meta-security: subtree update:baca6133f9..ab239f1497

Armin Kuster (16): build cleanup: add iam to base depend tripwire: Blacklist pkg, upstream seems abandond tpm2-pkcs11: Update to 1.6.0 clamav: update to tip. ossec-hids: add UPSTREAM_CHECK_COMMITS python3-scapy: add UPSTREAM_CHECK_COMMITS suricata: 4.1.x add UPSTREAM_CHECK_URI ibmswtpm2: update to 1661 ibmtpm2tss: update to tip packagegroup-core-security: fix typo for mips Apparmor: fix multi config build issue. aide: Add another ids packagegroup-core-security: add aide and ossec .gitlab-ci: drop clean up combine alt w base clamav: fix systemd startup packagegroup-core-security: add clamav-daemon Change-Id: Id941ea16208920cfa31bf6d42f8a01fc9765ec7c Signed-off-by: William A. Kennington III <wak@google.com>
author: William A. Kennington III <wak@google.com> 2021-06-02 22:48:35 +0300
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> 2021-06-07 18:15:22 +0300
commit: ee32beb0333105ea120420a3556a752079ef5437 (patch)
tree: f16a7a13fad542ab1069569568b4c8a053e5be84 /meta-security/meta-tpm
parent: a99e9b62f0adc374f48844dc94b4bb41d6a04c90 (diff)
download: openbmc-ee32beb0333105ea120420a3556a752079ef5437.tar.xz
5 files changed, 321 insertions, 42 deletions
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
deleted file mode 100644
index f2938e0e0..000000000
--- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/fix-wrong-cast.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Fix strict aliasing issue of gcc10
-
-fixes:
-
-TpmFail.c: In function 'TpmLogFailure':
-TpmFail.c:217:23: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
-  217 |     s_failFunction = *(UINT32 *)&function; /* kgold */
-      |                       ^~~~~~~~~~~~~~~~~~~
-cc1: all warnings being treated as errors
-
-Upstream-Status: Submitted
-
-Signed-off-by: Jens Rehsack <sno@NetBSD.org>
-
-Index: src/TpmFail.c
-===================================================================
---- src.orig/TpmFail.c	2020-09-10 15:43:57.085063875 +0200
-+++ src/TpmFail.c	2020-09-10 15:48:35.563302634 +0200
-@@ -214,7 +214,7 @@
-     // On a 64-bit machine, this may truncate the address of the string
-     // of the function name where the error occurred.
- #if FAIL_TRACE
--    s_failFunction = *(UINT32 *)&function;	/* kgold */
-+    memcpy(&s_failFunction, function, sizeof(uint32_t));	/* kgold */
-     s_failLine = line;
- #else
-     s_failFunction = 0;
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
index 301980dbe..7ea40a8c0 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
@@ -17,13 +17,11 @@ DEPENDS = "openssl"
 
 SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \
            file://tune-makefile.patch \
-           file://fix-wrong-cast.patch \
            "
-SRC_URI[md5sum] = "43b217d87056e9155633925eb6ef749c"
-SRC_URI[sha256sum] = "dd3a4c3f7724243bc9ebcd5c39bbf87b82c696d1c1241cb8e5883534f6e2e327"
-SRC_URI[sha1sum] = "ab4b94079e57a86996991e8a2b749ce063e4ad3e"
-SRC_URI[sha384sum] = "bbef16a934853ce78cba7ddc766aa9d7ef3cde3430a322b1be772bf3ad4bd6d413ae9c4de21bc1a4879d17dfe2aadc1d"
-SRC_URI[sha512sum] = "007aa415cccf19a2bcf789c426727dc4032dcb04cc9d11eedc231d2add708c1134d3d5ee5cfbe7de68307c95fff7a30bd306fbd8d53c198a5ef348440440a6ed"
+
+SRC_URI[sha256sum] = "55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147"
+
+UPSTREAM_CHECK_REGEX = "libtpm(?P<pver>).tar.gz"
 
 S = "${WORKDIR}/src"
 
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
index 4d9b5540a..ae8974b6c 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
@@ -17,11 +17,13 @@ DEPENDS = "openssl ibmswtpm2"
 
 inherit autotools pkgconfig
 
-SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f"
+SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573"
 SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
            file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
            "
 
