diff options
Diffstat (limited to 'meta-security/meta-tpm')
6 files changed, 53 insertions, 19 deletions
diff --git a/meta-security/meta-tpm/README b/meta-security/meta-tpm/README index dd662b3d4..59d2ee3ad 100644 --- a/meta-security/meta-tpm/README +++ b/meta-security/meta-tpm/README @@ -1,6 +1,25 @@ meta-tpm layer ============== +The bbappend files for some recipes (e.g. linux-yocto) in this layer need +to have 'tpm' in DISTRO_FEATURES to have effect. +To enable them, add in configuration file the following line. + + DISTRO_FEATURES_append = " tmp" + +If meta-tpm is included, but tpm is not enabled as a +distro feature a warning is printed at parse time: + + You have included the meta-tpm layer, but + 'tpm' has not been enabled in your DISTRO_FEATURES. Some bbappend files + and preferred version setting may not take effect. + +If you know what you are doing, this warning can be disabled by setting the following +variable in your configuration: + + SKIP_META_TPM_SANITY_CHECK = 1 + + This layer contains base TPM recipes. Dependencies diff --git a/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass new file mode 100644 index 000000000..2f8b52d1b --- /dev/null +++ b/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass @@ -0,0 +1,10 @@ +addhandler tpm_machinecheck +tpm_machinecheck[eventmask] = "bb.event.SanityCheck" +python tpm_machinecheck() { + skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1" + if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check: + bb.warn("You have included the meta-tpm layer, but \ +'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \ +and preferred version setting may not take effect. See the meta-tpm README \ +for details on enabling tpm support.") +} diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index 1b766cba2..0b102c533 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -17,6 +17,10 @@ LAYERDEPENDS_tpm-layer = " \ " BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm" +# Sanity check for meta-integrity layer. +# Setting SKIP_META_TPM_SANITY_CHECK to "1" would skip the bbappend files check. +INHERIT += "sanity-meta-tpm" + BBFILES_DYNAMIC += " \ networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ " diff --git a/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend b/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend index cea8b1b2a..2cf1453a8 100644 --- a/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend +++ b/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_5.%.bbappend @@ -1,17 +1 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" - -# Enable tpm in kernel -SRC_URI_append_x86 = " \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \ - " - -SRC_URI_append_x86-64 = " \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \ - " - -SRC_URI += " \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \ - ${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \ - " +require ${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm', 'linux-yocto_tpm.inc', '', d)} diff --git a/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_tpm.inc b/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_tpm.inc new file mode 100644 index 000000000..cea8b1b2a --- /dev/null +++ b/meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_tpm.inc @@ -0,0 +1,17 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" + +# Enable tpm in kernel +SRC_URI_append_x86 = " \ + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \ + " + +SRC_URI_append_x86-64 = " \ + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \ + " + +SRC_URI += " \ + ${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \ + ${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \ + " diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb index b2486e5be..cc4f191a2 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb @@ -17,7 +17,7 @@ PACKAGECONFIG ??= "" PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c " -EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" +EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" EXTRA_OECONF_remove = " --disable-static" @@ -73,6 +73,6 @@ FILES_libtss2-dev = " \ ${libdir}/libtss2*so" FILES_libtss2-staticdev = "${libdir}/libtss*a" -FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" +FILES_${PN} = "${libdir}/udev ${nonarch_base_libdir}/udev" RDEPENDS_libtss2 = "libgcrypt" |