diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2021-03-31 21:36:22 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-04-06 16:22:18 +0300 |
commit | 9d3cc05f311fde3211b6bc0a9be221d6e889a70e (patch) | |
tree | cd4a28c9a69d3983c4ec1ab2dd7f025385b3cbb7 /meta-security/meta-tpm/recipes-tpm | |
parent | bd39bf61761e73b494e69f07ae975547e8ac771e (diff) | |
download | openbmc-9d3cc05f311fde3211b6bc0a9be221d6e889a70e.tar.xz |
meta-security: subtree update:9504d02694..775870980b
Armin Kuster (13):
libtpm: update to 0.8.2
ibmtpm2tss: update to 1.6.0
tpm2-abrmd: update to 2.4.0
tpm2-tools: update to 5.0
tpm2-tss: update to 3.0.3
tpm2-pkcs11: update to 1.5.0
tpm2-topt: update 0.3.0
trousers: update to 0.3.15
tpm-tools: update to 1.3.9.1
python3-fail2ban: fix building with ptest enabled
layer.conf: Add hardknott to LAYERSERIES_COMPAT
tpm2-tss-engine: update 1.1.0
swtpm: update to 0.5.2
Kai Kang (1):
samhain: fix compile error on powerpc
Ming Liu (1):
ima-evm-keys: add file-checksums to IMA_EVM_X509
lukasz plachno (1):
fscryptctl: Fix installation path
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97
Diffstat (limited to 'meta-security/meta-tpm/recipes-tpm')
-rw-r--r-- | meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb) | 4 | ||||
-rw-r--r-- | meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb) | 17 | ||||
-rw-r--r-- | meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch | 110 | ||||
-rw-r--r-- | meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb) | 3 | ||||
-rw-r--r-- | meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb | 4 |
5 files changed, 14 insertions, 124 deletions
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb index 0ade01dd5..9784aa115 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb @@ -2,8 +2,8 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0" +SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8" PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb index 35c77c806..b7ff2ad59 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb @@ -3,22 +3,21 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" SECTION = "apps" -DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native" +DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native" # configure checks for the tools already during compilation and # then swtpm_setup needs them at runtime DEPENDS += "tpm-tools-native expect-native socat-native" -SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \ - file://fix_fcntl_h.patch \ +SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \ file://ioctl_h.patch \ " PE = "1" S = "${WORKDIR}/git" -inherit autotools pkgconfig +inherit autotools pkgconfig python3-dir PARALLEL_MAKE = "" TSS_USER="tss" @@ -35,18 +34,20 @@ PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" -export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}" - USERADD_PACKAGES = "${PN}" GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ --no-create-home --shell /bin/false ${BPN}" + +PACKAGES =+ "${PN}-python" +FILES_${PN}-python = "${nonarch_libdir}/${PYTHON_PN}/dist-packages/* " + PACKAGE_BEFORE_PN = "${PN}-cuse" FILES_${PN}-cuse = "${bindir}/swtpm_cuse" INSANE_SKIP_${PN} += "dev-so" -RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools" +RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch deleted file mode 100644 index c2a264b62..000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch +++ /dev/null @@ -1,110 +0,0 @@ -Author: Philipp Kern <pkern@debian.org> -Subject: Fix openssl1.1 support in data_mgmt -Date: Tue, 31 Jan 2017 22:40:10 +0100 - -Upstream-Status: Backport -tpm-tools_1.3.9.1-0.1.debian.tar - -Signed-off-by: Armin kuster <akuster808@gmail.com> - ---- - src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++---------------- - 1 file changed, 39 insertions(+), 21 deletions(-) - ---- a/src/data_mgmt/data_import.c -+++ b/src/data_mgmt/data_import.c -@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile, - goto out; - } - -- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { -+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) { - logError( TOKEN_RSA_KEY_ERROR ); - - X509_free( pX509 ); -@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -+ const BIGNUM *bn; -+ const BIGNUM *be; -+ -+ RSA_get0_key( a_pRsa, &bn, &be, NULL ); -+ -+ int nLen = BN_num_bytes( bn ); -+ int eLen = BN_num_bytes( be ); - - CK_RV rv; - -@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -+ BN_bn2bin( bn, n ); -+ BN_bn2bin( be, e ); - - // Create the RSA public key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -- int dLen = BN_num_bytes( a_pRsa->d ); -- int pLen = BN_num_bytes( a_pRsa->p ); -- int qLen = BN_num_bytes( a_pRsa->q ); -- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); -- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); -- int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); -+ const BIGNUM *bn; -+ const BIGNUM *be; -+ const BIGNUM *bd; -+ const BIGNUM *bp; -+ const BIGNUM *bq; -+ const BIGNUM *bdmp1; -+ const BIGNUM *bdmq1; -+ const BIGNUM *biqmp; -+ -+ RSA_get0_key( a_pRsa, &bn, &be, &bd); -+ RSA_get0_factors( a_pRsa, &bp, &bq); -+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp ); -+ -+ int nLen = BN_num_bytes( bn ); -+ int eLen = BN_num_bytes( be ); -+ int dLen = BN_num_bytes( bd ); -+ int pLen = BN_num_bytes( bp ); -+ int qLen = BN_num_bytes( bq ); -+ int dmp1Len = BN_num_bytes( bdmp1 ); -+ int dmq1Len = BN_num_bytes( bdmq1 ); -+ int iqmpLen = BN_num_bytes( biqmp ); - - CK_RV rv; - -@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -- BN_bn2bin( a_pRsa->d, d ); -- BN_bn2bin( a_pRsa->p, p ); -- BN_bn2bin( a_pRsa->q, q ); -- BN_bn2bin( a_pRsa->dmp1, dmp1 ); -- BN_bn2bin( a_pRsa->dmq1, dmq1 ); -- BN_bn2bin( a_pRsa->iqmp, iqmp ); -+ BN_bn2bin( bn, n ); -+ BN_bn2bin( be, e ); -+ BN_bn2bin( bd, d ); -+ BN_bn2bin( bp, p ); -+ BN_bn2bin( bq, q ); -+ BN_bn2bin( bdmp1, dmp1 ); -+ BN_bn2bin( bdmq1, dmq1 ); -+ BN_bn2bin( biqmp, iqmp ); - - // Create the RSA private key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb index 88ef19f73..8aeb8ac4b 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb @@ -12,12 +12,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" DEPENDS = "libtspi openssl" DEPENDS_class-native = "trousers-native" -SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84" +SRCREV = "bf43837575c5f7d31865562dce7778eae970052e" SRC_URI = " \ git://git.code.sf.net/p/trousers/tpm-tools \ file://tpm-tools-extendpcr.patch \ file://04-fix-FTBFS-clang.patch \ - file://05-openssl1.1_fix_data_mgmt.patch \ file://openssl1.1_fix.patch \ " diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb index 27b4e2f51..32c9a4976 100644 --- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb @@ -6,8 +6,8 @@ SECTION = "security/tpm" DEPENDS = "openssl" -SRCREV = "e74dd1d96753b0538192143adf58d04fcd3b242b" -PV = "0.3.14+git${SRCPV}" +SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9" +PV = "0.3.15+git${SRCPV}" SRC_URI = " \ git://git.code.sf.net/p/trousers/trousers \ |