+UPSTREAM_CHECK_COMMITS = "1"
+
 EXTRA_OECONF = "--disable-tpm-1.2"
 
 S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch
new file mode 100644
index 000000000..5c91a5ec5
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/677.patch
@@ -0,0 +1,295 @@
+From 2b74d3df9b3b6932052ace627b21ff1352aa2932 Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Wed, 5 May 2021 13:32:05 -0500
+Subject: [PATCH 1/4] test: fix build for gcc11
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes 0 size regions by ignoring them. The test code intentionally does
+bad things.
+
+test/unit/test_twist.c: In function ‘test_twistbin_aappend_twist_null’:
+test/unit/test_twist.c:327:18: error: ‘twistbin_aappend’ accessing 16 bytes in a region of size 0 [-Werror=stringop-overflow=]
+  327 |         actual = twistbin_aappend(expected, (binarybuffer *) 0xDEADBEEF, 0);
+      |                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+
+Upstream-Status: Pending
+Fix out for merge to offical repo
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ test/unit/test_twist.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/test/unit/test_twist.c b/test/unit/test_twist.c
+index ec66f69f..58d4530a 100644
+--- a/test/unit/test_twist.c
++++ b/test/unit/test_twist.c
+@@ -244,15 +244,23 @@ void test_twistbin_create(void **state) {
+ void test_twistbin_new_overflow_1(void **state) {
+     (void) state;
+ 
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wpragmas"
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
+ 	twist actual = twistbin_new((void *) 0xDEADBEEF, ~0);
+ 	assert_null(actual);
++#pragma GCC diagnostic pop
+ }
+ 
+ void test_twistbin_new_overflow_2(void **state) {
+     (void) state;
+ 
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wpragmas"
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
+ 	twist actual = twistbin_new((void *) 0xDEADBEEF, ~0 - sizeof(void *));
+ 	assert_null(actual);
++#pragma GCC diagnostic pop
+ }
+ 
+ void test_twistbin_new_overflow_3(void **state) {
+@@ -318,8 +326,12 @@ void test_twistbin_aappend_twist_null(void **state) {
+ 	twist actual = twistbin_aappend(expected, NULL, 42);
+ 	assert_ptr_equal((void * )actual, (void * )expected);
+ 
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wpragmas"
++#pragma GCC diagnostic ignored "-Wstringop-overflow"
+ 	actual = twistbin_aappend(expected, (binarybuffer *) 0xDEADBEEF, 0);
+ 	assert_ptr_equal((void * )actual, (void * )expected);
++#pragma GCC diagnostic pop
+ 
+ 	twist_free(actual);
+ }
+
+From 5bea05613e638375b73e29e5d56a9dabcfd2269d Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Wed, 5 May 2021 11:52:23 -0500
+Subject: [PATCH 2/4] utils: fix stringop-overread in str_padded_copy
+
+cc1: all warnings being treated as errors
+| make: *** [Makefile:1953: src/lib/slot.lo] Error 1
+| make: *** Waiting for unfinished jobs....
+| In file included from src/lib/mutex.h:10,
+| from src/lib/session_ctx.h:6,
+| from src/lib/digest.h:13,
+| from src/lib/tpm.c:28:
+| In function 'str_padded_copy',
+| inlined from 'tpm_get_token_info' at src/lib/tpm.c:742:5:
+| src/lib/utils.h:42:5: error: 'strnlen' specified bound 32 exceeds source size 5 [-Werror=stringop-overread]
+| 42 | memcpy(dst, src, strnlen((char *)(src), dst_len));
+| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+| src/lib/utils.h: In function 'tpm_get_token_info':
+| src/lib/tpm.c:739:19: note: source object declared here
+| 739 | unsigned char manufacturerID[sizeof(UINT32)+1] = {0}; // 4 bytes + '\0' as temp storage
+| | ^~~~~~~~~~~~~~
+| cc1: all warnings being treated as errors
+| make: *** [Makefile:1953: src/lib/tpm.lo] Error 1
+| WARNING: exit code 1 from a shell command.
+
+Fixes #676
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ src/lib/general.c | 8 ++++----
+ src/lib/general.h | 2 +-
+ src/lib/slot.c    | 4 ++--
+ src/lib/token.c   | 4 ++--
+ src/lib/tpm.c     | 7 +++----
+ src/lib/utils.h   | 6 ++++--
+ 6 files changed, 16 insertions(+), 15 deletions(-)
+
+diff --git a/src/lib/general.c b/src/lib/general.c
