ_PATH],[Path to gnu-efi crt0 object file.]),
+             [],
+             [with_efi_crt0="/usr/lib/crt0-efi-${ARCH}.o"])
+-AC_CHECK_FILE(["${with_efi_crt0}"],
+-              [],
+-              [AC_MSG_ERROR([Missing ${with_efi_crt0} file.])])
+ EXTRA_LDLIBS="${with_efi_crt0}"
+ 
+ # check for efi and gnuefi libraries

meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch

@@ -0,0 +1,25 @@
+Error building for i386 target in cross env
+
+#include <efi/x86_64/efibind.h>
+
+ARCH is host arch, not target arch
+
+Upstream-Status: Submitted
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Index: git/src/uefi-types.h
+===================================================================
+--- git.orig/src/uefi-types.h
++++ git/src/uefi-types.h
+@@ -3,9 +3,9 @@
+ #define UEFI_TYPES_H
+ 
+ #ifndef EDK2_BUILD
+-#if ARCH == x86_64
++#if defined(__x86_64__)
+ #include <efi/x86_64/efibind.h>
+-#elif ARCH == ia32
++#elif defined(__i386__)
+ #include <efi/ia32/efibind.h>
+ #else
+ #error "Unsupported ARCH."

meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch

@@ -0,0 +1,38 @@
+From b74837184cfdefb45e48f3fdc974fc67691fc861 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
+Date: Wed, 3 Jul 2019 19:16:35 +0300
+Subject: [PATCH] configure.ac: stop inserting host directories into compile
+ path
+
+Do not insert /usr/lib and /usr/lib64 into library search path.
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -70,10 +70,6 @@ EXTRA_CFLAGS+="-I${with_efi_includedir}
+ # compiler flags / search path
+ CFLAGS_TMP="$CFLAGS"
+ CFLAGS="$CFLAGS $EXTRA_CFLAGS"
+-AC_CHECK_HEADERS([efi.h efilib.h],
+-                 [],
+-                 [AC_MSG_ERROR([Missing gnu-efi headers.])],
+-                 [#include <efi.h>])
+ CFLAGS="$CFLAGS_TMP"
+ 
+ # path to linker script from gnu-efi
+@@ -81,7 +77,7 @@ AC_ARG_WITH([efi-lds],
+             AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
+             [],
+             [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
+-EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
++EXTRA_LDFLAGS="-Wl,--script=${with_efi_lds}"
+ 
+ # path to object file from gnu-efi
+ AC_ARG_WITH([efi-crt0],

meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb

@@ -0,0 +1,47 @@
+SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment"
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \
+           file://configure_oe_fixup.patch \
+           file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
+           file://fix_header_file.patch \
+"
+
+SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
+
+EFIDIR ?= "/EFI/BOOT"
+
+EFI_ARCH:x86 = "ia32"
+EFI_ARCH:x86-64 = "x86_64"
+
+CFLAGS:append = " -I${STAGING_INCDIR}/efi -I${STAGING_INCDIR}/efi/${EFI_ARCH}"
+
+EXTRA_OECONF:append = " \
+    --with-efi-includedir=${STAGING_INCDIR} \
+    --with-efi-crt0=${STAGING_LIBDIR}/crt0-efi-${EFI_ARCH}.o \
+    --with-efi-lds=${STAGING_LIBDIR}/elf_${EFI_ARCH}_efi.lds \
+"
+
+do_compile:append() {
+	oe_runmake example
+}
+
+do_install:append() {
+	install -d "${D}${EFIDIR}"
+	install -m 0755 "${B}"/example/*.efi "${D}${EFIDIR}"
+}
+
+COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
+
+FILES:${PN} += "${EFIDIR}"
+
+RDEPENDS:${PN} = "gnu-efi libtss2-mu"

meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb

@@ -0,0 +1,15 @@
+SUMMARY = "Tools for TPM2."
+DESCRIPTION = "tpm2-tools"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=a846608d090aa64494c45fc147cc12e3"
+SECTION = "tpm"
+
+DEPENDS = "tpm2-tss openssl curl"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+inherit autotools pkgconfig bash-completion

meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb

@@ -0,0 +1,17 @@
+SUMMARY = "Attest the trustworthiness of a device against a human using time-based one-time passwords"
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1"
+
+SECTION = "security/tpm"
+
+DEPENDS = "autoconf-archive libtss2-dev qrencode"
+
+PE = "1"
+
+SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https"
+
+inherit autotools-brokensep pkgconfig
+
+S = "${WORKDIR}/git"

meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb

@@ -0,0 +1,32 @@
+SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." 
+DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
+
+SECTION = "security/tpm"
+
+DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/v${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "ea2941695ac221d23a7f3e1321140e75b1495ae6ade876f2f4c2ed807c65e2a5"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+inherit autotools-brokensep pkgconfig systemd
+
+# It uses the API deprecated since the OpenSSL 3.0
+CFLAGS:append = ' -Wno-deprecated-declarations -Wno-unused-parameter'
+
+do_configure:prepend() {
+    # do not extract the version number from git
+    sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac
+}
+
+PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion"
+
+FILES:${PN}-dev = "${libdir}/engines-3/tpm2tss.so ${includedir}/*"
+FILES:${PN}-engines = "${libdir}/engines-3/lib*.so*"
+FILES:${PN}-engines-staticdev = "${libdir}/engines-3/libtpm2tss.a"
+FILES:${PN}-bash-completion += "${datadir}/bash-completion/completions"

meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch

@@ -0,0 +1,29 @@
+revert configure: add checks for all tools used by make install
+
+Not appropriate for cross build env.
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: tpm2-tss-4.0.1/configure.ac
+===================================================================
+--- tpm2-tss-4.0.1.orig/configure.ac
++++ tpm2-tss-4.0.1/configure.ac
+@@ -554,17 +554,6 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes")
+ AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes)
+ AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes")
+ 
+-# Check all tools used by make install
+-AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"],
+-    [ AC_CHECK_PROG(useradd, useradd, yes)
+-      AC_CHECK_PROG(groupadd, groupadd, yes)
+-      AC_CHECK_PROG(adduser, adduser, yes)
+-      AC_CHECK_PROG(addgroup, addgroup, yes)
+-      AS_IF([test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" ],
+-         [AC_MSG_ERROR([addgroup or groupadd are needed.])])
+-      AS_IF([test "x$adduser" != "xyes" && test "x$useradd" != "xyes" ],
+-         [AC_MSG_ERROR([adduser or useradd are needed.])])])
+-
+ AC_SUBST([PATH])
+ 
+ dnl --------- Doxy Gen -----------------------

meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb

@@ -0,0 +1,95 @@
+SUMMARY = "Software stack for TPM2."
+DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) "
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+SECTION = "tpm"
+
+DEPENDS = "autoconf-archive-native libgcrypt openssl"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
+           file://fixup_hosttools.patch \
+           "
+
+SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+CVE_PRODUCT = "tpm2_software_stack"
+
+inherit autotools pkgconfig systemd useradd
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
+PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid "
+PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid "
+
+EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/"
+EXTRA_OECONF += "--runstatedir=/run"
+EXTRA_OECONF:remove = " --disable-static"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system tss"
+USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
+
+do_install:append() {
+    # Remove /run as it is created on startup
+    rm -rf ${D}/run
+}
+
+PROVIDES = "${PACKAGES}"
+PACKAGES = " \
+    ${PN} \
+    ${PN}-dbg \
+    ${PN}-doc \
+    libtss2-mu \
+    libtss2-mu-dev \
+    libtss2-mu-staticdev \
+    libtss2-tcti-device \
+    libtss2-tcti-device-dev \
+    libtss2-tcti-device-staticdev \
+    libtss2-tcti-mssim \
+    libtss2-tcti-mssim-dev \
+    libtss2-tcti-mssim-staticdev \
+    libtss2 \
+    libtss2-dev \
+    libtss2-staticdev \
+"
+
+FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
+FILES:libtss2-tcti-device-dev = " \
+    ${includedir}/tss2/tss2_tcti_device.h \
+    ${libdir}/pkgconfig/tss2-tcti-device.pc \
+    ${libdir}/libtss2-tcti-device.so"
+FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
+
+FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
+FILES:libtss2-tcti-mssim-dev = " \
+    ${includedir}/tss2/tss2_tcti_mssim.h \
+    ${libdir}/pkgconfig/tss2-tcti-mssim.pc \
+    ${libdir}/libtss2-tcti-mssim.so"
+FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
+
+FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*"
+FILES:libtss2-mu-dev = " \
+    ${includedir}/tss2/tss2_mu.h \
+    ${libdir}/pkgconfig/tss2-mu.pc \
+    ${libdir}/libtss2-mu.so"
+FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
+
+FILES:libtss2 = "${libdir}/libtss2*so.*"
+FILES:libtss2-dev = " \
+    ${includedir} \
+    ${libdir}/pkgconfig \
+    ${libdir}/libtss2*so"
+FILES:libtss2-staticdev = "${libdir}/libtss*a"
+
+FILES:${PN} = "\
+    ${libdir}/udev \
+    /var/lib/tpm2-tss \
+    /var/run \
+    ${nonarch_base_libdir}/udev \
+    ${sysconfdir}/tmpfiles.d \
+    ${sysconfdir}/tpm2-tss \
+    ${sysconfdir}/sysusers.d"
+
+RDEPENDS:libtss2 = "libgcrypt"