+index 9b7327c1..eaddaf82 100644
+--- a/src/lib/general.c
++++ b/src/lib/general.c
+@@ -19,8 +19,8 @@
+   #define VERSION "UNKNOWN"
+ #endif
+ 
+-#define LIBRARY_DESCRIPTION (CK_UTF8CHAR_PTR)"TPM2.0 Cryptoki"
+-#define LIBRARY_MANUFACTURER (CK_UTF8CHAR_PTR)"tpm2-software.github.io"
++static const CK_UTF8CHAR LIBRARY_DESCRIPTION[] = "TPM2.0 Cryptoki";
++static const CK_UTF8CHAR LIBRARY_MANUFACTURER[] = "tpm2-software.github.io";
+ 
+ #define CRYPTOKI_VERSION { \
+            .major = CRYPTOKI_VERSION_MAJOR, \
+@@ -78,8 +78,8 @@ CK_RV general_get_info(CK_INFO *info) {
+ 
+     static CK_INFO *_info = NULL;
+     if (!_info) {
+-        str_padded_copy(_info_.manufacturerID, LIBRARY_MANUFACTURER, sizeof(_info_.manufacturerID));
+-        str_padded_copy(_info_.libraryDescription, LIBRARY_DESCRIPTION, sizeof(_info_.libraryDescription));
++        str_padded_copy(_info_.manufacturerID, LIBRARY_MANUFACTURER);
++        str_padded_copy(_info_.libraryDescription, LIBRARY_DESCRIPTION);
+ 
+         parse_lib_version(&_info_.libraryVersion.major,
+                 &_info_.libraryVersion.minor);
+diff --git a/src/lib/general.h b/src/lib/general.h
+index 14a18e46..356c142d 100644
+--- a/src/lib/general.h
++++ b/src/lib/general.h
+@@ -10,7 +10,7 @@
+ #define TPM2_TOKEN_LABEL                "TPM2 PKCS#11 Token"
+ #define TPM2_TOKEN_MANUFACTURER         "Intel"
+ #define TPM2_TOKEN_MODEL                "TPM2 PKCS#11"
+-#define TPM2_TOKEN_SERIAL_NUMBER        "0000000000000000"
++static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
+ #define TPM2_TOKEN_HW_VERSION           { 0, 0 }
+ #define TPM2_TOKEN_FW_VERSION           { 0, 0 }
+ 
+diff --git a/src/lib/slot.c b/src/lib/slot.c
+index 548d22b5..6db5bb93 100644
+--- a/src/lib/slot.c
++++ b/src/lib/slot.c
+@@ -119,8 +119,8 @@ CK_RV slot_get_info (CK_SLOT_ID slot_id, CK_SLOT_INFO *info) {
+         return CKR_GENERAL_ERROR;
+     }
+ 
+-    str_padded_copy(info->manufacturerID, token_info.manufacturerID, sizeof(info->manufacturerID));
+-    str_padded_copy(info->slotDescription, token_info.label, sizeof(info->slotDescription));
++    str_padded_copy(info->manufacturerID, token_info.manufacturerID);
++    str_padded_copy(info->slotDescription, token_info.label);
+ 
+     info->hardwareVersion = token_info.hardwareVersion;
+     info->firmwareVersion = token_info.firmwareVersion;
+diff --git a/src/lib/token.c b/src/lib/token.c
+index 6d7ebd27..c7211296 100644
+--- a/src/lib/token.c
++++ b/src/lib/token.c
+@@ -317,8 +317,8 @@ CK_RV token_get_info (token *t, CK_TOKEN_INFO *info) {
+     }
+ 
+     // Identification
+-    str_padded_copy(info->label, t->label, sizeof(info->label));
+-    str_padded_copy(info->serialNumber, (unsigned char*) TPM2_TOKEN_SERIAL_NUMBER, sizeof(info->serialNumber));
++    str_padded_copy(info->label, t->label);
++    str_padded_copy(info->serialNumber, TPM2_TOKEN_SERIAL_NUMBER);
+ 
+ 
+     // Memory: TODO not sure what memory values should go here, the platform?
+diff --git a/src/lib/tpm.c b/src/lib/tpm.c
+index 1639df48..7f9f052a 100644
+--- a/src/lib/tpm.c
++++ b/src/lib/tpm.c
+@@ -740,15 +740,14 @@ CK_RV tpm_get_token_info (tpm_ctx *ctx, CK_TOKEN_INFO *info) {
+     unsigned char manufacturerID[sizeof(UINT32)+1] = {0}; // 4 bytes + '\0' as temp storage
+     UINT32 manufacturer = ntohl(tpmProperties[TPM2_PT_MANUFACTURER - TPM2_PT_FIXED].value);
+     memcpy(manufacturerID, (unsigned char*) &manufacturer, sizeof(uint32_t));
+-    str_padded_copy(info->manufacturerID, manufacturerID, sizeof(info->manufacturerID));
++    str_padded_copy(info->manufacturerID, manufacturerID);
+ 
+     // Map human readable Manufacturer String, if available,
+     // otherwise 4 byte ID was already padded and will be used.
+     for (unsigned int i=0; i < ARRAY_LEN(TPM2_MANUFACTURER_MAP); i++){
+         if (!strncasecmp((char *)info->manufacturerID, TPM2_MANUFACTURER_MAP[i][0], 4)) {
+             str_padded_copy(info->manufacturerID,
+-                            (unsigned char *)TPM2_MANUFACTURER_MAP[i][1],
+-                            sizeof(info->manufacturerID));
++                            (unsigned char *)TPM2_MANUFACTURER_MAP[i][1]);
+         }
+     }
+ 
+@@ -758,7 +757,7 @@ CK_RV tpm_get_token_info (tpm_ctx *ctx, CK_TOKEN_INFO *info) {
+     vendor[1] = ntohl(tpmProperties[TPM2_PT_VENDOR_STRING_2 - TPM2_PT_FIXED].value);
+     vendor[2] = ntohl(tpmProperties[TPM2_PT_VENDOR_STRING_3 - TPM2_PT_FIXED].value);
+     vendor[3] = ntohl(tpmProperties[TPM2_PT_VENDOR_STRING_4 - TPM2_PT_FIXED].value);
+-    str_padded_copy(info->model, (unsigned char*) &vendor, sizeof(info->model));
++    str_padded_copy(info->model, (unsigned char*) &vendor);
+ 
+     return CKR_OK;
+ }
+diff --git a/src/lib/utils.h b/src/lib/utils.h
+index 81c61fae..cf357464 100644
+--- a/src/lib/utils.h
++++ b/src/lib/utils.h
+@@ -39,9 +39,11 @@
+ 
+ int str_to_ul(const char *val, size_t *res);
+ 
+-static inline void str_padded_copy(CK_UTF8CHAR_PTR dst, const CK_UTF8CHAR_PTR src, size_t dst_len) {
++#define str_padded_copy(dst, src) _str_padded_copy(dst, sizeof(dst), src, strnlen((const char *)src, sizeof(src)))
++static inline void _str_padded_copy(CK_UTF8CHAR_PTR dst, size_t dst_len, const CK_UTF8CHAR *src, size_t src_len) {
+     memset(dst, ' ', dst_len);
+-    memcpy(dst, src, strnlen((char *)(src), dst_len));
++    memcpy(dst, src, src_len);
++    LOGE("BILL(%zu): %.*s\n", dst_len, dst_len, dst);
+ }
+ 
+ twist utils_hash_pass(const twist pin, const twist salt);
+
+From afeae8a3846e06152fafb180077fbad4381a124d Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Wed, 5 May 2021 14:09:27 -0500
+Subject: [PATCH 3/4] general: drop unused macros
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ src/lib/general.h | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/src/lib/general.h b/src/lib/general.h
+index 356c142d..b3089554 100644
+--- a/src/lib/general.h
++++ b/src/lib/general.h
+@@ -7,17 +7,7 @@
+ 
+ #include "pkcs11.h"
+ 
+-#define TPM2_TOKEN_LABEL                "TPM2 PKCS#11 Token"
+-#define TPM2_TOKEN_MANUFACTURER         "Intel"
+-#define TPM2_TOKEN_MODEL                "TPM2 PKCS#11"
+ static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
+-#define TPM2_TOKEN_HW_VERSION           { 0, 0 }
+-#define TPM2_TOKEN_FW_VERSION           { 0, 0 }
+-
+-#define TPM2_SLOT_DESCRIPTION           "Intel TPM2.0 Cryptoki"
+-#define TPM2_SLOT_MANUFACTURER          TPM2_TOKEN_MANUFACTURER
+-#define TPM2_SLOT_HW_VERSION            TPM2_TOKEN_HW_VERSION
+-#define TPM2_SLOT_FW_VERSION            TPM2_TOKEN_FW_VERSION
+ 
+ CK_RV general_init(void *init_args);
+ CK_RV general_get_func_list(CK_FUNCTION_LIST **function_list);
+
+From 8b43a99c5ff604d890bdc23fd2fa5f98aa087d83 Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@intel.com>
+Date: Wed, 5 May 2021 14:11:04 -0500
+Subject: [PATCH 4/4] token: move TPM2_TOKEN_SERIAL_NUMBER local to use
+
+Signed-off-by: William Roberts <william.c.roberts@intel.com>
+---
+ src/lib/general.h | 2 --
+ src/lib/token.c   | 2 ++
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/general.h b/src/lib/general.h
+index b3089554..9afd61ec 100644
+--- a/src/lib/general.h
++++ b/src/lib/general.h
+@@ -7,8 +7,6 @@
+ 
+ #include "pkcs11.h"
+ 
+-static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
+-
+ CK_RV general_init(void *init_args);
+ CK_RV general_get_func_list(CK_FUNCTION_LIST **function_list);
+ CK_RV general_get_info(CK_INFO *info);
+diff --git a/src/lib/token.c b/src/lib/token.c
+index c7211296..63a9a71b 100644
+--- a/src/lib/token.c
++++ b/src/lib/token.c
+@@ -20,6 +20,8 @@
+ #include "token.h"
+ #include "utils.h"
+ 
++static const CK_UTF8CHAR TPM2_TOKEN_SERIAL_NUMBER[] = "0000000000000000";
++
+ void pobject_config_free(pobject_config *c) {
+ 
+     if (c->is_transient) {
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
index d53d4fa86..63ec18d94 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb
@@ -4,13 +4,15 @@ SECTION = "security/tpm"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"
 
-DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml python3-setuptools-native"
+DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"
 
-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \
            file://bootstrap_fixup.patch \
-           file://0001-remove-local-binary-checkes.patch"
+           file://0001-remove-local-binary-checkes.patch \
+           file://677.patch \
+           "
 
-SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31"
+SRCREV = "c2d53cc1af6b9df13c832715442853b21048c273"
 
 S = "${WORKDIR}/git"
 
@@ -26,6 +28,10 @@ do_compile_append() {
 }
 
 do_install_append() {
+    install -d ${D}${libdir}/pkcs11
+    install -d ${D}${datadir}/p11-kit
+    rm -f ${D}${libdir}/pkcs11/libtpm2_pkcs11.so
+
     cd ${S}/tools
     export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}"
     ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
@@ -33,12 +39,17 @@ do_install_append() {
     sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool
 }
 
-RDEPNDS_${PN} = "tpm2-tools"
-
 PACKAGES =+ "${PN}-tools"
-RDEPENDS_${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"
 
 FILES_${PN}-tools = "\
     ${bindir}/tpm2_ptool \
     ${libdir}/${PYTHON_DIR}/* \
-"
+    "
+
+FILES_${PN} += "\
+    ${libdir}/pkcs11/* \
+    ${datadir}/p11-kit/* \
+    "
+
+RDEPNDS_${PN} = "tpm2-tools"
+RDEPENDS_${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"
author	William A. Kennington III <wak@google.com>	2021-06-02 22:48:35 +0300
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	2021-06-07 18:15:22 +0300
commit	ee32beb0333105ea120420a3556a752079ef5437 (patch)
tree	f16a7a13fad542ab1069569568b4c8a053e5be84 /meta-security/meta-tpm
parent	a99e9b62f0adc374f48844dc94b4bb41d6a04c90 (diff)
download	openbmc-ee32beb0333105ea120420a3556a752079ef5437.tar.xz